Adaptive Application Controls - Get
Gets an application control VM/server group.
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
asc
|
path | True |
string |
The location where ASC stores the data of the subscription. can be retrieved from Get locations |
group
|
path | True |
string |
Name of an application control machine group |
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Gets a configured application control VM/server group
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
"name": "ERELGROUP1",
"type": "Microsoft.Security/applicationWhitelistings",
"location": "centralus",
"properties": {
"recommendationStatus": "Recommended",
"enforcementMode": "Audit",
"protectionMode": {
"exe": "Audit",
"msi": "Audit",
"script": "None"
},
"vmRecommendations": [
{
"configurationStatus": "Configured",
"resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
"recommendationAction": "Recommended",
"enforcementSupport": "Supported"
},
{
"configurationStatus": "Configured",
"resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
"recommendationAction": "Recommended",
"enforcementSupport": "Supported"
}
],
"pathRecommendations": [
{
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"type": "PublisherSignature",
"publisherInfo": {
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"productName": "*",
"binaryName": "*",
"version": "0.0.0.0"
},
"common": true,
"action": "Recommended",
"usernames": [
{
"username": "Everyone",
"recommendationAction": "Recommended"
}
],
"userSids": [
"S-1-1-0"
],
"fileType": "Exe",
"configurationStatus": "Configured"
},
{
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"type": "ProductSignature",
"publisherInfo": {
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"productName": "MICROSOFT® COREXT",
"binaryName": "*",
"version": "0.0.0.0"
},
"common": true,
"action": "Recommended",
"usernames": [
{
"username": "NT AUTHORITY\\SYSTEM",
"recommendationAction": "Recommended"
}
],
"userSids": [
"S-1-1-0"
],
"fileType": "Exe",
"configurationStatus": "Configured"
},
{
"path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
"type": "PublisherSignature",
"publisherInfo": {
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"productName": "*",
"binaryName": "*",
"version": "0.0.0.0"
},
"common": true,
"action": "Recommended",
"usernames": [
{
"username": "NT AUTHORITY\\SYSTEM",
"recommendationAction": "Recommended"
}
],
"userSids": [
"S-1-1-0"
],
"fileType": "Exe",
"configurationStatus": "Configured"
},
{
"path": "C:\\directory\\file.exe",
"type": "File",
"common": true,
"action": "Add",
"usernames": [
{
"username": "Everyone",
"recommendationAction": "Recommended"
}
],
"userSids": [
"S-1-1-0"
],
"fileType": "Exe",
"configurationStatus": "Configured"
}
],
"configurationStatus": "Configured",
"issues": [],
"sourceSystem": "Azure_AppLocker"
}
}
Definitions
Name | Description |
---|---|
Adaptive |
|
Adaptive |
An alert that machines within a group can have |
Adaptive |
Represents a summary of the alerts of the machine group |
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
Configuration |
The configuration status of the machines group or machine or rule |
Enforcement |
The application control policy enforcement/protection mode of the machine group |
Enforcement |
The machine supportability of Enforce feature |
Error |
The resource management error additional info. |
File |
The type of the file (for Linux files - Executable is used) |
Path |
Represents a path that is recommended to be allowed and its properties |
Protection |
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux. |
Publisher |
Represents the publisher information of a process/rule |
Recommendation |
The recommendation action of the machine or rule |
Recommendation |
The initial recommendation status of the machine group or machine |
Recommendation |
The type of the rule to be allowed |
Source |
The source type of the machine group |
User |
Represents a user that is recommended to be allowed for a certain rule |
Vm |
Represents a machine that is part of a machine group |
AdaptiveApplicationControlGroup
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
location |
string |
Location where the resource is stored |
name |
string |
Resource name |
properties.configurationStatus |
The configuration status of the machines group or machine or rule |
|
properties.enforcementMode |
The application control policy enforcement/protection mode of the machine group |
|
properties.issues |
Represents a summary of the alerts of the machine group |
|
properties.pathRecommendations |
Represents a path that is recommended to be allowed and its properties |
|
properties.protectionMode |
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux. |
|
properties.recommendationStatus |
The initial recommendation status of the machine group or machine |
|
properties.sourceSystem |
The source type of the machine group |
|
properties.vmRecommendations |
Represents a machine that is part of a machine group |
|
type |
string |
Resource type |
AdaptiveApplicationControlIssue
An alert that machines within a group can have
Name | Type | Description |
---|---|---|
ExecutableViolationsAudited |
string |
|
MsiAndScriptViolationsAudited |
string |
|
MsiAndScriptViolationsBlocked |
string |
|
RulesViolatedManually |
string |
|
ViolationsAudited |
string |
|
ViolationsBlocked |
string |
AdaptiveApplicationControlIssueSummary
Represents a summary of the alerts of the machine group
Name | Type | Description |
---|---|---|
issue |
An alert that machines within a group can have |
|
numberOfVms |
number |
The number of machines in the group that have this alert |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ConfigurationStatus
The configuration status of the machines group or machine or rule
Name | Type | Description |
---|---|---|
Configured |
string |
|
Failed |
string |
|
InProgress |
string |
|
NoStatus |
string |
|
NotConfigured |
string |
EnforcementMode
The application control policy enforcement/protection mode of the machine group
Name | Type | Description |
---|---|---|
Audit |
string |
|
Enforce |
string |
|
None |
string |
EnforcementSupport
The machine supportability of Enforce feature
Name | Type | Description |
---|---|---|
NotSupported |
string |
|
Supported |
string |
|
Unknown |
string |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
FileType
The type of the file (for Linux files - Executable is used)
Name | Type | Description |
---|---|---|
Dll |
string |
|
Exe |
string |
|
Executable |
string |
|
Msi |
string |
|
Script |
string |
|
Unknown |
string |
PathRecommendation
Represents a path that is recommended to be allowed and its properties
Name | Type | Description |
---|---|---|
action |
The recommendation action of the machine or rule |
|
common |
boolean |
Whether the application is commonly run on the machine |
configurationStatus |
The configuration status of the machines group or machine or rule |
|
fileType |
The type of the file (for Linux files - Executable is used) |
|
path |
string |
The full path of the file, or an identifier of the application |
publisherInfo |
Represents the publisher information of a process/rule |
|
type |
The type of the rule to be allowed |
|
userSids |
string[] |
A security identifier |
usernames |
Represents a user that is recommended to be allowed for a certain rule |
ProtectionMode
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
Name | Type | Description |
---|---|---|
exe |
The application control policy enforcement/protection mode of the machine group |
|
executable |
The application control policy enforcement/protection mode of the machine group |
|
msi |
The application control policy enforcement/protection mode of the machine group |
|
script |
The application control policy enforcement/protection mode of the machine group |
PublisherInfo
Represents the publisher information of a process/rule
Name | Type | Description |
---|---|---|
binaryName |
string |
The "OriginalName" field taken from the file's version resource |
productName |
string |
The product name taken from the file's version resource |
publisherName |
string |
The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country |
version |
string |
The binary file version taken from the file's version resource |
RecommendationAction
The recommendation action of the machine or rule
Name | Type | Description |
---|---|---|
Add |
string |
|
Recommended |
string |
|
Remove |
string |
RecommendationStatus
The initial recommendation status of the machine group or machine
Name | Type | Description |
---|---|---|
NoStatus |
string |
|
NotAvailable |
string |
|
NotRecommended |
string |
|
Recommended |
string |
RecommendationType
The type of the rule to be allowed
Name | Type | Description |
---|---|---|
BinarySignature |
string |
|
File |
string |
|
FileHash |
string |
|
ProductSignature |
string |
|
PublisherSignature |
string |
|
VersionAndAboveSignature |
string |
SourceSystem
The source type of the machine group
Name | Type | Description |
---|---|---|
Azure_AppLocker |
string |
|
Azure_AuditD |
string |
|
NonAzure_AppLocker |
string |
|
NonAzure_AuditD |
string |
|
None |
string |
UserRecommendation
Represents a user that is recommended to be allowed for a certain rule
Name | Type | Description |
---|---|---|
recommendationAction |
The recommendation action of the machine or rule |
|
username |
string |
Represents a user that is recommended to be allowed for a certain rule |
VmRecommendation
Represents a machine that is part of a machine group
Name | Type | Description |
---|---|---|
configurationStatus |
The configuration status of the machines group or machine or rule |
|
enforcementSupport |
The machine supportability of Enforce feature |
|
recommendationAction |
The recommendation action of the machine or rule |
|
resourceId |
string |
The full resource id of the machine |