tessl/pypi-azure-mgmt-security
Microsoft Azure Security Center Management Client Library for Python
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-azure-mgmt-security@7.0.0index.mddocs/
Azure Security Center Management Client
A comprehensive Python library for managing Microsoft Azure Security Center resources. This package provides unified access to all Azure Security Center functionality across 69 operation groups, enabling security assessment, compliance monitoring, threat protection, and security configuration management for Azure and multi-cloud environments.
Package Information
- Package Name: azure-mgmt-security
- Language: Python
- Installation:
pip install azure-mgmt-security - Version: 7.0.0
Core Imports
from azure.mgmt.security import SecurityCenterFor authentication:
from azure.identity import DefaultAzureCredentialBasic Usage
from azure.identity import DefaultAzureCredential
from azure.mgmt.security import SecurityCenter
# Initialize with default credentials and subscription
credential = DefaultAzureCredential()
subscription_id = "your-subscription-id"
# Create the Security Center client
client = SecurityCenter(credential, subscription_id)
# List security alerts
alerts = client.alerts.list()
for alert in alerts:
print(f"Alert: {alert.display_name}, Severity: {alert.severity}")
# Get security assessments
scope = f"subscriptions/{subscription_id}"
assessments = client.assessments.list(scope)
for assessment in assessments:
print(f"Assessment: {assessment.display_name}, Status: {assessment.status.code}")
# Check secure score
secure_scores = client.secure_scores.list()
for score in secure_scores:
print(f"Secure Score: {score.current_score}/{score.max_score}")
# Configure pricing/defender plans
pricing = client.pricings.get(pricing_name="VirtualMachines")
print(f"Defender for VMs: {pricing.pricing_tier}")Architecture
The Azure Security Center Management Client uses a multi-API architecture that provides:
- Unified Client Interface: Single
SecurityCenterclass provides access to all functionality - Multi-API Version Support: Each operation group uses its optimal API version (36 versions supported from 2015-06-01-preview through 2024-04-01)
- Profile-Based Configuration:
LATEST_PROFILEautomatically maps operation groups to recommended API versions - Azure ARM Integration: Built on Azure Resource Manager pipeline with automatic resource provider registration
- Multi-Cloud Support: Configurable endpoints for Azure Government, Azure China, and other environments
Client Structure
class SecurityCenter:
def __init__(
self,
credential: TokenCredential,
subscription_id: str,
api_version: Optional[str] = None,
base_url: str = "https://management.azure.com",
profile: KnownProfiles = KnownProfiles.default,
**kwargs: Any
) -> None
def close(self) -> None
def __enter__(self) -> "SecurityCenter"
def __exit__(self, *exc_details) -> None
@classmethod
def models(cls, api_version: str = "2024-04-01") -> AnyCapabilities
Security Assessment and Monitoring
Core security assessment functionality including alerts, assessments, secure scores, and security recommendations. Essential for understanding and improving your security posture.
# Alert Management (API Version: 2022-01-01)
client.alerts.list() -> Iterator[Alert]
client.alerts.get_subscription_level(asc_location: str, alert_name: str) -> Alert
client.alerts.update_subscription_level_state_to_dismiss(asc_location: str, alert_name: str) -> None
# Security Assessments (API Version: 2021-06-01)
client.assessments.list(scope: str) -> Iterator[SecurityAssessmentResponse]
client.assessments.get(resource_id: str, assessment_name: str, expand: Optional[str] = None) -> SecurityAssessmentResponse
client.assessments.create_or_update(scope: str, assessment_name: str, assessment: SecurityAssessment) -> SecurityAssessment
# Secure Score (API Version: 2020-01-01)
client.secure_scores.list() -> Iterator[SecureScoreItem]
client.secure_score_controls.list() -> Iterator[SecureScoreControlDetails]Security Assessment and Monitoring
Compliance and Governance
Regulatory compliance management, governance assignments, and compliance reporting across multiple standards like PCI DSS, SOC, and industry frameworks.
# Regulatory Compliance (API Version: 2019-01-01-preview)
client.regulatory_compliance_standards.list() -> Iterator[RegulatoryComplianceStandard]
client.regulatory_compliance_controls.list(standard_name: str) -> Iterator[RegulatoryComplianceControl]
client.regulatory_compliance_assessments.list(standard_name: str, control_name: str) -> Iterator[RegulatoryComplianceAssessment]
# Governance (API Version: 2022-01-01-preview)
client.governance_rules.list() -> Iterator[GovernanceRule]
client.governance_assignments.list(scope: str) -> Iterator[GovernanceAssignment]DevOps Security Integration
Comprehensive DevOps security for Azure DevOps, GitHub, and GitLab repositories, including security scanning, policy enforcement, and configuration management. Note: DevOps operations require API version 2024-04-01 or 2023-09-01-preview.
# Create version-specific client for DevOps operations
from azure.mgmt.security.v2024_04_01 import SecurityCenter as SecurityCenter_v2024_04_01
devops_client = SecurityCenter_v2024_04_01(credential, subscription_id)
# DevOps Configuration
devops_client.dev_ops_configurations.list() -> Iterator[DevOpsConfiguration]
devops_client.dev_ops_operation_results.get(operation_result_id: str) -> OperationResult
# Azure DevOps Integration
devops_client.azure_dev_ops_orgs.list() -> Iterator[AzureDevOpsOrg]
devops_client.azure_dev_ops_projects.list(org_name: str) -> Iterator[AzureDevOpsProject]
devops_client.azure_dev_ops_repos.list(org_name: str, project_name: str) -> Iterator[AzureDevOpsRepository]
# GitHub Integration
devops_client.git_hub_owners.list() -> Iterator[GitHubOwner]
devops_client.git_hub_repos.list(owner_name: str) -> Iterator[GitHubRepository]
# GitLab Integration
devops_client.git_lab_groups.list() -> Iterator[GitLabGroup]
devops_client.git_lab_projects.list(group_name: str) -> Iterator[GitLabProject]Network Security
Network security hardening, just-in-time VM access policies, network topology analysis, and connection monitoring.
# Network Hardening (API Version: 2020-01-01)
client.adaptive_network_hardenings.list(resource_group_name: str) -> Iterator[AdaptiveNetworkHardening]
client.allowed_connections.list() -> Iterator[AllowedConnectionsResource]
client.topology.list() -> Iterator[TopologyResource]
# Just-in-Time Access
client.jit_network_access_policies.list() -> Iterator[JitNetworkAccessPolicy]
client.jit_network_access_policies.initiate(
resource_group_name: str,
jit_network_access_policy_name: str,
body: JitNetworkAccessPolicyInitiateRequest
) -> JitNetworkAccessRequestApplication and API Security
Application security controls, API discovery and protection, and adaptive application whitelisting for enhanced application protection.
# Adaptive Application Controls (API Version: 2020-01-01)
client.adaptive_application_controls.list() -> Iterator[AdaptiveApplicationControlGroup]
client.adaptive_application_controls.get(group_name: str) -> AdaptiveApplicationControlGroup
# Application Management (API Version: 2022-07-01-preview)
client.applications.list() -> Iterator[Application]
client.application.get(application_id: str) -> Application
# API Security (API Version: 2023-11-15)
client.api_collections.list(subscription_id: str) -> Iterator[ApiCollection]
client.api_collection_onboarding.onboard(api_id: str) -> None
client.api_collection_offboarding.offboard(api_id: str) -> NoneVulnerability Management
Comprehensive vulnerability scanning and management for servers, SQL databases, and detailed vulnerability findings with baseline rule management.
# Server Vulnerability Assessment (API Version: 2020-01-01)
client.server_vulnerability_assessment.list(resource_id: str) -> Iterator[ServerVulnerabilityAssessment]
client.server_vulnerability_assessments_settings.list() -> Iterator[ServerVulnerabilityAssessmentsSettings]
# SQL Vulnerability Assessment (API Version: 2023-02-01-preview)
client.sql_vulnerability_assessment_scans.list(resource_id: str) -> Iterator[SqlVulnerabilityAssessmentScan]
client.sql_vulnerability_assessment_scan_results.list(resource_id: str, scan_id: str) -> Iterator[SqlVulnerabilityAssessmentScanResult]
client.sql_vulnerability_assessment_baseline_rules.list(resource_id: str) -> Iterator[SqlVulnerabilityAssessmentBaselineRule]
# Sub-Assessments (API Version: 2019-01-01-preview)
client.sub_assessments.list(scope: str) -> Iterator[SubAssessment]Configuration and Settings
Security Center configuration, contact management, workspace settings, and data export configuration for centralized security management.
# Settings Management (API Version: 2022-05-01)
client.settings.list() -> Iterator[Setting]
client.settings.get(setting_name: str) -> Setting
client.settings.update(setting_name: str, setting: Setting) -> Setting
# Security Contacts (API Version: 2020-01-01-preview)
client.security_contacts.list() -> Iterator[SecurityContact]
client.security_contacts.create(security_contact_name: str, security_contact: SecurityContact) -> SecurityContact
# Auto Provisioning (API Version: 2017-08-01-preview)
client.auto_provisioning_settings.list() -> Iterator[AutoProvisioningSetting]
client.workspace_settings.list() -> Iterator[WorkspaceSetting]Cloud Security Posture Management
Multi-cloud security connectors, Microsoft Defender service configuration, and cloud security posture management across Azure, AWS, and GCP.
# Security Connectors (API Version: 2023-10-01-preview)
client.security_connectors.list() -> Iterator[SecurityConnector]
client.security_connectors.create_or_update(
resource_group_name: str,
security_connector_name: str,
security_connector: SecurityConnector
) -> SecurityConnector
# Defender Services (API Version: 2022-12-01-preview)
client.defender_for_storage.get(resource_id: str) -> DefenderForStorageSettings
client.pricings.list() -> Iterator[Pricing]
client.pricings.update(pricing_name: str, pricing: Pricing) -> Pricing
# Legacy Connectors (API Version: 2020-01-01-preview)
client.connectors.list() -> Iterator[ConnectorSetting]Cloud Security Posture Management
Core Types
# Core Imports
from azure.mgmt.security import SecurityCenter
from azure.core.credentials import TokenCredential
from azure.profiles import KnownProfiles
from typing import Optional
# Main Client
class SecurityCenter:
credential: TokenCredential
subscription_id: str
api_version: Optional[str]
base_url: str
# Common Response Types
class Alert:
id: Optional[str]
name: Optional[str]
display_name: Optional[str]
severity: Optional[str] # High, Medium, Low, Informational
status: Optional[str] # Active, Resolved, Dismissed
class SecurityAssessment:
id: Optional[str]
name: Optional[str]
display_name: Optional[str]
status: Optional[AssessmentStatus]
class AssessmentStatus:
code: Optional[str] # Healthy, Unhealthy, NotApplicable
cause: Optional[str]
description: Optional[str]
class SecureScoreItem:
id: Optional[str]
name: Optional[str]
current_score: Optional[float]
max_score: Optional[int]
percentage: Optional[float]
class SecurityAssessmentResponse:
id: Optional[str]
name: Optional[str]
display_name: Optional[str]
status: Optional[AssessmentStatus]