diff --git a/specs/SHIELD.json b/specs/SHIELD.json index 1f5116b..8fd6bef 100644 --- a/specs/SHIELD.json +++ b/specs/SHIELD.json @@ -1113,7 +1113,7 @@ }, "Deploy.ConfigurationItem": { "title": "Deploy - Configuration Item List", - "description": "", + "description": "Collection of objects representing the configuration items with curated properties and values in user-friendly format.", "type": "array", "items": { "description": "", @@ -1140,6 +1140,19 @@ ] ] }, + "deployState": { + "type": "string", + "description": "Indicator of the infrastructure configuration item's current state. Mutated means that the item has been modified by the end user outside of SHIELD.", + "enum": [ + "notDeployed", + "deployed", + "Mutated", + "error" + ], + "examples": [ + "deployed" + ] + }, "groupTagList": { "type": "array", "description": "List of metadata tags that indicate which deployment sets the configuration item is compatible with.", @@ -1253,6 +1266,7 @@ }, "required": [ "childDependencies", + "deployState", "groupTagList", "msCloudTypes", "parentDependencies", @@ -1265,6 +1279,7 @@ "7e1a2b3c-4d5f-4a8b-9e6a-1c2b7f3d8e4a", "9c2e7a1b-5d3f-4a8b-2c6e-7f1a3d9e8b5c" ], + "deployState": "deployed", "groupTagList": [ { "description": "Collection of policies covering critical conditional access settings.", @@ -1290,6 +1305,7 @@ "7e1a2b3c-4d5f-4a8b-9e6a-1c2b7f3d8e4a", "9c2e7a1b-5d3f-4a8b-2c6e-7f1a3d9e8b5c" ], + "deployState": "deployed", "groupTagList": [ { "description": "Collection of policies covering critical conditional access settings.", @@ -1310,6 +1326,7 @@ "childDependencies": [ "1c2b5d3f-7a1b-4a8b-9e6a-2e4a3b7e8c5d" ], + "deployState": "notDeployed", "groupTagList": [ { "description": "Principal containers that are used to provide assignments.", @@ -2590,7 +2607,7 @@ }, "description": "Deprive your threats of practical significance. Deploy the Securing Privilege Access architecture. All in a few seconds.", "title": "SHI Environment Lockdown and Defense", - "version": "3.0.8" + "version": "3.0.9" }, "openapi": "3.1.1", "paths": { @@ -3655,22 +3672,45 @@ "summary": "Available Configuration Items", "value": [ { - "id": "5e2a9c1f-8b3d-4f6a-9e7c-2d1f3a6b4c8e", - "name": "Core Security Group", - "description": "A core security group that contains essential security roles and permissions.", - "type": "SecurityGroup", - "isActive": true, - "createdAt": "2024-02-20T10:00:00Z", - "updatedAt": "2024-05-15T11:30:00Z" + "childDependencies": [ + "7e1a2b3c-4d5f-4a8b-9e6a-1c2b7f3d8e4a", + "9c2e7a1b-5d3f-4a8b-2c6e-7f1a3d9e8b5c" + ], + "deployState": "deployed", + "groupTagList": [ + { + "description": "Collection of policies covering critical conditional access settings.", + "displayName": "Conditional Policy", + "tagId": "3b7e2a1c-4d5f-4a8b-9e6a-2c1b7f3d8e4a" + } + ], + "msCloudTypes": [ + "Public" + ], + "parentDependencies": [ + "8e6a1c2b-7f3d-4a8b-9c2e-5d3f7a1b2e4a" + ], + "templateId": "2a1c7e3b-5d4f-4a8b-9e6a-7f3d2b1c8e4a", + "urlPath": "/identity/conditionalAccess/policies" }, { - "id": "9c7f2e1a-3b6d-4a8e-9f5c-1d2a4b7e6c3f", - "name": "Scope Tag - Confidential Data", - "description": "A scope tag designed to restrict access to confidential data resources.", - "type": "ScopeTag", - "isActive": true, - "createdAt": "2024-04-12T14:20:00Z", - "updatedAt": "2024-07-01T09:50:00Z" + "childDependencies": [ + "1c2b5d3f-7a1b-4a8b-9e6a-2e4a3b7e8c5d" + ], + "deployState": "notDeployed", + "groupTagList": [ + { + "description": "Principal containers that are used to provide assignments.", + "displayName": "Administrative Unit", + "tagId": "5d3f9c2e-7a1b-4a8b-2c6e-1a3d7e8b5c4a" + } + ], + "msCloudTypes": [ + "Public" + ], + "parentDependencies": [], + "templateId": "4a8b7e1a-2b3c-4d5f-9e6a-1c2b7f3d8e4a", + "urlPath": "/directory/administrativeUnits" } ] } @@ -3732,6 +3772,148 @@ ] } }, + "/Api/Deploy/Remediate/BreakGlass": { + "post": { + "summary": "Request to create BreakGlass security group", + "description": "Attempt to create BreakGlass security group in the tenant. If group has already been provisioned it will return the name of the group to reference.\n\nThis endpoint requires the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission). ", + "operationId": "/Api/Deploy/Remediate/BreakGlass/Post", + "responses": { + "200": { + "content": { + "application/json": { + "examples": { + "Response with data": { + "summary": "Example of the returned data", + "description": "An example of the name of the resource either created or already existing.", + "value": { + "groupName": "SHIELD - BreakGlass" + } + } + }, + "schema": { + "type": "object", + "properties": { + "groupName": { + "type": "string", + "description": "Name of the security group created now or already existing in the tenant.", + "examples": [ + "SHIELD - BreakGlass" + ] + } + }, + "required": [ + "groupName" + ], + "examples": [ + { + "groupName": "SHIELD - BreakGlass" + } + ] + } + } + }, + "description": "OK" + }, + "503": { + "description": "System requirements have not been met!" + } + }, + "tags": [ + "Deploy" + ] + } + }, + "/Api/Deploy/Remediate": { + "post": { + "summary": "Perform remediation steps to address discovered gaps in security posture", + "description": "After the user consents, perform necessary steps to deploy resources to cover the security gap.\n\nThis endpoint requires the `Deploy.ReadWrite`, or the `Everything.ReadWrite` scope (permission).", + "operationId": "/Api/Deploy/Remediate/Post", + "requestBody": { + "content": { + "application/json": { + "examples": { + "Insufficient Remediation Request": { + "description": "Someone trying to automate this application without reading the documentation.", + "summary": "Remediation Request Missing Needed Data", + "value": {} + }, + "No User Consent": { + "description": "User did not agree to the terms and conditions. This post should not have been sent.", + "summary": "User Did Not Consent", + "value": { + "remediationConsent": false, + "templateList": [ + "8e2b1c7a-4d5f-4a8b-9e6a-2c1b7f3d8e4a", + "3a7e2b1c-5d4f-4a8b-9e6a-7f2b3d1c9e45" + ] + } + }, + "User Consented": { + "description": "User agreed to the terms and conditions and pressed the remediate button.", + "summary": "User Consented", + "value": { + "remediationConsent": true, + "templateList": [ + "9c1e7a2b-5d3f-4a8b-2c6e-1a7f3d9e8b5c", + "2b3e7a1c-4d5f-4a8b-9e6a-5d1c7e2b3a4f", + "7f1a3d9e-8b5c-4a8b-2c6e-9c2e7a1b5d3f" + ] + } + } + }, + "schema": { + "properties": { + "remediationConsent": { + "description": "Flag that indicates the end user has consented to remediation steps (`true`) or not (`false`).", + "type": "boolean", + "examples": [ + true + ] + }, + "templateList": { + "description": "List of templateIds that indicate configuration items to be applied as part of remediation.", + "type": "array", + "items": { + "type": "string", + "format": "uuid", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$", + "examples": [ + "5d1c7e2b-3a4f-4a8b-9e6a-7f2b3d1c9e45" + ] + }, + "minItems": 0 + } + }, + "type": "object", + "required": [ + "remediationConsent", + "templateList" + ] + } + } + } + }, + "responses": { + "202": { + "description": "Request for remediation is accepted and process is running" + }, + "400": { + "description": "User provided information or choice are invalid for the operation" + }, + "409": { + "description": "Operation is already in progress" + }, + "503": { + "description": "System requirements have not been met!" + } + }, + "tags": [ + "Deploy" + ] + } + }, "/Api/Deploy/Compare": { "get": { "summary": "Retrieves Cached Evaluation Results", diff --git a/src/shield/TypeScript/package-lock.json b/src/shield/TypeScript/package-lock.json index c221c7e..08d6c5b 100644 --- a/src/shield/TypeScript/package-lock.json +++ b/src/shield/TypeScript/package-lock.json @@ -1,12 +1,12 @@ { "name": "@shi-corp/sdk-shield", - "version": "3.0.10", + "version": "3.0.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@shi-corp/sdk-shield", - "version": "3.0.10", + "version": "3.0.11", "license": "MIT", "dependencies": { "@microsoft/kiota-authentication-azure": "~1.0.0-preview.99", diff --git a/src/shield/TypeScript/package.json b/src/shield/TypeScript/package.json index ca48890..2ea0755 100644 --- a/src/shield/TypeScript/package.json +++ b/src/shield/TypeScript/package.json @@ -1,6 +1,6 @@ { "name": "@shi-corp/sdk-shield", - "version": "3.0.10", + "version": "3.0.11", "type": "module", "main": "bin/index.js", "description": "SDK client used to interface with the SHIELD application.",