Microsoft Azure Virtual Network

the microsoft azure virtual network connector provides automation capabilities for managing network security groups within azure environments microsoft azure virtual network is a foundational service enabling secure and scalable network infrastructure for azure deployments this connector allows users to manage network security groups, control traffic flow, and update network configurations within azure environments directly from the swimlane turbine platform by integrating with azure virtual network, swimlane turbine users can automate network security tasks, optimize traffic routing, and enhance overall security posture with ease prerequisites to utilize the microsoft azure virtual network connector in swimlane, ensure you have the following prerequisites oauth 2 0 client credentials for authentication with the following parameters url endpoint for the azure management api client id application (client) id registered in azure client secret secret generated for the registered application token url url to retrieve the oauth2 token action setup to run the incident management actions, you need a resource group name , subscription id and network security group name steps to create the azure app go to the app registration page https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade in the azure portal click new registration enter a name for your new application and choose accounts in this organizational directory only , then click register at the bottom navigate to the api permissions tab on the left navigation menu select add a permission add the following permissions user impersonation navigate to the certificates & secrets tab and select new client secret fill out the description and expiration, then click the add button at the bottom the value of the secret you just created is the client secret needed for the swimlane asset navigate to the overview tab on the left menu the client id and tenant id needed in the asset are shown on this page go back to the main azure portal windows, and click on your app overview copy the following values resource group name subscription id network security group name capabilities the microsoft azure virtual network connector provides the following capabilities create or update delete get list list all update tags api documentation https //learn microsoft com/en us/rest/api/virtualnetwork/network security groups?view=rest virtualnetwork 2023 09 01 https //learn microsoft com/en us/rest/api/virtualnetwork/network security groups?view=rest virtualnetwork 2023 09 01 configurations microsoft azure virtual network authentication authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required scope scopes for this asset array optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create or update creates or updates a network security group within a specified resource group in microsoft azure virtual network endpoint url /subscriptions/{subscriptionid}/resourcegroups/{resourcegroupname}/providers/microsoft network/networksecuritygroups/{networksecuritygroupname} method put input argument name type required description networksecuritygroupname string required the name of the network security group resourcegroupname string required the name of the resource group subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version id string optional resource id location string optional resource location properties object optional parameter for create or update flushconnection boolean optional when enabled, flows created from network security group connections will be re evaluated when rules are updates initial enablement will trigger re evaluation securityrules array optional a collection of security rules of the network security group etag string optional a unique read only string that changes whenever the resource is updated id string optional resource id name string optional the name of the resource that is unique within a resource group this name can be used to access the resource properties array optional parameter for create or update access string optional the network traffic is allowed or denied description string optional a description for this rule restricted to 140 chars destinationaddressprefix string optional the destination address prefix cidr or destination ip range asterisk ' ' can also be used to match all source ips default tags such as 'virtualnetwork', 'azureloadbalancer' and 'internet' can also be used destinationaddressprefixes array optional the destination address prefixes cidr or destination ip ranges destinationapplicationsecuritygroups array optional the application security group specified as destination destinationportrange string optional the destination port or range integer or range between 0 and 65535 asterisk ' ' can also be used to match all ports destinationportranges array optional the destination port ranges direction string optional the direction of the rule the direction specifies if rule will be evaluated on incoming or outgoing traffic priority number optional the priority of the rule the value can be between 100 and 4096 the priority number must be unique for each rule in the collection the lower the priority number, the higher the priority of the rule protocol string optional network protocol this rule applies to provisioningstate string optional the provisioning state of the security rule resource sourceaddressprefix string optional the cidr or source ip range asterisk ' ' can also be used to match all source ips default tags such as 'virtualnetwork', 'azureloadbalancer' and 'internet' can also be used if this is an ingress rule, specifies where network traffic originates from output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource id string unique identifier type string type of the resource location string output field location properties object output field properties provisioningstate string output field provisioningstate flushconnection boolean output field flushconnection securityrules array output field securityrules file name string name of the resource file string output field file defaultsecurityrules array output field defaultsecurityrules name string name of the resource id string unique identifier properties object output field properties provisioningstate string output field provisioningstate description string output field description protocol string output field protocol sourceportrange string output field sourceportrange destinationportrange string output field destinationportrange sourceaddressprefix string output field sourceaddressprefix destinationaddressprefix string output field destinationaddressprefix access string output field access priority number output field priority example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "name" "testnsg", "id" "/subscriptions/subid/resourcegroups/rg1/providers/microsoft network/networksecur ", "type" "microsoft network/networksecuritygroups", "location" "eastus", "properties" {} } } ] delete deletes a specified network security group in microsoft azure virtual network, requiring the networksecuritygroupname, resourcegroupname, and subscriptionid endpoint url /subscriptions/{subscriptionid}/resourcegroups/{resourcegroupname}/providers/microsoft network/networksecuritygroups/{networksecuritygroupname} method delete input argument name type required description networksecuritygroupname string required the name of the network security group resourcegroupname string required the name of the resource group subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version get retrieves details of a specified network security group in microsoft azure virtual network using resource and subscription identifiers endpoint url /subscriptions/{subscriptionid}/resourcegroups/{resourcegroupname}/providers/microsoft network/networksecuritygroups/{networksecuritygroupname} method get input argument name type required description networksecuritygroupname string required the name of the network security group resourcegroupname string required the name of the resource group subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version $expand string optional expands referenced resources output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource id string unique identifier type string type of the resource location string output field location properties object output field properties provisioningstate string output field provisioningstate securityrules array output field securityrules name string name of the resource id string unique identifier properties object output field properties provisioningstate string output field provisioningstate protocol string output field protocol sourceportrange string output field sourceportrange destinationportrange string output field destinationportrange sourceaddressprefix string output field sourceaddressprefix destinationaddressprefix string output field destinationaddressprefix access string output field access priority number output field priority direction string output field direction defaultsecurityrules array output field defaultsecurityrules name string name of the resource id string unique identifier properties object output field properties example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "name" "testnsg", "id" "/subscriptions/subid/resourcegroups/rg1/providers/microsoft network/networksecur ", "type" "microsoft network/networksecuritygroups", "location" "westus", "properties" {} } } ] list retrieve all network security groups within a specified resource group in microsoft azure virtual network endpoint url /subscriptions/{subscriptionid}/resourcegroups/{resourcegroupname}/providers/microsoft network/networksecuritygroups method get input argument name type required description resourcegroupname string required the name of the resource group subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter name string name of the resource id string unique identifier type string type of the resource location string output field location properties object output field properties provisioningstate string output field provisioningstate securityrules array output field securityrules file name string name of the resource file string output field file defaultsecurityrules array output field defaultsecurityrules name string name of the resource id string unique identifier properties object output field properties provisioningstate string output field provisioningstate description string output field description protocol string output field protocol sourceportrange string output field sourceportrange destinationportrange string output field destinationportrange sourceaddressprefix string output field sourceaddressprefix destinationaddressprefix string output field destinationaddressprefix access string output field access priority number output field priority example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "value" \[] } } ] list all retrieves all network security groups within a specified azure subscription using the provided subscriptionid and api version endpoint url /subscriptions/{subscriptionid}/providers/microsoft network/networksecuritygroups method get input argument name type required description subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter name string name of the resource id string unique identifier type string type of the resource location string output field location properties object output field properties provisioningstate string output field provisioningstate securityrules array output field securityrules file name string name of the resource file string output field file defaultsecurityrules array output field defaultsecurityrules name string name of the resource id string unique identifier properties object output field properties provisioningstate string output field provisioningstate description string output field description protocol string output field protocol sourceportrange string output field sourceportrange destinationportrange string output field destinationportrange sourceaddressprefix string output field sourceaddressprefix destinationaddressprefix string output field destinationaddressprefix access string output field access priority number output field priority example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "value" \[] } } ] update tags updates tags for a specified network security group in microsoft azure virtual network, requiring networksecuritygroupname, resourcegroupname, and subscriptionid endpoint url /subscriptions/{subscriptionid}/resourcegroups/{resourcegroupname}/providers/microsoft network/networksecuritygroups/{networksecuritygroupname} method patch input argument name type required description networksecuritygroupname string required the name of the network security group resourcegroupname string required the name of the resource group subscriptionid string required the subscription credentials which uniquely identify the microsoft azure subscription the subscription id forms part of the uri for every service call api version string required client api version tags object optional parameter for update tags output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource id string unique identifier type string type of the resource location string output field location tags object output field tags tag1 string output field tag1 tag2 string output field tag2 properties object output field properties provisioningstate string output field provisioningstate securityrules array output field securityrules file name string name of the resource file string output field file defaultsecurityrules array output field defaultsecurityrules name string name of the resource id string unique identifier properties object output field properties provisioningstate string output field provisioningstate description string output field description protocol string output field protocol sourceportrange string output field sourceportrange destinationportrange string output field destinationportrange sourceaddressprefix string output field sourceaddressprefix destinationaddressprefix string output field destinationaddressprefix example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "name" "testnsg", "id" "/subscriptions/subid/resourcegroups/rg1/providers/microsoft network/networksecur ", "type" "microsoft network/networksecuritygroups", "location" "westus", "tags" {}, "properties" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 2 may 2024 20 37 23 gmt