From 84159c97605238946622563dd34fa5d10c412cc0 Mon Sep 17 00:00:00 2001 From: Or Parnes Date: Mon, 4 Jul 2022 12:28:12 +0200 Subject: [PATCH] Defender updates (#19665) * Defender updates * sample * remove old description --- ...ManagedClustersCreate_SecurityProfile.json | 24 +++++++++------ .../stable/2022-06-01/managedClusters.json | 30 ++++++++++++------- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/examples/ManagedClustersCreate_SecurityProfile.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/examples/ManagedClustersCreate_SecurityProfile.json index 5e948d77fc59..4a87881aa01f 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/examples/ManagedClustersCreate_SecurityProfile.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/examples/ManagedClustersCreate_SecurityProfile.json @@ -48,9 +48,11 @@ } }, "securityProfile": { - "azureDefender": { - "enabled": true, - "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME" + "defender": { + "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME", + "securityMonitoring": { + "enabled": true + } } } } @@ -144,9 +146,11 @@ } }, "securityProfile": { - "azureDefender": { - "enabled": true, - "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME" + "defender": { + "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME", + "securityMonitoring": { + "enabled": true + } } } } @@ -237,9 +241,11 @@ } }, "securityProfile": { - "azureDefender": { - "enabled": true, - "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME" + "defender": { + "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME", + "securityMonitoring": { + "enabled": true + } } } } diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/managedClusters.json index 08a2e5796cb0..e01d9e72f8c7 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/managedClusters.json @@ -5466,9 +5466,9 @@ "ManagedClusterSecurityProfile": { "type": "object", "properties": { - "azureDefender": { - "$ref": "#/definitions/ManagedClusterSecurityProfileAzureDefender", - "description": "Azure Defender settings for the security profile." + "defender": { + "$ref": "#/definitions/ManagedClusterSecurityProfileDefender", + "description": "Microsoft Defender settings for the security profile." }, "azureKeyVaultKms": { "$ref": "#/definitions/AzureKeyVaultKms", @@ -5527,19 +5527,29 @@ }, "description": "Storage profile for the container service cluster." }, - "ManagedClusterSecurityProfileAzureDefender": { + "ManagedClusterSecurityProfileDefender": { "type": "object", "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to enable Azure Defender" - }, "logAnalyticsWorkspaceResourceId": { "type": "string", - "description": "Resource ID of the Log Analytics workspace to be associated with Azure Defender. When Azure Defender is enabled, this field is required and must be a valid workspace resource ID. When Azure Defender is disabled, leave the field empty." + "description": "Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty." + }, + "securityMonitoring": { + "$ref": "#/definitions/ManagedClusterSecurityProfileDefenderSecurityMonitoring", + "description": "Microsoft Defender threat detection for Cloud settings for the security profile." + } + }, + "description": "Microsoft Defender settings for the security profile." + }, + "ManagedClusterSecurityProfileDefenderSecurityMonitoring": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable Defender threat detection" } }, - "description": "Azure Defender settings for the security profile." + "description": "Microsoft Defender settings for the security profile threat detection." }, "ManagedClusterStorageProfileDiskCSIDriver": { "type": "object",