Defender For Storage - Create

Reference

Service:: Defender for Cloud

API Version:: 2022-12-01-preview

Creates or updates the Defender for Storage settings on a specified storage account.

PUT https://management.azure.com/{resourceId}/providers/Microsoft.Security/defenderForStorageSettings/current?api-version=2022-12-01-preview

URI Parameters

Name In Required Type Description

Name	In	Required	Type	Description
resourceId	path	True	string	The identifier of the resource.
settingName	path	True	settingName	Defender for Storage setting name. Regex pattern: `^[a-z][a-z0-9]*$`
api-version	query	True	string	API version for the operation

resourceId

path

True

string

The identifier of the resource.

settingName

path

True

settingName

Defender for Storage setting name.

Regex pattern: ^[a-z][a-z0-9]*$

api-version

query

True

string

API version for the operation

Request Body

Name	Type	Description
properties	DefenderForStorageSettingProperties	Defender for Storage resource properties.

Responses

Name	Type	Description
200 OK	DefenderForStorageSetting	Successful request to create or update Defender for Storage settings.
201 Created	DefenderForStorageSetting	Request to create or update Defender for Storage settings partially succeeded.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Creates or updates the Defender for Storage settings on a specified resource.

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount/providers/Microsoft.Security/defenderForStorageSettings/current?api-version=2022-12-01-preview

{
  "properties": {
    "isEnabled": true,
    "malwareScanning": {
      "onUpload": {
        "isEnabled": true,
        "capGBPerMonth": -1
      },
      "scanResultsEventGridTopicResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic"
    },
    "sensitiveDataDiscovery": {
      "isEnabled": true
    },
    "overrideSubscriptionLevelSettings": true
  }
}


import com.azure.resourcemanager.security.models.SettingName;

/**
 * Samples for DefenderForStorage Create.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2022-12-01-preview/examples/DefenderForStorage
     * /PutDefenderForStorageSettings_example.json
     */
    /**
     * Sample code: Creates or updates the Defender for Storage settings on a specified resource.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createsOrUpdatesTheDefenderForStorageSettingsOnASpecifiedResource(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.defenderForStorages().define(SettingName.CURRENT).withExistingResourceId(
            "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount")
            .withIsEnabled(true).withOverrideSubscriptionLevelSettings(true)
            .withScanResultsEventGridTopicResourceId(
                "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic")
            .withIsEnabledMalwareScanningIsEnabled(true).withCapGBPerMonth(-1)
            .withIsEnabledSensitiveDataDiscoveryIsEnabled(true).create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-12-01-preview/examples/DefenderForStorage/PutDefenderForStorageSettings_example.json
func ExampleDefenderForStorageClient_Create() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDefenderForStorageClient().Create(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount", armsecurity.SettingNameCurrent, armsecurity.DefenderForStorageSetting{
		Properties: &armsecurity.DefenderForStorageSettingProperties{
			IsEnabled: to.Ptr(true),
			MalwareScanning: &armsecurity.MalwareScanningProperties{
				OnUpload: &armsecurity.OnUploadProperties{
					CapGBPerMonth: to.Ptr[int32](-1),
					IsEnabled:     to.Ptr(true),
				},
				ScanResultsEventGridTopicResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic"),
			},
			OverrideSubscriptionLevelSettings: to.Ptr(true),
			SensitiveDataDiscovery: &armsecurity.SensitiveDataDiscoveryProperties{
				IsEnabled: to.Ptr(true),
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DefenderForStorageSetting = armsecurity.DefenderForStorageSetting{
	// 	Name: to.Ptr("current"),
	// 	Type: to.Ptr("Microsoft.Security/defenderForStorageSettings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount/providers/Microsoft.Security/defenderForStorageSettings/current"),
	// 	Properties: &armsecurity.DefenderForStorageSettingProperties{
	// 		IsEnabled: to.Ptr(true),
	// 		MalwareScanning: &armsecurity.MalwareScanningProperties{
	// 			OnUpload: &armsecurity.OnUploadProperties{
	// 				CapGBPerMonth: to.Ptr[int32](-1),
	// 				IsEnabled: to.Ptr(true),
	// 			},
	// 			OperationStatus: &armsecurity.OperationStatus{
	// 				Code: to.Ptr("Succeeded"),
	// 			},
	// 			ScanResultsEventGridTopicResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic"),
	// 		},
	// 		OverrideSubscriptionLevelSettings: to.Ptr(true),
	// 		SensitiveDataDiscovery: &armsecurity.SensitiveDataDiscoveryProperties{
	// 			IsEnabled: to.Ptr(true),
	// 			OperationStatus: &armsecurity.OperationStatus{
	// 				Code: to.Ptr("Succeeded"),
	// 			},
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the Defender for Storage settings on a specified storage account.
 *
 * @summary Creates or updates the Defender for Storage settings on a specified storage account.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-12-01-preview/examples/DefenderForStorage/PutDefenderForStorageSettings_example.json
 */
async function createsOrUpdatesTheDefenderForStorageSettingsOnASpecifiedResource() {
  const resourceId =
    "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount";
  const settingName = "current";
  const defenderForStorageSetting = {
    capGBPerMonth: -1,
    isEnabledPropertiesMalwareScanningOnUploadIsEnabled: true,
    overrideSubscriptionLevelSettings: true,
    scanResultsEventGridTopicResourceId:
      "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic",
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.defenderForStorage.create(
    resourceId,
    settingName,
    defenderForStorageSetting,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-12-01-preview/examples/DefenderForStorage/PutDefenderForStorageSettings_example.json
// this example is just showing the usage of "DefenderForStorage_Create" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DefenderForStorageSettingResource created on azure
// for more information of creating DefenderForStorageSettingResource, please refer to the document of DefenderForStorageSettingResource
string resourceId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount";
DefenderForStorageSettingName settingName = DefenderForStorageSettingName.Current;
ResourceIdentifier defenderForStorageSettingResourceId = DefenderForStorageSettingResource.CreateResourceIdentifier(resourceId, settingName);
DefenderForStorageSettingResource defenderForStorageSetting = client.GetDefenderForStorageSettingResource(defenderForStorageSettingResourceId);

// invoke the operation
DefenderForStorageSettingName settingName0 = DefenderForStorageSettingName.Current;
DefenderForStorageSettingData data = new DefenderForStorageSettingData()
{
    IsEnabled = true,
    IsOverrideSubscriptionLevelSettingsEnabled = true,
    IsSensitiveDataDiscoveryEnabled = true,
    ScanResultsEventGridTopicResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic"),
    IsMalwareScanningOnUploadEnabled = true,
    CapGBPerMonth = -1,
};
ArmOperation<DefenderForStorageSettingResource> lro = await defenderForStorageSetting.UpdateAsync(WaitUntil.Completed, settingName0, data);
DefenderForStorageSettingResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DefenderForStorageSettingData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount/providers/Microsoft.Security/defenderForStorageSettings/current",
  "type": "Microsoft.Security/defenderForStorageSettings",
  "name": "current",
  "properties": {
    "isEnabled": true,
    "malwareScanning": {
      "onUpload": {
        "isEnabled": true,
        "capGBPerMonth": -1
      },
      "scanResultsEventGridTopicResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.EventGrid/topics/sampletopic",
      "operationStatus": {
        "code": "Succeeded"
      }
    },
    "sensitiveDataDiscovery": {
      "isEnabled": true,
      "operationStatus": {
        "code": "Succeeded"
      }
    },
    "overrideSubscriptionLevelSettings": true
  }
}

Status code:: 201

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Storage/storageAccounts/samplestorageaccount/providers/Microsoft.Security/defenderForStorageSettings/current",
  "type": "Microsoft.Security/defenderForStorageSettings",
  "name": "current",
  "properties": {
    "isEnabled": true,
    "malwareScanning": {
      "onUpload": {
        "isEnabled": false,
        "capGBPerMonth": -1
      },
      "operationStatus": {
        "code": "UnknownError",
        "message": "Failed to setup data scanner."
      }
    },
    "sensitiveDataDiscovery": {
      "isEnabled": false,
      "operationStatus": {
        "code": "UnknownError",
        "message": "Failed to setup data scanner."
      }
    },
    "overrideSubscriptionLevelSettings": true
  }
}

Definitions

Name	Description
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
DefenderForStorageSetting	The Defender for Storage resource.
DefenderForStorageSettingProperties	Defender for Storage resource properties.
ErrorAdditionalInfo	The resource management error additional info.
MalwareScanningProperties	Properties of Malware Scanning.
OnUploadProperties	Properties of On Upload malware scanning.
OperationStatus	A status describing the success/failure of the enablement/disablement operation.
SensitiveDataDiscoveryProperties	Properties of Sensitive Data Discovery.
settingName	Defender for Storage setting name.

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

DefenderForStorageSetting

The Defender for Storage resource.

Name	Type	Description
id	string	Resource Id
name	string	Resource name
properties	DefenderForStorageSettingProperties	Defender for Storage resource properties.
type	string	Resource type

DefenderForStorageSettingProperties

Defender for Storage resource properties.

Name	Type	Description
isEnabled	boolean	Indicates whether Defender for Storage is enabled on this storage account.
malwareScanning	MalwareScanningProperties	Properties of Malware Scanning.
overrideSubscriptionLevelSettings	boolean	Indicates whether the settings defined for this storage account should override the settings defined for the subscription.
sensitiveDataDiscovery	SensitiveDataDiscoveryProperties	Properties of Sensitive Data Discovery.

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

MalwareScanningProperties

Properties of Malware Scanning.

Name	Type	Description
onUpload	OnUploadProperties	Properties of On Upload malware scanning.
operationStatus	OperationStatus	Upon failure or partial success. Additional data describing Malware Scanning enable/disable operation.
scanResultsEventGridTopicResourceId	string	Optional. Resource id of an Event Grid Topic to send scan results to.

OnUploadProperties

Properties of On Upload malware scanning.

Name	Type	Description
capGBPerMonth	integer	Defines the max GB to be scanned per Month. Set to -1 if no capping is needed.
isEnabled	boolean	Indicates whether On Upload malware scanning should be enabled.

OperationStatus

A status describing the success/failure of the enablement/disablement operation.

Name	Type	Description
code	string	The operation status code.
message	string	Additional information regarding the success/failure of the operation.

SensitiveDataDiscoveryProperties

Properties of Sensitive Data Discovery.

Name	Type	Description
isEnabled	boolean	Indicates whether Sensitive Data Discovery should be enabled.
operationStatus	OperationStatus	Upon failure or partial success. Additional data describing Sensitive Data Discovery enable/disable operation.

settingName

Defender for Storage setting name.

Name	Type	Description
current	string	Name of the Defender for Storage Settings name.

Share via

Defender For Storage - Create

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Creates or updates the Defender for Storage settings on a specified resource.

Sample request

Sample response

Definitions

CloudError

CloudErrorBody

DefenderForStorageSetting

DefenderForStorageSettingProperties

ErrorAdditionalInfo

MalwareScanningProperties

OnUploadProperties

OperationStatus

SensitiveDataDiscoveryProperties

settingName

Additional resources