Adaptive Application Controls - Put

Service:

Defender for Cloud

API Version:

2020-01-01

Een machinegroep voor toepassingsbeheer bijwerken

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01

URI-parameters

Name	In	Vereist	Type	Description
ascLocation	path	True	string	De locatie waar ASC de gegevens van het abonnement opslaat. kan worden opgehaald uit Locaties ophalen
groupName	path	True	string	Naam van een machinegroep voor toepassingsbeheer
subscriptionId	path	True	string	Azure-abonnements-id Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	API-versie voor de bewerking

Aanvraagbody

Name	Type	Description
properties.enforcementMode	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
properties.pathRecommendations	PathRecommendation[]	Vertegenwoordigt een pad dat wordt aanbevolen om toe te staan en de bijbehorende eigenschappen
properties.protectionMode	ProtectionMode	De beveiligingsmodus van de verzameling/bestandstypen. Exe/Msi/Script worden gebruikt voor Windows, Uitvoerbaar wordt gebruikt voor Linux.
properties.vmRecommendations	VmRecommendation[]	Vertegenwoordigt een computer die deel uitmaakt van een computergroep

Antwoorden

Name	Type	Description
200 OK	AdaptiveApplicationControlGroup	OK
Other Status Codes	CloudError	Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.

Beveiliging

azure_auth

Azure Active Directory OAuth2-stroom

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	uw gebruikersaccount imiteren

Voorbeelden

Update an application control machine group by adding a new application

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01

{
  "properties": {
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      },
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "action": "Add",
        "type": "File",
        "common": true
      }
    ]
  }
}

Java

import com.azure.resourcemanager.security.models.AdaptiveApplicationControlGroup;
import com.azure.resourcemanager.security.models.ConfigurationStatus;
import com.azure.resourcemanager.security.models.EnforcementMode;
import com.azure.resourcemanager.security.models.EnforcementSupport;
import com.azure.resourcemanager.security.models.FileType;
import com.azure.resourcemanager.security.models.PathRecommendation;
import com.azure.resourcemanager.security.models.ProtectionMode;
import com.azure.resourcemanager.security.models.PublisherInfo;
import com.azure.resourcemanager.security.models.RecommendationAction;
import com.azure.resourcemanager.security.models.RecommendationType;
import com.azure.resourcemanager.security.models.UserRecommendation;
import com.azure.resourcemanager.security.models.VmRecommendation;
import java.util.Arrays;

/**
 * Samples for AdaptiveApplicationControls Put.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * PutAdaptiveApplicationControls_example.json
     */
    /**
     * Sample code: Update an application control machine group by adding a new application.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void updateAnApplicationControlMachineGroupByAddingANewApplication(
        com.azure.resourcemanager.security.SecurityManager manager) {
        AdaptiveApplicationControlGroup resource = manager.adaptiveApplicationControls()
            .getWithResponse("centralus", "ERELGROUP1", com.azure.core.util.Context.NONE).getValue();
        resource.update().withEnforcementMode(EnforcementMode.AUDIT)
            .withProtectionMode(new ProtectionMode().withExe(EnforcementMode.AUDIT).withMsi(EnforcementMode.NONE)
                .withScript(EnforcementMode.NONE))
            .withVmRecommendations(Arrays.asList(new VmRecommendation()
                .withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                .withRecommendationAction(RecommendationAction.RECOMMENDED)
                .withResourceId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090")
                .withEnforcementSupport(EnforcementSupport.SUPPORTED),
                new VmRecommendation().withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                    .withRecommendationAction(RecommendationAction.RECOMMENDED)
                    .withResourceId(
                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19")
                    .withEnforcementSupport(EnforcementSupport.SUPPORTED)))
            .withPathRecommendations(Arrays.asList(
                new PathRecommendation()
                    .withPath("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(
                        new PublisherInfo().withPublisherName("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US")
                            .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("Everyone")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("ProductSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("MICROSOFT® COREXT").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("C:\\directory\\file.exe").withAction(RecommendationAction.ADD)
                    .withType(RecommendationType.fromString("File")).withCommon(true)))
            .apply();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
func ExampleAdaptiveApplicationControlsClient_Put() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().Put(ctx, "centralus", "ERELGROUP1", armsecurity.AdaptiveApplicationControlGroup{
		Properties: &armsecurity.AdaptiveApplicationControlGroupData{
			EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
			PathRecommendations: []*armsecurity.PathRecommendation{
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("Everyone"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("ProductSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("MICROSOFT® COREXT"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:   to.Ptr(armsecurity.RecommendationType("File")),
					Path:   to.Ptr("C:\\directory\\file.exe"),
					Action: to.Ptr(armsecurity.RecommendationActionAdd),
					Common: to.Ptr(true),
				}},
			ProtectionMode: &armsecurity.ProtectionMode{
				Exe:    to.Ptr(armsecurity.EnforcementModeAudit),
				Msi:    to.Ptr(armsecurity.EnforcementModeNone),
				Script: to.Ptr(armsecurity.EnforcementModeNone),
			},
			VMRecommendations: []*armsecurity.VMRecommendation{
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
				},
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroup = armsecurity.AdaptiveApplicationControlGroup{
	// 	Location: to.Ptr("centralus"),
	// 	Name: to.Ptr("ERELGROUP1"),
	// 	Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 	Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusInProgress),
	// 		EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 		Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 		},
	// 		PathRecommendations: []*armsecurity.PathRecommendation{
	// 			{
	// 				Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 				Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 				Common: to.Ptr(true),
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				FileType: to.Ptr(armsecurity.FileTypeExe),
	// 				PublisherInfo: &armsecurity.PublisherInfo{
	// 					BinaryName: to.Ptr("*"),
	// 					ProductName: to.Ptr("*"),
	// 					PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 					Version: to.Ptr("0.0.0.0"),
	// 				},
	// 				UserSids: []*string{
	// 					to.Ptr("S-1-1-0")},
	// 					Usernames: []*armsecurity.UserRecommendation{
	// 						{
	// 							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 							Username: to.Ptr("Everyone"),
	// 					}},
	// 				},
	// 				{
	// 					Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 					Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 					Common: to.Ptr(true),
	// 					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 					FileType: to.Ptr(armsecurity.FileTypeExe),
	// 					PublisherInfo: &armsecurity.PublisherInfo{
	// 						BinaryName: to.Ptr("*"),
	// 						ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 						Version: to.Ptr("0.0.0.0"),
	// 					},
	// 					UserSids: []*string{
	// 						to.Ptr("S-1-1-0")},
	// 						Usernames: []*armsecurity.UserRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 						}},
	// 					},
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 						Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						PublisherInfo: &armsecurity.PublisherInfo{
	// 							BinaryName: to.Ptr("*"),
	// 							ProductName: to.Ptr("*"),
	// 							PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 							Version: to.Ptr("0.0.0.0"),
	// 						},
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-1-0")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\directory\\file.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionAdd),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNotConfigured),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-1-0")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("Everyone"),
	// 								}},
	// 						}},
	// 						ProtectionMode: &armsecurity.ProtectionMode{
	// 							Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 							Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 						},
	// 						RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 						SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 						VMRecommendations: []*armsecurity.VMRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 							},
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Update an application control machine group
 *
 * @summary Update an application control machine group
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
 */
async function updateAnApplicationControlMachineGroupByAddingANewApplication() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const groupName = "ERELGROUP1";
  const body = {
    enforcementMode: "Audit",
    pathRecommendations: [
      {
        type: "PublisherSignature",
        path: "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [{ recommendationAction: "Recommended", username: "Everyone" }],
      },
      {
        type: "ProductSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "MICROSOFT® COREXT",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "PublisherSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "File",
        path: "C:\\directory\\file.exe",
        action: "Add",
        common: true,
      },
    ],
    protectionMode: { exe: "Audit", msi: "None", script: "None" },
    vmRecommendations: [
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
      },
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.put(ascLocation, groupName, body);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_Put" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdaptiveApplicationControlGroupResource created on azure
// for more information of creating AdaptiveApplicationControlGroupResource, please refer to the document of AdaptiveApplicationControlGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
string groupName = "ERELGROUP1";
ResourceIdentifier adaptiveApplicationControlGroupResourceId = AdaptiveApplicationControlGroupResource.CreateResourceIdentifier(subscriptionId, ascLocation, groupName);
AdaptiveApplicationControlGroupResource adaptiveApplicationControlGroup = client.GetAdaptiveApplicationControlGroupResource(adaptiveApplicationControlGroupResourceId);

// invoke the operation
AdaptiveApplicationControlGroupData data = new AdaptiveApplicationControlGroupData()
{
    EnforcementMode = AdaptiveApplicationControlEnforcementMode.Audit,
    ProtectionMode = new SecurityCenterFileProtectionMode()
    {
        Exe = AdaptiveApplicationControlEnforcementMode.Audit,
        Msi = AdaptiveApplicationControlEnforcementMode.None,
        Script = AdaptiveApplicationControlEnforcementMode.None,
    },
    VmRecommendations =
    {
    new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    },new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    }
    },
    PathRecommendations =
    {
    new PathRecommendation()
    {
    Path = "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "Everyone",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("ProductSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "MICROSOFT® COREXT",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "C:\\directory\\file.exe",
    Action = RecommendationAction.Add,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("File"),
    IsCommon = true,
    }
    },
};
ArmOperation<AdaptiveApplicationControlGroupResource> lro = await adaptiveApplicationControlGroup.UpdateAsync(WaitUntil.Completed, data);
AdaptiveApplicationControlGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AdaptiveApplicationControlGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
  "name": "ERELGROUP1",
  "type": "Microsoft.Security/applicationWhitelistings",
  "location": "centralus",
  "properties": {
    "recommendationStatus": "Recommended",
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended"
      },
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "type": "File",
        "common": true,
        "action": "Add",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "NotConfigured"
      }
    ],
    "configurationStatus": "InProgress",
    "issues": [],
    "sourceSystem": "Azure_AppLocker"
  }
}

Definities

Name	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlIssue	Een waarschuwing die machines in een groep kunnen hebben
AdaptiveApplicationControlIssueSummary	Vertegenwoordigt een samenvatting van de waarschuwingen van de computergroep
CloudError	Algemene foutreactie voor alle Azure Resource Manager API's om foutdetails voor mislukte bewerkingen te retourneren. (Dit volgt ook de OData-foutreactieindeling.)
CloudErrorBody	De foutdetails.
ConfigurationStatus	De configuratiestatus van de computergroep of computer of regel
EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
EnforcementSupport	De machineondersteuning van de functie Afdwingen
ErrorAdditionalInfo	Aanvullende informatie over de resourcebeheerfout.
FileType	Het type bestand (voor Linux-bestanden - Uitvoerbaar bestand wordt gebruikt)
PathRecommendation	Vertegenwoordigt een pad dat wordt aanbevolen om toe te staan en de bijbehorende eigenschappen
ProtectionMode	De beveiligingsmodus van de verzameling/bestandstypen. Exe/Msi/Script worden gebruikt voor Windows, Uitvoerbaar wordt gebruikt voor Linux.
PublisherInfo	Vertegenwoordigt de informatie van de uitgever van een proces/regel
RecommendationAction	De aanbevelingsactie van de machine of regel
RecommendationStatus	De eerste aanbevelingsstatus van de computergroep of computer
RecommendationType	Het type regel dat moet worden toegestaan
SourceSystem	Het brontype van de machinegroep
UserRecommendation	Vertegenwoordigt een gebruiker die wordt aanbevolen om toe te staan voor een bepaalde regel
VmRecommendation	Vertegenwoordigt een computer die deel uitmaakt van een computergroep

AdaptiveApplicationControlGroup

Name	Type	Description
id	string	Resource-id
location	string	Locatie waar de resource is opgeslagen
name	string	Resourcenaam
properties.configurationStatus	ConfigurationStatus	De configuratiestatus van de computergroep of computer of regel
properties.enforcementMode	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
properties.issues	AdaptiveApplicationControlIssueSummary[]	Vertegenwoordigt een samenvatting van de waarschuwingen van de computergroep
properties.pathRecommendations	PathRecommendation[]	Vertegenwoordigt een pad dat wordt aanbevolen om toe te staan en de bijbehorende eigenschappen
properties.protectionMode	ProtectionMode	De beveiligingsmodus van de verzameling/bestandstypen. Exe/Msi/Script worden gebruikt voor Windows, Uitvoerbaar wordt gebruikt voor Linux.
properties.recommendationStatus	RecommendationStatus	De eerste aanbevelingsstatus van de computergroep of computer
properties.sourceSystem	SourceSystem	Het brontype van de machinegroep
properties.vmRecommendations	VmRecommendation[]	Vertegenwoordigt een computer die deel uitmaakt van een computergroep
type	string	Resourcetype

AdaptiveApplicationControlIssue

Een waarschuwing die machines in een groep kunnen hebben

Name	Type	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

Vertegenwoordigt een samenvatting van de waarschuwingen van de computergroep

Name	Type	Description
issue	AdaptiveApplicationControlIssue	Een waarschuwing die machines in een groep kunnen hebben
numberOfVms	number	Het aantal computers in de groep met deze waarschuwing

CloudError

Algemene foutreactie voor alle Azure Resource Manager API's om foutdetails voor mislukte bewerkingen te retourneren. (Dit volgt ook de OData-foutreactieindeling.)

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	Aanvullende informatie over de fout.
error.code	string	De foutcode.
error.details	CloudErrorBody[]	De foutdetails.
error.message	string	Het foutbericht.
error.target	string	Het foutdoel.

CloudErrorBody

De foutdetails.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	Aanvullende informatie over de fout.
code	string	De foutcode.
details	CloudErrorBody[]	De foutdetails.
message	string	Het foutbericht.
target	string	Het foutdoel.

ConfigurationStatus

De configuratiestatus van de computergroep of computer of regel

Name	Type	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep

Name	Type	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

De machineondersteuning van de functie Afdwingen

Name	Type	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

Aanvullende informatie over de resourcebeheerfout.

Name	Type	Description
info	object	De aanvullende informatie.
type	string	Het type aanvullende informatie.

FileType

Het type bestand (voor Linux-bestanden - Uitvoerbaar bestand wordt gebruikt)

Name	Type	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

Vertegenwoordigt een pad dat wordt aanbevolen om toe te staan en de bijbehorende eigenschappen

Name	Type	Description
action	RecommendationAction	De aanbevelingsactie van de machine of regel
common	boolean	Of de toepassing doorgaans wordt uitgevoerd op de computer
configurationStatus	ConfigurationStatus	De configuratiestatus van de computergroep of computer of regel
fileType	FileType	Het type bestand (voor Linux-bestanden - Uitvoerbaar bestand wordt gebruikt)
path	string	Het volledige pad van het bestand of een id van de toepassing
publisherInfo	PublisherInfo	Vertegenwoordigt de informatie van de uitgever van een proces/regel
type	RecommendationType	Het type regel dat moet worden toegestaan
userSids	string[]	Een beveiligings-id
usernames	UserRecommendation[]	Vertegenwoordigt een gebruiker die wordt aanbevolen om toe te staan voor een bepaalde regel

ProtectionMode

De beveiligingsmodus van de verzameling/bestandstypen. Exe/Msi/Script worden gebruikt voor Windows, Uitvoerbaar wordt gebruikt voor Linux.

Name	Type	Description
exe	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
executable	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
msi	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep
script	EnforcementMode	De afdwingings-/beveiligingsmodus van het toepassingsbeheerbeleid van de computergroep

PublisherInfo

Vertegenwoordigt de informatie van de uitgever van een proces/regel

Name	Type	Description
binaryName	string	Het veld 'Oorspronkelijke naam' dat is overgenomen uit de versieresource van het bestand
productName	string	De productnaam die is overgenomen uit de versieresource van het bestand
publisherName	string	Het veld Onderwerp van het x.509-certificaat dat wordt gebruikt om de code te ondertekenen, met behulp van de volgende velden: O = Organisatie, L = Plaats, S = Staat of Provincie en C = Land
version	string	De binaire bestandsversie die is opgehaald uit de versieresource van het bestand

RecommendationAction

De aanbevelingsactie van de machine of regel

Name	Type	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

De eerste aanbevelingsstatus van de computergroep of computer

Name	Type	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

Het type regel dat moet worden toegestaan

Name	Type	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

Het brontype van de machinegroep

Name	Type	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Vertegenwoordigt een gebruiker die wordt aanbevolen om toe te staan voor een bepaalde regel

Name	Type	Description
recommendationAction	RecommendationAction	De aanbevelingsactie van de machine of regel
username	string	Vertegenwoordigt een gebruiker die wordt aanbevolen om toe te staan voor een bepaalde regel

VmRecommendation

Vertegenwoordigt een computer die deel uitmaakt van een computergroep

Name	Type	Description
configurationStatus	ConfigurationStatus	De configuratiestatus van de computergroep of computer of regel
enforcementSupport	EnforcementSupport	De machineondersteuning van de functie Afdwingen
recommendationAction	RecommendationAction	De aanbevelingsactie van de machine of regel
resourceId	string	De volledige resource-id van de machine