0
# Cloud Security Posture Management
1
2
Cloud security posture management capabilities for Azure Security Center, providing multi-cloud security connectors, Microsoft Defender service configuration, pricing management, and comprehensive security solution discovery and management across Azure, AWS, and GCP environments.
3
4
## Capabilities
5
6
### Security Connectors
7
8
Manage multi-cloud security connectors for comprehensive security posture across cloud environments.
9
10
```python { .api }
11
def list(
12
**kwargs: Any
13
) -> Iterator[SecurityConnector]:
14
"""
15
List security connectors in the subscription.
16
17
Returns:
18
Iterator[SecurityConnector]: Iterator of SecurityConnector objects
19
"""
20
21
def list_by_resource_group(
22
resource_group_name: str,
23
**kwargs: Any
24
) -> Iterator[SecurityConnector]:
25
"""
26
List security connectors in a specific resource group.
27
28
Parameters:
29
- resource_group_name (str): Name of the resource group
30
31
Returns:
32
Iterator[SecurityConnector]: Iterator of SecurityConnector objects
33
"""
34
35
def get(
36
resource_group_name: str,
37
security_connector_name: str,
38
**kwargs: Any
39
) -> SecurityConnector:
40
"""
41
Get details of a specific security connector.
42
43
Parameters:
44
- resource_group_name (str): Name of the resource group
45
- security_connector_name (str): Name of the security connector
46
47
Returns:
48
SecurityConnector: Security connector details
49
"""
50
51
def create_or_update(
52
resource_group_name: str,
53
security_connector_name: str,
54
security_connector: SecurityConnector,
55
**kwargs: Any
56
) -> SecurityConnector:
57
"""
58
Create or update a security connector.
59
60
Parameters:
61
- resource_group_name (str): Name of the resource group
62
- security_connector_name (str): Name of the security connector
63
- security_connector (SecurityConnector): Connector configuration
64
65
Returns:
66
SecurityConnector: Created or updated security connector
67
"""
68
69
def update(
70
resource_group_name: str,
71
security_connector_name: str,
72
security_connector: SecurityConnector,
73
**kwargs: Any
74
) -> SecurityConnector:
75
"""
76
Update a security connector.
77
78
Parameters:
79
- resource_group_name (str): Name of the resource group
80
- security_connector_name (str): Name of the security connector
81
- security_connector (SecurityConnector): Updated connector configuration
82
83
Returns:
84
SecurityConnector: Updated security connector
85
"""
86
87
def delete(
88
resource_group_name: str,
89
security_connector_name: str,
90
**kwargs: Any
91
) -> None:
92
"""
93
Delete a security connector.
94
95
Parameters:
96
- resource_group_name (str): Name of the resource group
97
- security_connector_name (str): Name of the security connector
98
99
Returns:
100
None
101
"""
102
```
103
104
### Pricing Management
105
106
Manage Microsoft Defender plans and pricing configurations.
107
108
```python { .api }
109
def list(
110
filter: Optional[str] = None,
111
**kwargs: Any
112
) -> Iterator[Pricing]:
113
"""
114
List pricing configurations for Microsoft Defender plans.
115
116
Parameters:
117
- filter (str, optional): OData filter for results
118
119
Returns:
120
Iterator[Pricing]: Iterator of Pricing objects
121
"""
122
123
def get(
124
pricing_name: str,
125
**kwargs: Any
126
) -> Pricing:
127
"""
128
Get details of a specific pricing configuration.
129
130
Parameters:
131
- pricing_name (str): Name of the pricing plan (VirtualMachines, StorageAccounts, etc.)
132
133
Returns:
134
Pricing: Pricing configuration details
135
"""
136
137
def update(
138
pricing_name: str,
139
pricing: Pricing,
140
**kwargs: Any
141
) -> Pricing:
142
"""
143
Update a pricing configuration.
144
145
Parameters:
146
- pricing_name (str): Name of the pricing plan
147
- pricing (Pricing): Updated pricing configuration
148
149
Returns:
150
Pricing: Updated pricing configuration
151
"""
152
153
def delete(
154
pricing_name: str,
155
**kwargs: Any
156
) -> Pricing:
157
"""
158
Delete (disable) a pricing configuration.
159
160
Parameters:
161
- pricing_name (str): Name of the pricing plan
162
163
Returns:
164
Pricing: Disabled pricing configuration
165
"""
166
```
167
168
### Defender for Storage
169
170
Manage Microsoft Defender for Storage configurations.
171
172
```python { .api }
173
def create(
174
resource_id: str,
175
defender_for_storage_setting: DefenderForStorageSettingProperties,
176
**kwargs: Any
177
) -> DefenderForStorageSettings:
178
"""
179
Create Defender for Storage configuration.
180
181
Parameters:
182
- resource_id (str): Full resource ID of the storage account
183
- defender_for_storage_setting (DefenderForStorageSettingProperties): Configuration settings
184
185
Returns:
186
DefenderForStorageSettings: Created configuration
187
"""
188
189
def get(
190
resource_id: str,
191
**kwargs: Any
192
) -> DefenderForStorageSettings:
193
"""
194
Get Defender for Storage configuration.
195
196
Parameters:
197
- resource_id (str): Full resource ID of the storage account
198
199
Returns:
200
DefenderForStorageSettings: Configuration details
201
"""
202
```
203
204
### Legacy Cloud Connectors
205
206
Manage legacy cloud environment connectors.
207
208
```python { .api }
209
def list(
210
**kwargs: Any
211
) -> Iterator[ConnectorSetting]:
212
"""
213
List cloud connectors for the subscription.
214
215
Returns:
216
Iterator[ConnectorSetting]: Iterator of ConnectorSetting objects
217
"""
218
219
def get(
220
connector_name: str,
221
**kwargs: Any
222
) -> ConnectorSetting:
223
"""
224
Get details of a specific cloud connector.
225
226
Parameters:
227
- connector_name (str): Name of the connector
228
229
Returns:
230
ConnectorSetting: Connector details
231
"""
232
233
def create_or_update(
234
connector_name: str,
235
connector_setting: ConnectorSetting,
236
**kwargs: Any
237
) -> ConnectorSetting:
238
"""
239
Create or update a cloud connector.
240
241
Parameters:
242
- connector_name (str): Name of the connector
243
- connector_setting (ConnectorSetting): Connector configuration
244
245
Returns:
246
ConnectorSetting: Created or updated connector
247
"""
248
249
def delete(
250
connector_name: str,
251
**kwargs: Any
252
) -> None:
253
"""
254
Delete a cloud connector.
255
256
Parameters:
257
- connector_name (str): Name of the connector
258
259
Returns:
260
None
261
"""
262
```
263
264
### Security Solutions Discovery
265
266
Discover and manage third-party security solutions and integrations.
267
268
```python { .api }
269
def list_security_solutions(
270
**kwargs: Any
271
) -> Iterator[SecuritySolution]:
272
"""
273
List security solutions in the subscription.
274
275
Returns:
276
Iterator[SecuritySolution]: Iterator of SecuritySolution objects
277
"""
278
279
def list_security_solutions_by_home_region(
280
asc_location: str,
281
**kwargs: Any
282
) -> Iterator[SecuritySolution]:
283
"""
284
List security solutions in the subscription's home region.
285
286
Parameters:
287
- asc_location (str): Azure Security Center location
288
289
Returns:
290
Iterator[SecuritySolution]: Iterator of SecuritySolution objects
291
"""
292
293
def get_security_solution(
294
resource_group_name: str,
295
asc_location: str,
296
security_solution_name: str,
297
**kwargs: Any
298
) -> SecuritySolution:
299
"""
300
Get details of a specific security solution.
301
302
Parameters:
303
- resource_group_name (str): Name of the resource group
304
- asc_location (str): Azure Security Center location
305
- security_solution_name (str): Name of the security solution
306
307
Returns:
308
SecuritySolution: Security solution details
309
"""
310
311
def list_discovered_security_solutions(
312
**kwargs: Any
313
) -> Iterator[DiscoveredSecuritySolution]:
314
"""
315
List discovered security solutions in the subscription.
316
317
Returns:
318
Iterator[DiscoveredSecuritySolution]: Iterator of discovered solutions
319
"""
320
321
def list_discovered_security_solutions_by_home_region(
322
asc_location: str,
323
**kwargs: Any
324
) -> Iterator[DiscoveredSecuritySolution]:
325
"""
326
List discovered security solutions in the subscription's home region.
327
328
Parameters:
329
- asc_location (str): Azure Security Center location
330
331
Returns:
332
Iterator[DiscoveredSecuritySolution]: Iterator of discovered solutions
333
"""
334
335
def get_discovered_security_solution(
336
resource_group_name: str,
337
asc_location: str,
338
discovered_security_solution_name: str,
339
**kwargs: Any
340
) -> DiscoveredSecuritySolution:
341
"""
342
Get details of a specific discovered security solution.
343
344
Parameters:
345
- resource_group_name (str): Name of the resource group
346
- asc_location (str): Azure Security Center location
347
- discovered_security_solution_name (str): Name of the discovered solution
348
349
Returns:
350
DiscoveredSecuritySolution: Discovered solution details
351
"""
352
353
def list_external_security_solutions(
354
**kwargs: Any
355
) -> Iterator[ExternalSecuritySolution]:
356
"""
357
List external security solutions in the subscription.
358
359
Returns:
360
Iterator[ExternalSecuritySolution]: Iterator of external solutions
361
"""
362
363
def list_external_security_solutions_by_home_region(
364
asc_location: str,
365
**kwargs: Any
366
) -> Iterator[ExternalSecuritySolution]:
367
"""
368
List external security solutions in the subscription's home region.
369
370
Parameters:
371
- asc_location (str): Azure Security Center location
372
373
Returns:
374
Iterator[ExternalSecuritySolution]: Iterator of external solutions
375
"""
376
377
def get_external_security_solution(
378
resource_group_name: str,
379
asc_location: str,
380
external_security_solution_name: str,
381
**kwargs: Any
382
) -> ExternalSecuritySolution:
383
"""
384
Get details of a specific external security solution.
385
386
Parameters:
387
- resource_group_name (str): Name of the resource group
388
- asc_location (str): Azure Security Center location
389
- external_security_solution_name (str): Name of the external solution
390
391
Returns:
392
ExternalSecuritySolution: External solution details
393
"""
394
```
395
396
### Security Solutions Reference Data
397
398
Access reference data and metadata for security solutions.
399
400
```python { .api }
401
def list(
402
**kwargs: Any
403
) -> Iterator[SecuritySolutionsReferenceData]:
404
"""
405
List security solutions reference data.
406
407
Returns:
408
Iterator[SecuritySolutionsReferenceData]: Iterator of reference data objects
409
"""
410
411
def list_by_home_region(
412
asc_location: str,
413
**kwargs: Any
414
) -> Iterator[SecuritySolutionsReferenceData]:
415
"""
416
List security solutions reference data by home region.
417
418
Parameters:
419
- asc_location (str): Azure Security Center location
420
421
Returns:
422
Iterator[SecuritySolutionsReferenceData]: Iterator of reference data objects
423
"""
424
```
425
426
### Health Reports
427
428
Access health reports for security posture monitoring.
429
430
```python { .api }
431
def get_health_report(
432
resource_details: HealthReportProperties,
433
**kwargs: Any
434
) -> HealthReport:
435
"""
436
Get a health report for specific resources.
437
438
Parameters:
439
- resource_details (HealthReportProperties): Resource details for the report
440
441
Returns:
442
HealthReport: Health report details
443
"""
444
445
def list_health_reports(
446
**kwargs: Any
447
) -> Iterator[HealthReport]:
448
"""
449
List health reports for the subscription.
450
451
Returns:
452
Iterator[HealthReport]: Iterator of HealthReport objects
453
"""
454
```
455
456
## Types
457
458
```python { .api }
459
class SecurityConnector:
460
id: Optional[str]
461
name: Optional[str]
462
type: Optional[str]
463
system_data: Optional[SystemData]
464
location: Optional[str]
465
tags: Optional[Dict[str, str]]
466
kind: Optional[str]
467
etag: Optional[str]
468
hierarchy_identifier: Optional[str]
469
hierarchy_identifier_trial_end_date: Optional[datetime]
470
environment_name: Optional[str] # AzureDevOps, Github, GitLab, Aws, Gcp
471
environment_data: Optional[EnvironmentData]
472
offerings: Optional[List[CloudOffering]]
473
474
class Pricing:
475
id: Optional[str]
476
name: Optional[str]
477
type: Optional[str]
478
pricing_tier: str # Free, Standard
479
sub_plan: Optional[str]
480
free_trial_remaining_time: Optional[str] # ISO 8601 duration
481
enablement_time: Optional[datetime]
482
enforce_sub_plan: Optional[bool]
483
inherited: Optional[str] # True, False
484
inherited_from: Optional[str]
485
resource_coverage_status: Optional[str] # FullyCovered, PartiallyCovered, NotCovered
486
deprecated: Optional[bool]
487
replacement_plans: Optional[List[str]]
488
489
class DefenderForStorageSettings:
490
id: Optional[str]
491
name: Optional[str]
492
type: Optional[str]
493
is_enabled: Optional[bool]
494
malware_scanning: Optional[MalwareScanningProperties]
495
sensitive_data_discovery: Optional[SensitiveDataDiscoveryProperties]
496
override_subscription_level_settings: Optional[bool]
497
498
class ConnectorSetting:
499
id: Optional[str]
500
name: Optional[str]
501
type: Optional[str]
502
hybrid_compute_settings: Optional[HybridComputeSettingsProperties]
503
authentication_details: Optional[AuthenticationDetailsProperties]
504
505
class SecuritySolution:
506
id: Optional[str]
507
name: Optional[str]
508
type: Optional[str]
509
location: Optional[str]
510
security_family: str # Waf, Ngfw, SaasWaf, Va
511
provisioning_state: str # Succeeded, Failed, Updating
512
template: str
513
protection_status: str
514
515
class DiscoveredSecuritySolution:
516
id: Optional[str]
517
name: Optional[str]
518
type: Optional[str]
519
location: Optional[str]
520
security_family: str
521
offer: str
522
publisher: str
523
sku: str
524
525
class ExternalSecuritySolution:
526
id: Optional[str]
527
name: Optional[str]
528
type: Optional[str]
529
location: Optional[str]
530
kind: str # CEF, ATA, AAD
531
532
class SecuritySolutionsReferenceData:
533
id: Optional[str]
534
name: Optional[str]
535
type: Optional[str]
536
security_family: str
537
alert_vendor_name: str
538
package_info_url: Optional[str]
539
product_name: Optional[str]
540
publisher: Optional[str]
541
publisher_display_name: Optional[str]
542
template: Optional[str]
543
544
class HealthReport:
545
id: Optional[str]
546
name: Optional[str]
547
type: Optional[str]
548
status: Optional[HealthReportStatus]
549
resource_details: Optional[ResourceDetails]
550
environment_details: Optional[EnvironmentDetails]
551
health_data_classification: Optional[HealthDataClassification]
552
issues: Optional[List[HealthReportIssue]]
553
554
class EnvironmentData:
555
# Base class for different environment types
556
pass
557
558
class AwsEnvironmentData(EnvironmentData):
559
organization_membership_type: Optional[str] # Member, Organization
560
account_name: Optional[str]
561
regions: Optional[List[str]]
562
563
class GcpProjectEnvironmentData(EnvironmentData):
564
organization_membership_type: Optional[str] # Member, Organization
565
project_details: Optional[GcpProjectDetails]
566
project_number: Optional[str]
567
workload_identity_pool_id: Optional[str]
568
569
class GithubScopeEnvironmentData(EnvironmentData):
570
scope: Optional[str]
571
572
class GitlabScopeEnvironmentData(EnvironmentData):
573
scope: Optional[str]
574
575
class AzureDevOpsScopeEnvironmentData(EnvironmentData):
576
scope: Optional[str]
577
578
class CloudOffering:
579
# Base class for different cloud offerings
580
offering_type: str
581
582
class DefenderForContainersAwsOffering(CloudOffering):
583
kubernetes_service: Optional[DefenderForContainersAwsOfferingKubernetesService]
584
kubernetes_scuba_reader: Optional[DefenderForContainersAwsOfferingKubernetesScubaReader]
585
cloud_watch_to_kinesis: Optional[DefenderForContainersAwsOfferingCloudWatchToKinesis]
586
kinesis_to_loganalytics: Optional[DefenderForContainersAwsOfferingKinesisToLogAnalytics]
587
588
class DefenderForServersAwsOffering(CloudOffering):
589
defender_for_servers: Optional[DefenderForServersAwsOfferingDefenderForServers]
590
arc_auto_provisioning: Optional[DefenderForServersAwsOfferingArcAutoProvisioning]
591
mde_auto_provisioning: Optional[DefenderForServersAwsOfferingMdeAutoProvisioning]
592
va_auto_provisioning: Optional[DefenderForServersAwsOfferingVaAutoProvisioning]
593
594
class MalwareScanningProperties:
595
on_upload: Optional[OnUploadProperties]
596
cap_gb_per_month: Optional[int]
597
598
class SensitiveDataDiscoveryProperties:
599
is_enabled: Optional[bool]
600
601
class OnUploadProperties:
602
is_enabled: Optional[bool]
603
cap_gb_per_month: Optional[int]
604
605
class HybridComputeSettingsProperties:
606
hybrid_compute_provisioning_state: Optional[str] # Valid, Invalid, Expired
607
auto_provision: Optional[str] # On, Off
608
resource_group_name: Optional[str]
609
region: Optional[str]
610
proxy_server: Optional[ProxyServerProperties]
611
service_principal: Optional[ServicePrincipalProperties]
612
613
class AuthenticationDetailsProperties:
614
# Base class for different authentication types
615
authentication_type: str
616
617
class AwsAssumeRoleAuthenticationDetailsProperties(AuthenticationDetailsProperties):
618
account_id: str
619
external_id: str
620
aws_assume_role_arn: str
621
authentication_provisioning_state: Optional[str]
622
623
class AwsCredsAuthenticationDetailsProperties(AuthenticationDetailsProperties):
624
account_id: str
625
aws_access_key_id: str
626
aws_secret_access_key: str
627
authentication_provisioning_state: Optional[str]
628
629
class GcpCredentialsDetailsProperties(AuthenticationDetailsProperties):
630
organization_id: str
631
type: str
632
project_id: str
633
private_key_id: str
634
private_key: str
635
client_email: str
636
client_id: str
637
auth_uri: str
638
token_uri: str
639
auth_provider_x509_cert_url: str
640
client_x509_cert_url: str
641
authentication_provisioning_state: Optional[str]
642
```
643
644
## Usage Examples
645
646
### Security Connector Management
647
648
```python
649
from azure.identity import DefaultAzureCredential
650
from azure.mgmt.security import SecurityCenter
651
652
credential = DefaultAzureCredential()
653
client = SecurityCenter(credential, "subscription-id")
654
655
# List all security connectors
656
connectors = client.security_connectors.list()
657
for connector in connectors:
658
print(f"Connector: {connector.name}")
659
print(f"Environment: {connector.environment_name}")
660
print(f"Location: {connector.location}")
661
print(f"Hierarchy ID: {connector.hierarchy_identifier}")
662
663
if connector.offerings:
664
print(f"Offerings: {len(connector.offerings)}")
665
for offering in connector.offerings:
666
print(f" - {offering.offering_type}")
667
668
# Create AWS security connector
669
aws_connector = {
670
"location": "CentralUS",
671
"kind": "MultiCloudConnector",
672
"environment_name": "Aws",
673
"environment_data": {
674
"organization_membership_type": "Member",
675
"account_name": "production-aws-account",
676
"regions": ["us-east-1", "us-west-2"]
677
},
678
"offerings": [
679
{
680
"offering_type": "DefenderForServersAws",
681
"defender_for_servers": {
682
"enabled": True
683
},
684
"arc_auto_provisioning": {
685
"enabled": True,
686
"configuration": {}
687
},
688
"mde_auto_provisioning": {
689
"enabled": True,
690
"configuration": {}
691
}
692
},
693
{
694
"offering_type": "DefenderForContainersAws",
695
"kubernetes_service": {
696
"enabled": True
697
},
698
"kubernetes_scuba_reader": {
699
"enabled": True
700
}
701
}
702
]
703
}
704
705
aws_connector_result = client.security_connectors.create_or_update(
706
"security-rg",
707
"aws-prod-connector",
708
aws_connector
709
)
710
print(f"Created AWS connector: {aws_connector_result.name}")
711
712
# Create GCP security connector
713
gcp_connector = {
714
"location": "CentralUS",
715
"kind": "MultiCloudConnector",
716
"environment_name": "Gcp",
717
"environment_data": {
718
"organization_membership_type": "Member",
719
"project_details": {
720
"project_id": "my-gcp-project",
721
"project_number": "123456789"
722
},
723
"workload_identity_pool_id": "pool-id"
724
},
725
"offerings": [
726
{
727
"offering_type": "DefenderForServersGcp",
728
"defender_for_servers": {
729
"enabled": True
730
},
731
"arc_auto_provisioning": {
732
"enabled": True
733
}
734
}
735
]
736
}
737
738
gcp_connector_result = client.security_connectors.create_or_update(
739
"security-rg",
740
"gcp-prod-connector",
741
gcp_connector
742
)
743
print(f"Created GCP connector: {gcp_connector_result.name}")
744
```
745
746
### Pricing and Defender Plan Management
747
748
```python
749
# List all pricing configurations
750
pricing_plans = client.pricings.list()
751
for plan in pricing_plans:
752
print(f"Plan: {plan.name}")
753
print(f"Tier: {plan.pricing_tier}")
754
print(f"Sub Plan: {plan.sub_plan}")
755
print(f"Coverage: {plan.resource_coverage_status}")
756
print(f"Free Trial Remaining: {plan.free_trial_remaining_time}")
757
print(f"Enablement Time: {plan.enablement_time}")
758
print(f"Inherited: {plan.inherited}")
759
760
if plan.deprecated:
761
print(f" β οΈ Plan is deprecated")
762
if plan.replacement_plans:
763
print(f" Replacements: {', '.join(plan.replacement_plans)}")
764
765
# Enable Microsoft Defender for VMs
766
vm_pricing = {
767
"pricing_tier": "Standard"
768
}
769
770
vm_plan = client.pricings.update("VirtualMachines", vm_pricing)
771
print(f"Defender for VMs: {vm_plan.pricing_tier}")
772
773
# Enable Microsoft Defender for Storage Accounts
774
storage_pricing = {
775
"pricing_tier": "Standard",
776
"sub_plan": "DefenderForStorageV2"
777
}
778
779
storage_plan = client.pricings.update("StorageAccounts", storage_pricing)
780
print(f"Defender for Storage: {storage_plan.pricing_tier} - {storage_plan.sub_plan}")
781
782
# Enable Microsoft Defender for Containers
783
container_pricing = {
784
"pricing_tier": "Standard"
785
}
786
787
container_plan = client.pricings.update("Containers", container_pricing)
788
print(f"Defender for Containers: {container_plan.pricing_tier}")
789
790
# Get specific pricing details
791
app_service_pricing = client.pricings.get("AppServices")
792
print(f"App Services Plan: {app_service_pricing.pricing_tier}")
793
print(f"Coverage Status: {app_service_pricing.resource_coverage_status}")
794
795
# Disable a plan (set to Free tier)
796
free_pricing = {
797
"pricing_tier": "Free"
798
}
799
800
disabled_plan = client.pricings.update("SqlServers", free_pricing)
801
print(f"SQL Servers plan disabled: {disabled_plan.pricing_tier}")
802
```
803
804
### Defender for Storage Configuration
805
806
```python
807
# Configure Defender for Storage on specific storage account
808
storage_account_id = "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
809
810
defender_storage_config = {
811
"is_enabled": True,
812
"malware_scanning": {
813
"on_upload": {
814
"is_enabled": True,
815
"cap_gb_per_month": 5000 # 5TB monthly cap
816
}
817
},
818
"sensitive_data_discovery": {
819
"is_enabled": True
820
},
821
"override_subscription_level_settings": True
822
}
823
824
storage_defense = client.defender_for_storage.create(
825
storage_account_id,
826
defender_storage_config
827
)
828
print(f"Defender for Storage configured: {storage_defense.is_enabled}")
829
print(f"Malware scanning enabled: {storage_defense.malware_scanning.on_upload.is_enabled}")
830
print(f"Sensitive data discovery: {storage_defense.sensitive_data_discovery.is_enabled}")
831
832
# Get current configuration
833
current_config = client.defender_for_storage.get(storage_account_id)
834
print(f"Current malware scanning cap: {current_config.malware_scanning.on_upload.cap_gb_per_month} GB/month")
835
```
836
837
### Security Solutions Discovery
838
839
```python
840
# List all security solutions
841
security_solutions = client.security_solutions.list()
842
for solution in security_solutions:
843
print(f"Security Solution: {solution.name}")
844
print(f"Family: {solution.security_family}")
845
print(f"State: {solution.provisioning_state}")
846
print(f"Protection Status: {solution.protection_status}")
847
print(f"Template: {solution.template}")
848
print(f"Location: {solution.location}")
849
850
# List discovered security solutions
851
discovered_solutions = client.discovered_security_solutions.list()
852
for solution in discovered_solutions:
853
print(f"Discovered Solution: {solution.name}")
854
print(f"Publisher: {solution.publisher}")
855
print(f"Offer: {solution.offer}")
856
print(f"SKU: {solution.sku}")
857
print(f"Security Family: {solution.security_family}")
858
print(f"Location: {solution.location}")
859
860
# List external security solutions
861
external_solutions = client.external_security_solutions.list()
862
for solution in external_solutions:
863
print(f"External Solution: {solution.name}")
864
print(f"Kind: {solution.kind}")
865
print(f"Location: {solution.location}")
866
867
# Get security solutions reference data
868
reference_data = client.security_solutions_reference_data.list()
869
for data in reference_data:
870
print(f"Reference: {data.name}")
871
print(f"Security Family: {data.security_family}")
872
print(f"Vendor: {data.alert_vendor_name}")
873
print(f"Product: {data.product_name}")
874
print(f"Publisher: {data.publisher_display_name}")
875
print(f"Package Info: {data.package_info_url}")
876
```
877
878
### Legacy Cloud Connectors
879
880
```python
881
# List legacy cloud connectors
882
connectors = client.connectors.list()
883
for connector in connectors:
884
print(f"Connector: {connector.name}")
885
886
if connector.hybrid_compute_settings:
887
settings = connector.hybrid_compute_settings
888
print(f"Auto Provision: {settings.auto_provision}")
889
print(f"State: {settings.hybrid_compute_provisioning_state}")
890
print(f"Resource Group: {settings.resource_group_name}")
891
print(f"Region: {settings.region}")
892
893
if connector.authentication_details:
894
auth = connector.authentication_details
895
print(f"Auth Type: {auth.authentication_type}")
896
897
# Create AWS connector with assume role authentication
898
aws_connector = {
899
"hybrid_compute_settings": {
900
"auto_provision": "On",
901
"resource_group_name": "aws-resources-rg",
902
"region": "East US"
903
},
904
"authentication_details": {
905
"authentication_type": "awsAssumeRole",
906
"account_id": "123456789012",
907
"external_id": "unique-external-id",
908
"aws_assume_role_arn": "arn:aws:iam::123456789012:role/SecurityCenterRole"
909
}
910
}
911
912
aws_conn = client.connectors.create_or_update("aws", aws_connector)
913
print(f"AWS connector created: {aws_conn.name}")
914
915
# Create GCP connector
916
gcp_connector = {
917
"authentication_details": {
918
"authentication_type": "gcpCredentials",
919
"organization_id": "123456789",
920
"type": "service_account",
921
"project_id": "my-gcp-project",
922
"private_key_id": "key-id",
923
"private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
924
"client_email": "security@my-project.iam.gserviceaccount.com",
925
"client_id": "123456789",
926
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
927
"token_uri": "https://oauth2.googleapis.com/token"
928
}
929
}
930
931
gcp_conn = client.connectors.create_or_update("gcp", gcp_connector)
932
print(f"GCP connector created: {gcp_conn.name}")
933
```
934
935
### Cloud Security Posture Dashboard
936
937
```python
938
def create_cloud_security_posture_dashboard():
939
"""Create a comprehensive cloud security posture dashboard."""
940
941
print("Cloud Security Posture Dashboard")
942
print("=" * 50)
943
944
# Security Connectors
945
print("\n1. Multi-Cloud Security Connectors:")
946
connectors = client.security_connectors.list()
947
948
connector_summary = {"Azure": 0, "AWS": 0, "GCP": 0, "GitHub": 0, "GitLab": 0, "AzureDevOps": 0}
949
total_offerings = 0
950
951
for connector in connectors:
952
env_name = connector.environment_name
953
if env_name in connector_summary:
954
connector_summary[env_name] += 1
955
956
if connector.offerings:
957
total_offerings += len(connector.offerings)
958
959
for env, count in connector_summary.items():
960
if count > 0:
961
print(f" {env}: {count} connector(s)")
962
963
print(f" Total Offerings: {total_offerings}")
964
965
# Microsoft Defender Plans
966
print("\n2. Microsoft Defender Plans:")
967
pricing_plans = client.pricings.list()
968
969
enabled_plans = 0
970
total_plans = 0
971
coverage_status = {"FullyCovered": 0, "PartiallyCovered": 0, "NotCovered": 0}
972
973
for plan in pricing_plans:
974
total_plans += 1
975
if plan.pricing_tier == "Standard":
976
enabled_plans += 1
977
978
if plan.resource_coverage_status in coverage_status:
979
coverage_status[plan.resource_coverage_status] += 1
980
981
print(f" Enabled Plans: {enabled_plans}/{total_plans}")
982
print(f" Coverage - Full: {coverage_status['FullyCovered']}, Partial: {coverage_status['PartiallyCovered']}, None: {coverage_status['NotCovered']}")
983
984
# Security Solutions
985
print("\n3. Security Solutions:")
986
try:
987
security_solutions = client.security_solutions.list()
988
solution_count = sum(1 for _ in security_solutions)
989
print(f" Deployed Solutions: {solution_count}")
990
991
discovered_solutions = client.discovered_security_solutions.list()
992
discovered_count = sum(1 for _ in discovered_solutions)
993
print(f" Discovered Solutions: {discovered_count}")
994
995
external_solutions = client.external_security_solutions.list()
996
external_count = sum(1 for _ in external_solutions)
997
print(f" External Solutions: {external_count}")
998
999
except Exception as e:
1000
print(f" Solutions: Unable to retrieve data ({e})")
1001
1002
# Legacy Connectors
1003
print("\n4. Legacy Cloud Connectors:")
1004
try:
1005
legacy_connectors = client.connectors.list()
1006
legacy_count = sum(1 for _ in legacy_connectors)
1007
print(f" Legacy Connectors: {legacy_count}")
1008
except Exception as e:
1009
print(f" Legacy Connectors: Unable to retrieve data ({e})")
1010
1011
# Security Posture Score
1012
print("\n5. Security Posture Score:")
1013
posture_score = 0
1014
1015
# Score based on enabled Defender plans
1016
if total_plans > 0:
1017
defender_score = (enabled_plans / total_plans) * 40
1018
posture_score += defender_score
1019
1020
# Score based on multi-cloud coverage
1021
multi_cloud_envs = sum(1 for count in connector_summary.values() if count > 0)
1022
if multi_cloud_envs > 1:
1023
posture_score += 30 # Bonus for multi-cloud coverage
1024
elif multi_cloud_envs == 1:
1025
posture_score += 15
1026
1027
# Score based on coverage status
1028
if coverage_status['FullyCovered'] > coverage_status['PartiallyCovered'] + coverage_status['NotCovered']:
1029
posture_score += 30
1030
elif coverage_status['FullyCovered'] > 0:
1031
posture_score += 15
1032
1033
print(f" Overall Score: {posture_score:.0f}/100")
1034
1035
if posture_score >= 80:
1036
print(" π’ Excellent cloud security posture")
1037
elif posture_score >= 60:
1038
print(" π‘ Good cloud security posture")
1039
elif posture_score >= 40:
1040
print(" π Moderate cloud security posture")
1041
else:
1042
print(" π΄ Poor cloud security posture - immediate action required")
1043
1044
return {
1045
"connectors": connector_summary,
1046
"total_offerings": total_offerings,
1047
"enabled_defender_plans": enabled_plans,
1048
"total_defender_plans": total_plans,
1049
"coverage_status": coverage_status,
1050
"posture_score": posture_score
1051
}
1052
1053
# Generate the cloud security posture dashboard
1054
posture_data = create_cloud_security_posture_dashboard()
1055
```