tessl/pypi-azure-mgmt-security
Microsoft Azure Security Center Management Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
cloud-security-posture.mddocs/
Cloud Security Posture Management
Cloud security posture management capabilities for Azure Security Center, providing multi-cloud security connectors, Microsoft Defender service configuration, pricing management, and comprehensive security solution discovery and management across Azure, AWS, and GCP environments.
Capabilities
Security Connectors
Manage multi-cloud security connectors for comprehensive security posture across cloud environments.
def list(
**kwargs: Any
) -> Iterator[SecurityConnector]:
"""
List security connectors in the subscription.
Returns:
Iterator[SecurityConnector]: Iterator of SecurityConnector objects
"""
def list_by_resource_group(
resource_group_name: str,
**kwargs: Any
) -> Iterator[SecurityConnector]:
"""
List security connectors in a specific resource group.
Parameters:
- resource_group_name (str): Name of the resource group
Returns:
Iterator[SecurityConnector]: Iterator of SecurityConnector objects
"""
def get(
resource_group_name: str,
security_connector_name: str,
**kwargs: Any
) -> SecurityConnector:
"""
Get details of a specific security connector.
Parameters:
- resource_group_name (str): Name of the resource group
- security_connector_name (str): Name of the security connector
Returns:
SecurityConnector: Security connector details
"""
def create_or_update(
resource_group_name: str,
security_connector_name: str,
security_connector: SecurityConnector,
**kwargs: Any
) -> SecurityConnector:
"""
Create or update a security connector.
Parameters:
- resource_group_name (str): Name of the resource group
- security_connector_name (str): Name of the security connector
- security_connector (SecurityConnector): Connector configuration
Returns:
SecurityConnector: Created or updated security connector
"""
def update(
resource_group_name: str,
security_connector_name: str,
security_connector: SecurityConnector,
**kwargs: Any
) -> SecurityConnector:
"""
Update a security connector.
Parameters:
- resource_group_name (str): Name of the resource group
- security_connector_name (str): Name of the security connector
- security_connector (SecurityConnector): Updated connector configuration
Returns:
SecurityConnector: Updated security connector
"""
def delete(
resource_group_name: str,
security_connector_name: str,
**kwargs: Any
) -> None:
"""
Delete a security connector.
Parameters:
- resource_group_name (str): Name of the resource group
- security_connector_name (str): Name of the security connector
Returns:
None
"""Pricing Management
Manage Microsoft Defender plans and pricing configurations.
def list(
filter: Optional[str] = None,
**kwargs: Any
) -> Iterator[Pricing]:
"""
List pricing configurations for Microsoft Defender plans.
Parameters:
- filter (str, optional): OData filter for results
Returns:
Iterator[Pricing]: Iterator of Pricing objects
"""
def get(
pricing_name: str,
**kwargs: Any
) -> Pricing:
"""
Get details of a specific pricing configuration.
Parameters:
- pricing_name (str): Name of the pricing plan (VirtualMachines, StorageAccounts, etc.)
Returns:
Pricing: Pricing configuration details
"""
def update(
pricing_name: str,
pricing: Pricing,
**kwargs: Any
) -> Pricing:
"""
Update a pricing configuration.
Parameters:
- pricing_name (str): Name of the pricing plan
- pricing (Pricing): Updated pricing configuration
Returns:
Pricing: Updated pricing configuration
"""
def delete(
pricing_name: str,
**kwargs: Any
) -> Pricing:
"""
Delete (disable) a pricing configuration.
Parameters:
- pricing_name (str): Name of the pricing plan
Returns:
Pricing: Disabled pricing configuration
"""Defender for Storage
Manage Microsoft Defender for Storage configurations.
def create(
resource_id: str,
defender_for_storage_setting: DefenderForStorageSettingProperties,
**kwargs: Any
) -> DefenderForStorageSettings:
"""
Create Defender for Storage configuration.
Parameters:
- resource_id (str): Full resource ID of the storage account
- defender_for_storage_setting (DefenderForStorageSettingProperties): Configuration settings
Returns:
DefenderForStorageSettings: Created configuration
"""
def get(
resource_id: str,
**kwargs: Any
) -> DefenderForStorageSettings:
"""
Get Defender for Storage configuration.
Parameters:
- resource_id (str): Full resource ID of the storage account
Returns:
DefenderForStorageSettings: Configuration details
"""Legacy Cloud Connectors
Manage legacy cloud environment connectors.
def list(
**kwargs: Any
) -> Iterator[ConnectorSetting]:
"""
List cloud connectors for the subscription.
Returns:
Iterator[ConnectorSetting]: Iterator of ConnectorSetting objects
"""
def get(
connector_name: str,
**kwargs: Any
) -> ConnectorSetting:
"""
Get details of a specific cloud connector.
Parameters:
- connector_name (str): Name of the connector
Returns:
ConnectorSetting: Connector details
"""
def create_or_update(
connector_name: str,
connector_setting: ConnectorSetting,
**kwargs: Any
) -> ConnectorSetting:
"""
Create or update a cloud connector.
Parameters:
- connector_name (str): Name of the connector
- connector_setting (ConnectorSetting): Connector configuration
Returns:
ConnectorSetting: Created or updated connector
"""
def delete(
connector_name: str,
**kwargs: Any
) -> None:
"""
Delete a cloud connector.
Parameters:
- connector_name (str): Name of the connector
Returns:
None
"""Security Solutions Discovery
Discover and manage third-party security solutions and integrations.
def list_security_solutions(
**kwargs: Any
) -> Iterator[SecuritySolution]:
"""
List security solutions in the subscription.
Returns:
Iterator[SecuritySolution]: Iterator of SecuritySolution objects
"""
def list_security_solutions_by_home_region(
asc_location: str,
**kwargs: Any
) -> Iterator[SecuritySolution]:
"""
List security solutions in the subscription's home region.
Parameters:
- asc_location (str): Azure Security Center location
Returns:
Iterator[SecuritySolution]: Iterator of SecuritySolution objects
"""
def get_security_solution(
resource_group_name: str,
asc_location: str,
security_solution_name: str,
**kwargs: Any
) -> SecuritySolution:
"""
Get details of a specific security solution.
Parameters:
- resource_group_name (str): Name of the resource group
- asc_location (str): Azure Security Center location
- security_solution_name (str): Name of the security solution
Returns:
SecuritySolution: Security solution details
"""
def list_discovered_security_solutions(
**kwargs: Any
) -> Iterator[DiscoveredSecuritySolution]:
"""
List discovered security solutions in the subscription.
Returns:
Iterator[DiscoveredSecuritySolution]: Iterator of discovered solutions
"""
def list_discovered_security_solutions_by_home_region(
asc_location: str,
**kwargs: Any
) -> Iterator[DiscoveredSecuritySolution]:
"""
List discovered security solutions in the subscription's home region.
Parameters:
- asc_location (str): Azure Security Center location
Returns:
Iterator[DiscoveredSecuritySolution]: Iterator of discovered solutions
"""
def get_discovered_security_solution(
resource_group_name: str,
asc_location: str,
discovered_security_solution_name: str,
**kwargs: Any
) -> DiscoveredSecuritySolution:
"""
Get details of a specific discovered security solution.
Parameters:
- resource_group_name (str): Name of the resource group
- asc_location (str): Azure Security Center location
- discovered_security_solution_name (str): Name of the discovered solution
Returns:
DiscoveredSecuritySolution: Discovered solution details
"""
def list_external_security_solutions(
**kwargs: Any
) -> Iterator[ExternalSecuritySolution]:
"""
List external security solutions in the subscription.
Returns:
Iterator[ExternalSecuritySolution]: Iterator of external solutions
"""
def list_external_security_solutions_by_home_region(
asc_location: str,
**kwargs: Any
) -> Iterator[ExternalSecuritySolution]:
"""
List external security solutions in the subscription's home region.
Parameters:
- asc_location (str): Azure Security Center location
Returns:
Iterator[ExternalSecuritySolution]: Iterator of external solutions
"""
def get_external_security_solution(
resource_group_name: str,
asc_location: str,
external_security_solution_name: str,
**kwargs: Any
) -> ExternalSecuritySolution:
"""
Get details of a specific external security solution.
Parameters:
- resource_group_name (str): Name of the resource group
- asc_location (str): Azure Security Center location
- external_security_solution_name (str): Name of the external solution
Returns:
ExternalSecuritySolution: External solution details
"""Security Solutions Reference Data
Access reference data and metadata for security solutions.
def list(
**kwargs: Any
) -> Iterator[SecuritySolutionsReferenceData]:
"""
List security solutions reference data.
Returns:
Iterator[SecuritySolutionsReferenceData]: Iterator of reference data objects
"""
def list_by_home_region(
asc_location: str,
**kwargs: Any
) -> Iterator[SecuritySolutionsReferenceData]:
"""
List security solutions reference data by home region.
Parameters:
- asc_location (str): Azure Security Center location
Returns:
Iterator[SecuritySolutionsReferenceData]: Iterator of reference data objects
"""Health Reports
Access health reports for security posture monitoring.
def get_health_report(
resource_details: HealthReportProperties,
**kwargs: Any
) -> HealthReport:
"""
Get a health report for specific resources.
Parameters:
- resource_details (HealthReportProperties): Resource details for the report
Returns:
HealthReport: Health report details
"""
def list_health_reports(
**kwargs: Any
) -> Iterator[HealthReport]:
"""
List health reports for the subscription.
Returns:
Iterator[HealthReport]: Iterator of HealthReport objects
"""Types
class SecurityConnector:
id: Optional[str]
name: Optional[str]
type: Optional[str]
system_data: Optional[SystemData]
location: Optional[str]
tags: Optional[Dict[str, str]]
kind: Optional[str]
etag: Optional[str]
hierarchy_identifier: Optional[str]
hierarchy_identifier_trial_end_date: Optional[datetime]
environment_name: Optional[str] # AzureDevOps, Github, GitLab, Aws, Gcp
environment_data: Optional[EnvironmentData]
offerings: Optional[List[CloudOffering]]
class Pricing:
id: Optional[str]
name: Optional[str]
type: Optional[str]
pricing_tier: str # Free, Standard
sub_plan: Optional[str]
free_trial_remaining_time: Optional[str] # ISO 8601 duration
enablement_time: Optional[datetime]
enforce_sub_plan: Optional[bool]
inherited: Optional[str] # True, False
inherited_from: Optional[str]
resource_coverage_status: Optional[str] # FullyCovered, PartiallyCovered, NotCovered
deprecated: Optional[bool]
replacement_plans: Optional[List[str]]
class DefenderForStorageSettings:
id: Optional[str]
name: Optional[str]
type: Optional[str]
is_enabled: Optional[bool]
malware_scanning: Optional[MalwareScanningProperties]
sensitive_data_discovery: Optional[SensitiveDataDiscoveryProperties]
override_subscription_level_settings: Optional[bool]
class ConnectorSetting:
id: Optional[str]
name: Optional[str]
type: Optional[str]
hybrid_compute_settings: Optional[HybridComputeSettingsProperties]
authentication_details: Optional[AuthenticationDetailsProperties]
class SecuritySolution:
id: Optional[str]
name: Optional[str]
type: Optional[str]
location: Optional[str]
security_family: str # Waf, Ngfw, SaasWaf, Va
provisioning_state: str # Succeeded, Failed, Updating
template: str
protection_status: str
class DiscoveredSecuritySolution:
id: Optional[str]
name: Optional[str]
type: Optional[str]
location: Optional[str]
security_family: str
offer: str
publisher: str
sku: str
class ExternalSecuritySolution:
id: Optional[str]
name: Optional[str]
type: Optional[str]
location: Optional[str]
kind: str # CEF, ATA, AAD
class SecuritySolutionsReferenceData:
id: Optional[str]
name: Optional[str]
type: Optional[str]
security_family: str
alert_vendor_name: str
package_info_url: Optional[str]
product_name: Optional[str]
publisher: Optional[str]
publisher_display_name: Optional[str]
template: Optional[str]
class HealthReport:
id: Optional[str]
name: Optional[str]
type: Optional[str]
status: Optional[HealthReportStatus]
resource_details: Optional[ResourceDetails]
environment_details: Optional[EnvironmentDetails]
health_data_classification: Optional[HealthDataClassification]
issues: Optional[List[HealthReportIssue]]
class EnvironmentData:
# Base class for different environment types
pass
class AwsEnvironmentData(EnvironmentData):
organization_membership_type: Optional[str] # Member, Organization
account_name: Optional[str]
regions: Optional[List[str]]
class GcpProjectEnvironmentData(EnvironmentData):
organization_membership_type: Optional[str] # Member, Organization
project_details: Optional[GcpProjectDetails]
project_number: Optional[str]
workload_identity_pool_id: Optional[str]
class GithubScopeEnvironmentData(EnvironmentData):
scope: Optional[str]
class GitlabScopeEnvironmentData(EnvironmentData):
scope: Optional[str]
class AzureDevOpsScopeEnvironmentData(EnvironmentData):
scope: Optional[str]
class CloudOffering:
# Base class for different cloud offerings
offering_type: str
class DefenderForContainersAwsOffering(CloudOffering):
kubernetes_service: Optional[DefenderForContainersAwsOfferingKubernetesService]
kubernetes_scuba_reader: Optional[DefenderForContainersAwsOfferingKubernetesScubaReader]
cloud_watch_to_kinesis: Optional[DefenderForContainersAwsOfferingCloudWatchToKinesis]
kinesis_to_loganalytics: Optional[DefenderForContainersAwsOfferingKinesisToLogAnalytics]
class DefenderForServersAwsOffering(CloudOffering):
defender_for_servers: Optional[DefenderForServersAwsOfferingDefenderForServers]
arc_auto_provisioning: Optional[DefenderForServersAwsOfferingArcAutoProvisioning]
mde_auto_provisioning: Optional[DefenderForServersAwsOfferingMdeAutoProvisioning]
va_auto_provisioning: Optional[DefenderForServersAwsOfferingVaAutoProvisioning]
class MalwareScanningProperties:
on_upload: Optional[OnUploadProperties]
cap_gb_per_month: Optional[int]
class SensitiveDataDiscoveryProperties:
is_enabled: Optional[bool]
class OnUploadProperties:
is_enabled: Optional[bool]
cap_gb_per_month: Optional[int]
class HybridComputeSettingsProperties:
hybrid_compute_provisioning_state: Optional[str] # Valid, Invalid, Expired
auto_provision: Optional[str] # On, Off
resource_group_name: Optional[str]
region: Optional[str]
proxy_server: Optional[ProxyServerProperties]
service_principal: Optional[ServicePrincipalProperties]
class AuthenticationDetailsProperties:
# Base class for different authentication types
authentication_type: str
class AwsAssumeRoleAuthenticationDetailsProperties(AuthenticationDetailsProperties):
account_id: str
external_id: str
aws_assume_role_arn: str
authentication_provisioning_state: Optional[str]
class AwsCredsAuthenticationDetailsProperties(AuthenticationDetailsProperties):
account_id: str
aws_access_key_id: str
aws_secret_access_key: str
authentication_provisioning_state: Optional[str]
class GcpCredentialsDetailsProperties(AuthenticationDetailsProperties):
organization_id: str
type: str
project_id: str
private_key_id: str
private_key: str
client_email: str
client_id: str
auth_uri: str
token_uri: str
auth_provider_x509_cert_url: str
client_x509_cert_url: str
authentication_provisioning_state: Optional[str]Usage Examples
Security Connector Management
from azure.identity import DefaultAzureCredential
from azure.mgmt.security import SecurityCenter
credential = DefaultAzureCredential()
client = SecurityCenter(credential, "subscription-id")
# List all security connectors
connectors = client.security_connectors.list()
for connector in connectors:
print(f"Connector: {connector.name}")
print(f"Environment: {connector.environment_name}")
print(f"Location: {connector.location}")
print(f"Hierarchy ID: {connector.hierarchy_identifier}")
if connector.offerings:
print(f"Offerings: {len(connector.offerings)}")
for offering in connector.offerings:
print(f" - {offering.offering_type}")
# Create AWS security connector
aws_connector = {
"location": "CentralUS",
"kind": "MultiCloudConnector",
"environment_name": "Aws",
"environment_data": {
"organization_membership_type": "Member",
"account_name": "production-aws-account",
"regions": ["us-east-1", "us-west-2"]
},
"offerings": [
{
"offering_type": "DefenderForServersAws",
"defender_for_servers": {
"enabled": True
},
"arc_auto_provisioning": {
"enabled": True,
"configuration": {}
},
"mde_auto_provisioning": {
"enabled": True,
"configuration": {}
}
},
{
"offering_type": "DefenderForContainersAws",
"kubernetes_service": {
"enabled": True
},
"kubernetes_scuba_reader": {
"enabled": True
}
}
]
}
aws_connector_result = client.security_connectors.create_or_update(
"security-rg",
"aws-prod-connector",
aws_connector
)
print(f"Created AWS connector: {aws_connector_result.name}")
# Create GCP security connector
gcp_connector = {
"location": "CentralUS",
"kind": "MultiCloudConnector",
"environment_name": "Gcp",
"environment_data": {
"organization_membership_type": "Member",
"project_details": {
"project_id": "my-gcp-project",
"project_number": "123456789"
},
"workload_identity_pool_id": "pool-id"
},
"offerings": [
{
"offering_type": "DefenderForServersGcp",
"defender_for_servers": {
"enabled": True
},
"arc_auto_provisioning": {
"enabled": True
}
}
]
}
gcp_connector_result = client.security_connectors.create_or_update(
"security-rg",
"gcp-prod-connector",
gcp_connector
)
print(f"Created GCP connector: {gcp_connector_result.name}")Pricing and Defender Plan Management
# List all pricing configurations
pricing_plans = client.pricings.list()
for plan in pricing_plans:
print(f"Plan: {plan.name}")
print(f"Tier: {plan.pricing_tier}")
print(f"Sub Plan: {plan.sub_plan}")
print(f"Coverage: {plan.resource_coverage_status}")
print(f"Free Trial Remaining: {plan.free_trial_remaining_time}")
print(f"Enablement Time: {plan.enablement_time}")
print(f"Inherited: {plan.inherited}")
if plan.deprecated:
print(f" ⚠️ Plan is deprecated")
if plan.replacement_plans:
print(f" Replacements: {', '.join(plan.replacement_plans)}")
# Enable Microsoft Defender for VMs
vm_pricing = {
"pricing_tier": "Standard"
}
vm_plan = client.pricings.update("VirtualMachines", vm_pricing)
print(f"Defender for VMs: {vm_plan.pricing_tier}")
# Enable Microsoft Defender for Storage Accounts
storage_pricing = {
"pricing_tier": "Standard",
"sub_plan": "DefenderForStorageV2"
}
storage_plan = client.pricings.update("StorageAccounts", storage_pricing)
print(f"Defender for Storage: {storage_plan.pricing_tier} - {storage_plan.sub_plan}")
# Enable Microsoft Defender for Containers
container_pricing = {
"pricing_tier": "Standard"
}
container_plan = client.pricings.update("Containers", container_pricing)
print(f"Defender for Containers: {container_plan.pricing_tier}")
# Get specific pricing details
app_service_pricing = client.pricings.get("AppServices")
print(f"App Services Plan: {app_service_pricing.pricing_tier}")
print(f"Coverage Status: {app_service_pricing.resource_coverage_status}")
# Disable a plan (set to Free tier)
free_pricing = {
"pricing_tier": "Free"
}
disabled_plan = client.pricings.update("SqlServers", free_pricing)
print(f"SQL Servers plan disabled: {disabled_plan.pricing_tier}")Defender for Storage Configuration
# Configure Defender for Storage on specific storage account
storage_account_id = "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
defender_storage_config = {
"is_enabled": True,
"malware_scanning": {
"on_upload": {
"is_enabled": True,
"cap_gb_per_month": 5000 # 5TB monthly cap
}
},
"sensitive_data_discovery": {
"is_enabled": True
},
"override_subscription_level_settings": True
}
storage_defense = client.defender_for_storage.create(
storage_account_id,
defender_storage_config
)
print(f"Defender for Storage configured: {storage_defense.is_enabled}")
print(f"Malware scanning enabled: {storage_defense.malware_scanning.on_upload.is_enabled}")
print(f"Sensitive data discovery: {storage_defense.sensitive_data_discovery.is_enabled}")
# Get current configuration
current_config = client.defender_for_storage.get(storage_account_id)
print(f"Current malware scanning cap: {current_config.malware_scanning.on_upload.cap_gb_per_month} GB/month")Security Solutions Discovery
# List all security solutions
security_solutions = client.security_solutions.list()
for solution in security_solutions:
print(f"Security Solution: {solution.name}")
print(f"Family: {solution.security_family}")
print(f"State: {solution.provisioning_state}")
print(f"Protection Status: {solution.protection_status}")
print(f"Template: {solution.template}")
print(f"Location: {solution.location}")
# List discovered security solutions
discovered_solutions = client.discovered_security_solutions.list()
for solution in discovered_solutions:
print(f"Discovered Solution: {solution.name}")
print(f"Publisher: {solution.publisher}")
print(f"Offer: {solution.offer}")
print(f"SKU: {solution.sku}")
print(f"Security Family: {solution.security_family}")
print(f"Location: {solution.location}")
# List external security solutions
external_solutions = client.external_security_solutions.list()
for solution in external_solutions:
print(f"External Solution: {solution.name}")
print(f"Kind: {solution.kind}")
print(f"Location: {solution.location}")
# Get security solutions reference data
reference_data = client.security_solutions_reference_data.list()
for data in reference_data:
print(f"Reference: {data.name}")
print(f"Security Family: {data.security_family}")
print(f"Vendor: {data.alert_vendor_name}")
print(f"Product: {data.product_name}")
print(f"Publisher: {data.publisher_display_name}")
print(f"Package Info: {data.package_info_url}")Legacy Cloud Connectors
# List legacy cloud connectors
connectors = client.connectors.list()
for connector in connectors:
print(f"Connector: {connector.name}")
if connector.hybrid_compute_settings:
settings = connector.hybrid_compute_settings
print(f"Auto Provision: {settings.auto_provision}")
print(f"State: {settings.hybrid_compute_provisioning_state}")
print(f"Resource Group: {settings.resource_group_name}")
print(f"Region: {settings.region}")
if connector.authentication_details:
auth = connector.authentication_details
print(f"Auth Type: {auth.authentication_type}")
# Create AWS connector with assume role authentication
aws_connector = {
"hybrid_compute_settings": {
"auto_provision": "On",
"resource_group_name": "aws-resources-rg",
"region": "East US"
},
"authentication_details": {
"authentication_type": "awsAssumeRole",
"account_id": "123456789012",
"external_id": "unique-external-id",
"aws_assume_role_arn": "arn:aws:iam::123456789012:role/SecurityCenterRole"
}
}
aws_conn = client.connectors.create_or_update("aws", aws_connector)
print(f"AWS connector created: {aws_conn.name}")
# Create GCP connector
gcp_connector = {
"authentication_details": {
"authentication_type": "gcpCredentials",
"organization_id": "123456789",
"type": "service_account",
"project_id": "my-gcp-project",
"private_key_id": "key-id",
"private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
"client_email": "security@my-project.iam.gserviceaccount.com",
"client_id": "123456789",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token"
}
}
gcp_conn = client.connectors.create_or_update("gcp", gcp_connector)
print(f"GCP connector created: {gcp_conn.name}")Cloud Security Posture Dashboard
def create_cloud_security_posture_dashboard():
"""Create a comprehensive cloud security posture dashboard."""
print("Cloud Security Posture Dashboard")
print("=" * 50)
# Security Connectors
print("\n1. Multi-Cloud Security Connectors:")
connectors = client.security_connectors.list()
connector_summary = {"Azure": 0, "AWS": 0, "GCP": 0, "GitHub": 0, "GitLab": 0, "AzureDevOps": 0}
total_offerings = 0
for connector in connectors:
env_name = connector.environment_name
if env_name in connector_summary:
connector_summary[env_name] += 1
if connector.offerings:
total_offerings += len(connector.offerings)
for env, count in connector_summary.items():
if count > 0:
print(f" {env}: {count} connector(s)")
print(f" Total Offerings: {total_offerings}")
# Microsoft Defender Plans
print("\n2. Microsoft Defender Plans:")
pricing_plans = client.pricings.list()
enabled_plans = 0
total_plans = 0
coverage_status = {"FullyCovered": 0, "PartiallyCovered": 0, "NotCovered": 0}
for plan in pricing_plans:
total_plans += 1
if plan.pricing_tier == "Standard":
enabled_plans += 1
if plan.resource_coverage_status in coverage_status:
coverage_status[plan.resource_coverage_status] += 1
print(f" Enabled Plans: {enabled_plans}/{total_plans}")
print(f" Coverage - Full: {coverage_status['FullyCovered']}, Partial: {coverage_status['PartiallyCovered']}, None: {coverage_status['NotCovered']}")
# Security Solutions
print("\n3. Security Solutions:")
try:
security_solutions = client.security_solutions.list()
solution_count = sum(1 for _ in security_solutions)
print(f" Deployed Solutions: {solution_count}")
discovered_solutions = client.discovered_security_solutions.list()
discovered_count = sum(1 for _ in discovered_solutions)
print(f" Discovered Solutions: {discovered_count}")
external_solutions = client.external_security_solutions.list()
external_count = sum(1 for _ in external_solutions)
print(f" External Solutions: {external_count}")
except Exception as e:
print(f" Solutions: Unable to retrieve data ({e})")
# Legacy Connectors
print("\n4. Legacy Cloud Connectors:")
try:
legacy_connectors = client.connectors.list()
legacy_count = sum(1 for _ in legacy_connectors)
print(f" Legacy Connectors: {legacy_count}")
except Exception as e:
print(f" Legacy Connectors: Unable to retrieve data ({e})")
# Security Posture Score
print("\n5. Security Posture Score:")
posture_score = 0
# Score based on enabled Defender plans
if total_plans > 0:
defender_score = (enabled_plans / total_plans) * 40
posture_score += defender_score
# Score based on multi-cloud coverage
multi_cloud_envs = sum(1 for count in connector_summary.values() if count > 0)
if multi_cloud_envs > 1:
posture_score += 30 # Bonus for multi-cloud coverage
elif multi_cloud_envs == 1:
posture_score += 15
# Score based on coverage status
if coverage_status['FullyCovered'] > coverage_status['PartiallyCovered'] + coverage_status['NotCovered']:
posture_score += 30
elif coverage_status['FullyCovered'] > 0:
posture_score += 15
print(f" Overall Score: {posture_score:.0f}/100")
if posture_score >= 80:
print(" 🟢 Excellent cloud security posture")
elif posture_score >= 60:
print(" 🟡 Good cloud security posture")
elif posture_score >= 40:
print(" 🟠 Moderate cloud security posture")
else:
print(" 🔴 Poor cloud security posture - immediate action required")
return {
"connectors": connector_summary,
"total_offerings": total_offerings,
"enabled_defender_plans": enabled_plans,
"total_defender_plans": total_plans,
"coverage_status": coverage_status,
"posture_score": posture_score
}
# Generate the cloud security posture dashboard
posture_data = create_cloud_security_posture_dashboard()Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-security