tessl/pypi-azure-mgmt-security
Microsoft Azure Security Center Management Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
configuration-settings.mddocs/
Configuration and Settings
Security Center configuration and settings management capabilities, providing centralized configuration for security settings, contact management, workspace settings, auto-provisioning, and data export configuration.
Capabilities
Settings Management
Manage Azure Security Center configuration settings including data export, alert synchronization, and feature enablement.
def list(
**kwargs: Any
) -> Iterator[Setting]:
"""
List all security settings for the subscription.
Returns:
Iterator[Setting]: Iterator of Setting objects
"""
def get(
setting_name: str,
**kwargs: Any
) -> Setting:
"""
Get details of a specific security setting.
Parameters:
- setting_name (str): Name of the setting (MCAS, WDATP, SENTINEL)
Returns:
Setting: Security setting details
"""
def update(
setting_name: str,
setting: Setting,
**kwargs: Any
) -> Setting:
"""
Update a security setting.
Parameters:
- setting_name (str): Name of the setting
- setting (Setting): Updated setting configuration
Returns:
Setting: Updated security setting
"""Security Contacts
Manage security contact information for alert notifications and communication.
def list(
**kwargs: Any
) -> Iterator[SecurityContact]:
"""
List security contacts for the subscription.
Returns:
Iterator[SecurityContact]: Iterator of SecurityContact objects
"""
def get(
security_contact_name: str,
**kwargs: Any
) -> SecurityContact:
"""
Get details of a specific security contact.
Parameters:
- security_contact_name (str): Name of the security contact
Returns:
SecurityContact: Security contact details
"""
def create(
security_contact_name: str,
security_contact: SecurityContact,
**kwargs: Any
) -> SecurityContact:
"""
Create a security contact.
Parameters:
- security_contact_name (str): Name of the security contact
- security_contact (SecurityContact): Contact information
Returns:
SecurityContact: Created security contact
"""
def update(
security_contact_name: str,
security_contact: SecurityContact,
**kwargs: Any
) -> SecurityContact:
"""
Update a security contact.
Parameters:
- security_contact_name (str): Name of the security contact
- security_contact (SecurityContact): Updated contact information
Returns:
SecurityContact: Updated security contact
"""
def delete(
security_contact_name: str,
**kwargs: Any
) -> None:
"""
Delete a security contact.
Parameters:
- security_contact_name (str): Name of the security contact
Returns:
None
"""Auto Provisioning Settings
Manage automatic provisioning of security agents and extensions.
def list(
**kwargs: Any
) -> Iterator[AutoProvisioningSetting]:
"""
List auto provisioning settings for the subscription.
Returns:
Iterator[AutoProvisioningSetting]: Iterator of auto provisioning settings
"""
def get(
setting_name: str,
**kwargs: Any
) -> AutoProvisioningSetting:
"""
Get details of a specific auto provisioning setting.
Parameters:
- setting_name (str): Name of the setting
Returns:
AutoProvisioningSetting: Auto provisioning setting details
"""
def create(
setting_name: str,
setting: AutoProvisioningSetting,
**kwargs: Any
) -> AutoProvisioningSetting:
"""
Create an auto provisioning setting.
Parameters:
- setting_name (str): Name of the setting
- setting (AutoProvisioningSetting): Setting configuration
Returns:
AutoProvisioningSetting: Created auto provisioning setting
"""Workspace Settings
Manage Log Analytics workspace settings for Security Center data collection.
def list(
**kwargs: Any
) -> Iterator[WorkspaceSetting]:
"""
List workspace settings for the subscription.
Returns:
Iterator[WorkspaceSetting]: Iterator of WorkspaceSetting objects
"""
def get(
workspace_setting_name: str,
**kwargs: Any
) -> WorkspaceSetting:
"""
Get details of a specific workspace setting.
Parameters:
- workspace_setting_name (str): Name of the workspace setting
Returns:
WorkspaceSetting: Workspace setting details
"""
def create(
workspace_setting_name: str,
workspace_setting: WorkspaceSetting,
**kwargs: Any
) -> WorkspaceSetting:
"""
Create a workspace setting.
Parameters:
- workspace_setting_name (str): Name of the workspace setting
- workspace_setting (WorkspaceSetting): Workspace configuration
Returns:
WorkspaceSetting: Created workspace setting
"""
def update(
workspace_setting_name: str,
workspace_setting: WorkspaceSetting,
**kwargs: Any
) -> WorkspaceSetting:
"""
Update a workspace setting.
Parameters:
- workspace_setting_name (str): Name of the workspace setting
- workspace_setting (WorkspaceSetting): Updated workspace configuration
Returns:
WorkspaceSetting: Updated workspace setting
"""
def delete(
workspace_setting_name: str,
**kwargs: Any
) -> None:
"""
Delete a workspace setting.
Parameters:
- workspace_setting_name (str): Name of the workspace setting
Returns:
None
"""Sensitivity Settings
Manage data sensitivity and classification settings for Security Center.
def list(
**kwargs: Any
) -> Iterator[GetSensitivitySettingsResponse]:
"""
List sensitivity settings for the subscription.
Returns:
Iterator[GetSensitivitySettingsResponse]: Iterator of sensitivity settings
"""
def get(
**kwargs: Any
) -> GetSensitivitySettingsResponse:
"""
Get sensitivity settings for the subscription.
Returns:
GetSensitivitySettingsResponse: Sensitivity settings details
"""
def create_or_update(
sensitivity_settings: UpdateSensitivitySettingsRequest,
**kwargs: Any
) -> GetSensitivitySettingsResponse:
"""
Create or update sensitivity settings.
Parameters:
- sensitivity_settings (UpdateSensitivitySettingsRequest): Sensitivity configuration
Returns:
GetSensitivitySettingsResponse: Created or updated sensitivity settings
"""Information Protection Policies
Manage information protection and data classification policies.
def list(
scope: str,
**kwargs: Any
) -> Iterator[InformationProtectionPolicy]:
"""
List information protection policies for a scope.
Parameters:
- scope (str): Resource scope (subscription or management group)
Returns:
Iterator[InformationProtectionPolicy]: Iterator of protection policies
"""
def get(
scope: str,
information_protection_policy_name: str,
**kwargs: Any
) -> InformationProtectionPolicy:
"""
Get details of a specific information protection policy.
Parameters:
- scope (str): Resource scope
- information_protection_policy_name (str): Name of the policy
Returns:
InformationProtectionPolicy: Protection policy details
"""
def create_or_update(
scope: str,
information_protection_policy_name: str,
information_protection_policy: InformationProtectionPolicy,
**kwargs: Any
) -> InformationProtectionPolicy:
"""
Create or update an information protection policy.
Parameters:
- scope (str): Resource scope
- information_protection_policy_name (str): Name of the policy
- information_protection_policy (InformationProtectionPolicy): Policy configuration
Returns:
InformationProtectionPolicy: Created or updated policy
"""Locations and Operations
Access Security Center supported locations and available operations.
def list_locations(
**kwargs: Any
) -> Iterator[AscLocation]:
"""
List supported Azure Security Center locations.
Returns:
Iterator[AscLocation]: Iterator of supported locations
"""
def get_location(
asc_location: str,
**kwargs: Any
) -> AscLocation:
"""
Get details of a specific Azure Security Center location.
Parameters:
- asc_location (str): Azure Security Center location
Returns:
AscLocation: Location details
"""
def list_operations(
**kwargs: Any
) -> Iterator[Operation]:
"""
List available Security Center operations.
Returns:
Iterator[Operation]: Iterator of available operations
"""Microsoft Defender for Endpoint Onboarding
Manage Microsoft Defender for Endpoint (MDE) onboarding configurations.
def list(
**kwargs: Any
) -> Iterator[MdeOnboardingData]:
"""
List Microsoft Defender for Endpoint onboarding configurations.
Returns:
Iterator[MdeOnboardingData]: Iterator of MDE onboarding configurations
"""
def get(
**kwargs: Any
) -> MdeOnboardingData:
"""
Get Microsoft Defender for Endpoint onboarding data.
Returns:
MdeOnboardingData: MDE onboarding configuration
"""Security Operators
Manage security operator configurations and access.
def list(
**kwargs: Any
) -> Iterator[SecurityOperator]:
"""
List security operators for the subscription.
Returns:
Iterator[SecurityOperator]: Iterator of SecurityOperator objects
"""
def get(
security_operator_name: str,
**kwargs: Any
) -> SecurityOperator:
"""
Get details of a specific security operator.
Parameters:
- security_operator_name (str): Name of the security operator
Returns:
SecurityOperator: Security operator details
"""
def create_or_update(
security_operator_name: str,
security_operator_body: SecurityOperator,
**kwargs: Any
) -> SecurityOperator:
"""
Create or update a security operator.
Parameters:
- security_operator_name (str): Name of the security operator
- security_operator_body (SecurityOperator): Operator configuration
Returns:
SecurityOperator: Created or updated security operator
"""
def delete(
security_operator_name: str,
**kwargs: Any
) -> None:
"""
Delete a security operator.
Parameters:
- security_operator_name (str): Name of the security operator
Returns:
None
"""Types
class Setting:
id: Optional[str]
name: Optional[str]
type: Optional[str]
kind: str # DataExportSettings, AlertSyncSettings
class DataExportSettings:
enabled: bool
class AlertSyncSettings:
enabled: bool
class SecurityContact:
id: Optional[str]
name: Optional[str]
type: Optional[str]
emails: Optional[str] # Semicolon-separated email addresses
phone: Optional[str]
alert_notifications: Optional[AlertNotifications]
notifications_by_role: Optional[NotificationsByRole]
class AlertNotifications:
state: Optional[str] # On, Off
minimal_severity: Optional[str] # High, Medium, Low
class NotificationsByRole:
state: Optional[str] # On, Off
roles: Optional[List[str]] # Owner, Contributor, ServiceAdmin, AccountAdmin
class AutoProvisioningSetting:
id: Optional[str]
name: Optional[str]
type: Optional[str]
auto_provision: str # On, Off
class WorkspaceSetting:
id: Optional[str]
name: Optional[str]
type: Optional[str]
workspace_id: Optional[str]
scope: Optional[str]
class GetSensitivitySettingsResponse:
sensitive_info_types_ids: Optional[List[str]]
sensitivity_threshold_label_order: Optional[float]
sensitivity_threshold_label_id: Optional[str]
class UpdateSensitivitySettingsRequest:
sensitive_info_types_ids: Optional[List[str]]
sensitivity_threshold_label_order: Optional[float]
sensitivity_threshold_label_id: Optional[str]
class InformationProtectionPolicy:
id: Optional[str]
name: Optional[str]
type: Optional[str]
last_modified_utc: Optional[datetime]
version: Optional[str]
labels: Optional[Dict[str, SensitivityLabel]]
information_types: Optional[Dict[str, InformationType]]
class SensitivityLabel:
display_name: Optional[str]
description: Optional[str]
rank: Optional[int]
enabled: Optional[bool]
order: Optional[float]
class InformationType:
display_name: Optional[str]
description: Optional[str]
order: Optional[float]
recommended_label_id: Optional[str]
enabled: Optional[bool]
custom: Optional[bool]
keywords: Optional[List[InformationProtectionKeyword]]
class InformationProtectionKeyword:
pattern: Optional[str]
custom: Optional[bool]
can_be_numeric: Optional[bool]
excluded: Optional[bool]
class AscLocation:
id: Optional[str]
name: Optional[str]
type: Optional[str]
properties: Optional[AscLocationProperties]
class AscLocationProperties:
display_name: Optional[str]
class Operation:
name: Optional[str]
origin: Optional[str]
display: Optional[OperationDisplay]
class OperationDisplay:
provider: Optional[str]
resource: Optional[str]
operation: Optional[str]
description: Optional[str]
class MdeOnboardingData:
id: Optional[str]
name: Optional[str]
type: Optional[str]
onboarding_package_windows: Optional[bytes]
onboarding_package_linux: Optional[bytes]
class SecurityOperator:
id: Optional[str]
name: Optional[str]
type: Optional[str]
identity: Optional[Identity]
class Identity:
principal_id: Optional[str]
tenant_id: Optional[str]
type: Optional[str] # SystemAssignedUsage Examples
Security Settings Configuration
from azure.identity import DefaultAzureCredential
from azure.mgmt.security import SecurityCenter
credential = DefaultAzureCredential()
client = SecurityCenter(credential, "subscription-id")
# List all security settings
settings = client.settings.list()
for setting in settings:
print(f"Setting: {setting.name}")
print(f"Kind: {setting.kind}")
if setting.kind == "DataExportSettings":
print(f"Data Export Enabled: {setting.enabled}")
elif setting.kind == "AlertSyncSettings":
print(f"Alert Sync Enabled: {setting.enabled}")
# Get specific setting
mcas_setting = client.settings.get("MCAS")
print(f"MCAS Setting: {mcas_setting.name}")
print(f"Enabled: {mcas_setting.enabled}")
# Update data export settings
data_export_setting = {
"kind": "DataExportSettings",
"enabled": True
}
updated_setting = client.settings.update("DataExportSettings", data_export_setting)
print(f"Data export updated: {updated_setting.enabled}")
# Enable WDATP integration
wdatp_setting = {
"kind": "AlertSyncSettings",
"enabled": True
}
wdatp_updated = client.settings.update("WDATP", wdatp_setting)
print(f"WDATP integration enabled: {wdatp_updated.enabled}")Security Contact Management
# List existing security contacts
contacts = client.security_contacts.list()
for contact in contacts:
print(f"Contact: {contact.name}")
print(f"Emails: {contact.emails}")
print(f"Phone: {contact.phone}")
if contact.alert_notifications:
print(f"Alert Notifications: {contact.alert_notifications.state}")
print(f"Minimal Severity: {contact.alert_notifications.minimal_severity}")
if contact.notifications_by_role:
print(f"Role Notifications: {contact.notifications_by_role.state}")
print(f"Roles: {contact.notifications_by_role.roles}")
# Create a new security contact
security_contact = {
"emails": "security-team@company.com;soc@company.com",
"phone": "+1-555-123-4567",
"alert_notifications": {
"state": "On",
"minimal_severity": "Medium"
},
"notifications_by_role": {
"state": "On",
"roles": ["Owner", "Contributor"]
}
}
contact = client.security_contacts.create("primary", security_contact)
print(f"Created security contact: {contact.name}")
# Update existing contact
updated_contact = {
"emails": "security-team@company.com;soc@company.com;ciso@company.com",
"phone": "+1-555-123-4567",
"alert_notifications": {
"state": "On",
"minimal_severity": "High" # Changed to High
},
"notifications_by_role": {
"state": "On",
"roles": ["Owner", "Contributor", "ServiceAdmin"]
}
}
updated = client.security_contacts.update("primary", updated_contact)
print(f"Updated contact minimal severity to: {updated.alert_notifications.minimal_severity}")Auto Provisioning Configuration
# List auto provisioning settings
auto_settings = client.auto_provisioning_settings.list()
for setting in auto_settings:
print(f"Auto Provisioning: {setting.name}")
print(f"Status: {setting.auto_provision}")
# Get specific auto provisioning setting
log_analytics_setting = client.auto_provisioning_settings.get("default")
print(f"Log Analytics Auto Provisioning: {log_analytics_setting.auto_provision}")
# Enable auto provisioning
auto_provision_config = {
"auto_provision": "On"
}
enabled_setting = client.auto_provisioning_settings.create(
"default",
auto_provision_config
)
print(f"Auto provisioning enabled: {enabled_setting.auto_provision}")Workspace Settings Management
# List workspace settings
workspace_settings = client.workspace_settings.list()
for setting in workspace_settings:
print(f"Workspace Setting: {setting.name}")
print(f"Workspace ID: {setting.workspace_id}")
print(f"Scope: {setting.scope}")
# Create workspace setting
workspace_config = {
"workspace_id": "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/security-workspace",
"scope": "/subscriptions/sub-id"
}
workspace_setting = client.workspace_settings.create("default", workspace_config)
print(f"Workspace configured: {workspace_setting.workspace_id}")
# Update workspace setting
updated_workspace_config = {
"workspace_id": "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.OperationalInsights/workspaces/new-security-workspace",
"scope": "/subscriptions/sub-id"
}
updated_workspace = client.workspace_settings.update("default", updated_workspace_config)
print(f"Workspace updated: {updated_workspace.workspace_id}")Information Protection Policy Management
# List information protection policies
scope = "subscriptions/subscription-id"
policies = client.information_protection_policies.list(scope)
for policy in policies:
print(f"Policy: {policy.name}")
print(f"Version: {policy.version}")
print(f"Last Modified: {policy.last_modified_utc}")
if policy.labels:
print(f"Labels: {len(policy.labels)}")
for label_id, label in policy.labels.items():
print(f" {label_id}: {label.display_name} (Rank: {label.rank})")
if policy.information_types:
print(f"Information Types: {len(policy.information_types)}")
for info_type_id, info_type in policy.information_types.items():
print(f" {info_type_id}: {info_type.display_name}")
# Get specific policy
specific_policy = client.information_protection_policies.get(scope, "effective")
print(f"Effective Policy Labels: {len(specific_policy.labels or {})}")Sensitivity Settings Configuration
# Get current sensitivity settings
sensitivity_settings = client.sensitivity_settings.get()
print(f"Sensitivity Info Types: {len(sensitivity_settings.sensitive_info_types_ids or [])}")
print(f"Threshold Label ID: {sensitivity_settings.sensitivity_threshold_label_id}")
print(f"Threshold Order: {sensitivity_settings.sensitivity_threshold_label_order}")
# Update sensitivity settings
updated_sensitivity = {
"sensitive_info_types_ids": [
"50842eb7-edc8-4019-85dd-5a5c1f2bb085", # Credit Card Number
"a44669fe-0d48-453d-a9b1-2cc83f2cba77", # U.S. Social Security Number
"be1daff4-7406-4a0c-8f23-7d0a5217e2a4" # Email Address
],
"sensitivity_threshold_label_order": 2.0,
"sensitivity_threshold_label_id": "confidential-label-id"
}
updated_settings = client.sensitivity_settings.create_or_update(updated_sensitivity)
print(f"Updated sensitivity settings with {len(updated_settings.sensitive_info_types_ids)} info types")Microsoft Defender for Endpoint Integration
# Get MDE onboarding data
mde_data = client.mde_onboardings.get()
print(f"MDE Onboarding: {mde_data.name}")
if mde_data.onboarding_package_windows:
print("Windows onboarding package available")
# Save to file for deployment
with open("mde_windows_package.zip", "wb") as f:
f.write(mde_data.onboarding_package_windows)
if mde_data.onboarding_package_linux:
print("Linux onboarding package available")
# Save to file for deployment
with open("mde_linux_package.zip", "wb") as f:
f.write(mde_data.onboarding_package_linux)Security Configuration Dashboard
def create_security_configuration_dashboard():
"""Create a comprehensive security configuration dashboard."""
print("Security Configuration Dashboard")
print("=" * 50)
# Security Settings
print("\n1. Security Settings:")
settings = client.settings.list()
settings_status = {}
for setting in settings:
if hasattr(setting, 'enabled'):
settings_status[setting.name] = setting.enabled
else:
settings_status[setting.name] = "Unknown"
for name, status in settings_status.items():
print(f" {name}: {'✓ Enabled' if status else '✗ Disabled'}")
# Security Contacts
print("\n2. Security Contacts:")
contacts = client.security_contacts.list()
contact_count = sum(1 for _ in contacts)
print(f" Configured Contacts: {contact_count}")
# Auto Provisioning
print("\n3. Auto Provisioning:")
auto_settings = client.auto_provisioning_settings.list()
auto_enabled = False
for setting in auto_settings:
if setting.auto_provision == "On":
auto_enabled = True
break
print(f" Status: {'✓ Enabled' if auto_enabled else '✗ Disabled'}")
# Workspace Settings
print("\n4. Workspace Configuration:")
workspace_settings = client.workspace_settings.list()
workspace_configured = sum(1 for _ in workspace_settings) > 0
print(f" Status: {'✓ Configured' if workspace_configured else '✗ Not Configured'}")
# Locations
print("\n5. Supported Locations:")
locations = client.locations.list()
location_count = sum(1 for _ in locations)
print(f" Available Locations: {location_count}")
# Configuration Score
config_score = 0
if settings_status.get("MCAS", False):
config_score += 1
if settings_status.get("WDATP", False):
config_score += 1
if contact_count > 0:
config_score += 1
if auto_enabled:
config_score += 1
if workspace_configured:
config_score += 1
print(f"\n6. Configuration Health Score: {config_score}/5")
if config_score >= 4:
print(" 🟢 Excellent configuration")
elif config_score >= 3:
print(" 🟡 Good configuration, minor improvements needed")
else:
print(" 🔴 Configuration needs attention")
return {
"settings_status": settings_status,
"contact_count": contact_count,
"auto_provisioning_enabled": auto_enabled,
"workspace_configured": workspace_configured,
"location_count": location_count,
"config_score": config_score
}
# Generate the configuration dashboard
config_data = create_security_configuration_dashboard()Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-security