tessl/pypi-azure-mgmt-security
Microsoft Azure Security Center Management Client Library for Python
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-azure-mgmt-security@7.0.00
# Azure Security Center Management Client
1
2
A comprehensive Python library for managing Microsoft Azure Security Center resources. This package provides unified access to all Azure Security Center functionality across 69 operation groups, enabling security assessment, compliance monitoring, threat protection, and security configuration management for Azure and multi-cloud environments.
3
4
## Package Information
5
6
- **Package Name**: azure-mgmt-security
7
- **Language**: Python
8
- **Installation**: `pip install azure-mgmt-security`
9
- **Version**: 7.0.0
10
11
## Core Imports
12
13
```python
14
from azure.mgmt.security import SecurityCenter
15
```
16
17
For authentication:
18
19
```python
20
from azure.identity import DefaultAzureCredential
21
```
22
23
## Basic Usage
24
25
```python
26
from azure.identity import DefaultAzureCredential
27
from azure.mgmt.security import SecurityCenter
28
29
# Initialize with default credentials and subscription
30
credential = DefaultAzureCredential()
31
subscription_id = "your-subscription-id"
32
33
# Create the Security Center client
34
client = SecurityCenter(credential, subscription_id)
35
36
# List security alerts
37
alerts = client.alerts.list()
38
for alert in alerts:
39
print(f"Alert: {alert.display_name}, Severity: {alert.severity}")
40
41
# Get security assessments
42
scope = f"subscriptions/{subscription_id}"
43
assessments = client.assessments.list(scope)
44
for assessment in assessments:
45
print(f"Assessment: {assessment.display_name}, Status: {assessment.status.code}")
46
47
# Check secure score
48
secure_scores = client.secure_scores.list()
49
for score in secure_scores:
50
print(f"Secure Score: {score.current_score}/{score.max_score}")
51
52
# Configure pricing/defender plans
53
pricing = client.pricings.get(pricing_name="VirtualMachines")
54
print(f"Defender for VMs: {pricing.pricing_tier}")
55
```
56
57
## Architecture
58
59
The Azure Security Center Management Client uses a **multi-API architecture** that provides:
60
61
- **Unified Client Interface**: Single `SecurityCenter` class provides access to all functionality
62
- **Multi-API Version Support**: Each operation group uses its optimal API version (36 versions supported from 2015-06-01-preview through 2024-04-01)
63
- **Profile-Based Configuration**: `LATEST_PROFILE` automatically maps operation groups to recommended API versions
64
- **Azure ARM Integration**: Built on Azure Resource Manager pipeline with automatic resource provider registration
65
- **Multi-Cloud Support**: Configurable endpoints for Azure Government, Azure China, and other environments
66
67
### Client Structure
68
69
```python { .api }
70
class SecurityCenter:
71
def __init__(
72
self,
73
credential: TokenCredential,
74
subscription_id: str,
75
api_version: Optional[str] = None,
76
base_url: str = "https://management.azure.com",
77
profile: KnownProfiles = KnownProfiles.default,
78
**kwargs: Any
79
) -> None
80
81
def close(self) -> None
82
def __enter__(self) -> "SecurityCenter"
83
def __exit__(self, *exc_details) -> None
84
85
@classmethod
86
def models(cls, api_version: str = "2024-04-01") -> Any
87
```
88
89
## Capabilities
90
91
### Security Assessment and Monitoring
92
93
Core security assessment functionality including alerts, assessments, secure scores, and security recommendations. Essential for understanding and improving your security posture.
94
95
```python { .api }
96
# Alert Management (API Version: 2022-01-01)
97
client.alerts.list() -> Iterator[Alert]
98
client.alerts.get_subscription_level(asc_location: str, alert_name: str) -> Alert
99
client.alerts.update_subscription_level_state_to_dismiss(asc_location: str, alert_name: str) -> None
100
101
# Security Assessments (API Version: 2021-06-01)
102
client.assessments.list(scope: str) -> Iterator[SecurityAssessmentResponse]
103
client.assessments.get(resource_id: str, assessment_name: str, expand: Optional[str] = None) -> SecurityAssessmentResponse
104
client.assessments.create_or_update(scope: str, assessment_name: str, assessment: SecurityAssessment) -> SecurityAssessment
105
106
# Secure Score (API Version: 2020-01-01)
107
client.secure_scores.list() -> Iterator[SecureScoreItem]
108
client.secure_score_controls.list() -> Iterator[SecureScoreControlDetails]
109
```
110
111
[Security Assessment and Monitoring](./security-assessment-monitoring.md)
112
113
### Compliance and Governance
114
115
Regulatory compliance management, governance assignments, and compliance reporting across multiple standards like PCI DSS, SOC, and industry frameworks.
116
117
```python { .api }
118
# Regulatory Compliance (API Version: 2019-01-01-preview)
119
client.regulatory_compliance_standards.list() -> Iterator[RegulatoryComplianceStandard]
120
client.regulatory_compliance_controls.list(standard_name: str) -> Iterator[RegulatoryComplianceControl]
121
client.regulatory_compliance_assessments.list(standard_name: str, control_name: str) -> Iterator[RegulatoryComplianceAssessment]
122
123
# Governance (API Version: 2022-01-01-preview)
124
client.governance_rules.list() -> Iterator[GovernanceRule]
125
client.governance_assignments.list(scope: str) -> Iterator[GovernanceAssignment]
126
```
127
128
[Compliance and Governance](./compliance-governance.md)
129
130
### DevOps Security Integration
131
132
Comprehensive DevOps security for Azure DevOps, GitHub, and GitLab repositories, including security scanning, policy enforcement, and configuration management. **Note: DevOps operations require API version 2024-04-01 or 2023-09-01-preview.**
133
134
```python { .api }
135
# Create version-specific client for DevOps operations
136
from azure.mgmt.security.v2024_04_01 import SecurityCenter as SecurityCenter_v2024_04_01
137
138
devops_client = SecurityCenter_v2024_04_01(credential, subscription_id)
139
140
# DevOps Configuration
141
devops_client.dev_ops_configurations.list() -> Iterator[DevOpsConfiguration]
142
devops_client.dev_ops_operation_results.get(operation_result_id: str) -> OperationResult
143
144
# Azure DevOps Integration
145
devops_client.azure_dev_ops_orgs.list() -> Iterator[AzureDevOpsOrg]
146
devops_client.azure_dev_ops_projects.list(org_name: str) -> Iterator[AzureDevOpsProject]
147
devops_client.azure_dev_ops_repos.list(org_name: str, project_name: str) -> Iterator[AzureDevOpsRepository]
148
149
# GitHub Integration
150
devops_client.git_hub_owners.list() -> Iterator[GitHubOwner]
151
devops_client.git_hub_repos.list(owner_name: str) -> Iterator[GitHubRepository]
152
153
# GitLab Integration
154
devops_client.git_lab_groups.list() -> Iterator[GitLabGroup]
155
devops_client.git_lab_projects.list(group_name: str) -> Iterator[GitLabProject]
156
```
157
158
[DevOps Security Integration](./devops-security.md)
159
160
### Network Security
161
162
Network security hardening, just-in-time VM access policies, network topology analysis, and connection monitoring.
163
164
```python { .api }
165
# Network Hardening (API Version: 2020-01-01)
166
client.adaptive_network_hardenings.list(resource_group_name: str) -> Iterator[AdaptiveNetworkHardening]
167
client.allowed_connections.list() -> Iterator[AllowedConnectionsResource]
168
client.topology.list() -> Iterator[TopologyResource]
169
170
# Just-in-Time Access
171
client.jit_network_access_policies.list() -> Iterator[JitNetworkAccessPolicy]
172
client.jit_network_access_policies.initiate(
173
resource_group_name: str,
174
jit_network_access_policy_name: str,
175
body: JitNetworkAccessPolicyInitiateRequest
176
) -> JitNetworkAccessRequest
177
```
178
179
[Network Security](./network-security.md)
180
181
### Application and API Security
182
183
Application security controls, API discovery and protection, and adaptive application whitelisting for enhanced application protection.
184
185
```python { .api }
186
# Adaptive Application Controls (API Version: 2020-01-01)
187
client.adaptive_application_controls.list() -> Iterator[AdaptiveApplicationControlGroup]
188
client.adaptive_application_controls.get(group_name: str) -> AdaptiveApplicationControlGroup
189
190
# Application Management (API Version: 2022-07-01-preview)
191
client.applications.list() -> Iterator[Application]
192
client.application.get(application_id: str) -> Application
193
194
# API Security (API Version: 2023-11-15)
195
client.api_collections.list(subscription_id: str) -> Iterator[ApiCollection]
196
client.api_collection_onboarding.onboard(api_id: str) -> None
197
client.api_collection_offboarding.offboard(api_id: str) -> None
198
```
199
200
[Application and API Security](./application-api-security.md)
201
202
### Vulnerability Management
203
204
Comprehensive vulnerability scanning and management for servers, SQL databases, and detailed vulnerability findings with baseline rule management.
205
206
```python { .api }
207
# Server Vulnerability Assessment (API Version: 2020-01-01)
208
client.server_vulnerability_assessment.list(resource_id: str) -> Iterator[ServerVulnerabilityAssessment]
209
client.server_vulnerability_assessments_settings.list() -> Iterator[ServerVulnerabilityAssessmentsSettings]
210
211
# SQL Vulnerability Assessment (API Version: 2023-02-01-preview)
212
client.sql_vulnerability_assessment_scans.list(resource_id: str) -> Iterator[SqlVulnerabilityAssessmentScan]
213
client.sql_vulnerability_assessment_scan_results.list(resource_id: str, scan_id: str) -> Iterator[SqlVulnerabilityAssessmentScanResult]
214
client.sql_vulnerability_assessment_baseline_rules.list(resource_id: str) -> Iterator[SqlVulnerabilityAssessmentBaselineRule]
215
216
# Sub-Assessments (API Version: 2019-01-01-preview)
217
client.sub_assessments.list(scope: str) -> Iterator[SubAssessment]
218
```
219
220
[Vulnerability Management](./vulnerability-management.md)
221
222
### Configuration and Settings
223
224
Security Center configuration, contact management, workspace settings, and data export configuration for centralized security management.
225
226
```python { .api }
227
# Settings Management (API Version: 2022-05-01)
228
client.settings.list() -> Iterator[Setting]
229
client.settings.get(setting_name: str) -> Setting
230
client.settings.update(setting_name: str, setting: Setting) -> Setting
231
232
# Security Contacts (API Version: 2020-01-01-preview)
233
client.security_contacts.list() -> Iterator[SecurityContact]
234
client.security_contacts.create(security_contact_name: str, security_contact: SecurityContact) -> SecurityContact
235
236
# Auto Provisioning (API Version: 2017-08-01-preview)
237
client.auto_provisioning_settings.list() -> Iterator[AutoProvisioningSetting]
238
client.workspace_settings.list() -> Iterator[WorkspaceSetting]
239
```
240
241
[Configuration and Settings](./configuration-settings.md)
242
243
### Cloud Security Posture Management
244
245
Multi-cloud security connectors, Microsoft Defender service configuration, and cloud security posture management across Azure, AWS, and GCP.
246
247
```python { .api }
248
# Security Connectors (API Version: 2023-10-01-preview)
249
client.security_connectors.list() -> Iterator[SecurityConnector]
250
client.security_connectors.create_or_update(
251
resource_group_name: str,
252
security_connector_name: str,
253
security_connector: SecurityConnector
254
) -> SecurityConnector
255
256
# Defender Services (API Version: 2022-12-01-preview)
257
client.defender_for_storage.get(resource_id: str) -> DefenderForStorageSettings
258
client.pricings.list() -> Iterator[Pricing]
259
client.pricings.update(pricing_name: str, pricing: Pricing) -> Pricing
260
261
# Legacy Connectors (API Version: 2020-01-01-preview)
262
client.connectors.list() -> Iterator[ConnectorSetting]
263
```
264
265
[Cloud Security Posture Management](./cloud-security-posture.md)
266
267
## Core Types
268
269
```python { .api }
270
# Core Imports
271
from azure.mgmt.security import SecurityCenter
272
from azure.core.credentials import TokenCredential
273
from azure.profiles import KnownProfiles
274
from typing import Optional
275
276
# Main Client
277
class SecurityCenter:
278
credential: TokenCredential
279
subscription_id: str
280
api_version: Optional[str]
281
base_url: str
282
283
# Common Response Types
284
class Alert:
285
id: Optional[str]
286
name: Optional[str]
287
display_name: Optional[str]
288
severity: Optional[str] # High, Medium, Low, Informational
289
status: Optional[str] # Active, Resolved, Dismissed
290
291
class SecurityAssessment:
292
id: Optional[str]
293
name: Optional[str]
294
display_name: Optional[str]
295
status: Optional[AssessmentStatus]
296
297
class AssessmentStatus:
298
code: Optional[str] # Healthy, Unhealthy, NotApplicable
299
cause: Optional[str]
300
description: Optional[str]
301
302
class SecureScoreItem:
303
id: Optional[str]
304
name: Optional[str]
305
current_score: Optional[float]
306
max_score: Optional[int]
307
percentage: Optional[float]
308
309
class SecurityAssessmentResponse:
310
id: Optional[str]
311
name: Optional[str]
312
display_name: Optional[str]
313
status: Optional[AssessmentStatus]
314
```