Request Types

When writing your own checks for Azure, you can list the aggregate JSON document by using a request type without json_transform, regex or expect fields.

The following lists currently supported action types and their API endpoints.

For more information, see the Azure REST API Reference.

User/role

  • listUsers - uri: 'https://graph.microsoft.com/v1.0/users');
  • listRoleAssignments - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Authorization/roleassignments?api-version=2017-10-01-preview'
  • listRoleDefinitions - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Authorization/roleDefinitions?api-version=2017-05-01
  • listSQLServerAdmins - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/administrators?api-version=2014-04-01

  • listGuestUsers - uri: 'https://graph.microsoft.com/v1.0/users?$select=userType%2CdisplayName%2Cid%2CuserPrincipalName&$filter=userType eq 'Guest''

  • listDirectoryRoles - uri: 'https://graph.microsoft.com/v1.0/directoryRoles', context: 'roleID'

  • listGroups - uri: 'https://graph.microsoft.com/v1.0/groups?$select=displayName,mail,visibility'

  • listDirectoryRoleMembers - uri: 'https://graph.microsoft.com/v1.0/directoryRoles/{roleID}/members'

  • listUserMembership - uri: 'https://graph.microsoft.com/v1.0/users/{userID}/memberOf'

General

  • listSubscriptions - uri: 'https://management.azure.com/subscriptions?api-version=2015-01-01
  • listResourceGroups - uri: 'https://management.azure.com/subscriptions/{subscription}/resourcegroups?api-version=2015-01-01

  • listPricings - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/providers/Microsoft.Security/pricings?api-version=2018-06-01%27'

Device

  • listDeviceManagement - uri: "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations"

  • listDeviceCompliancePolicies - uri: "https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies"

EBook

  • listEBooks - uri: "https://graph.microsoft.com/v1.0/deviceAppManagement/managedEBooks"

Intune Apps

  • listMobileApps - uri: "https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps"

  • listMobileAppConfigurations - uri: "https://graph.microsoft.com/v1.0/deviceAppManagement/mobileAppConfigurations"

Microsoft 365

  • listGraphDirectoryRoles - uri: 'https://graph.microsoft.com/v1.0/directoryRoles'

  • listSkus - uri: 'https://graph.microsoft.com/v1.0/subscribedSkus'

  • listApplications - uri: 'https://graph.microsoft.com/v1.0/applications'

  • listOrganization - uri: 'https://graph.microsoft.com/v1.0/organization'

  • listDomains - uri: 'https://graph.microsoft.com/v1.0/domains'

  • listSecureScores - uri: "https://graph.microsoft.com/v1.0/security/secureScores"

  • listSecureScoreProfile - uri: "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles"

  • listDirectoryAudits - uri: 'https://graph.microsoft.com/v1.0/auditLogs/directoryAudits'

  • listIdentitySecurityDefaultsEnforcementPolicy - uri: 'https://graph.microsoft.com/v1.0/policies/identitySecurityDefaultsEnforcementPolicy'

  • listComplianceStandards - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/providers/Microsoft.Security/regulatoryComplianceStandards?api-version=2019-01-01-preview%27'

  • listSecurityCenterSettings - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/providers/Microsoft.Security/settings?api-version=2019-01-01%27'

SQL Servers/DBs

  • listSQLServers - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Sql/servers?api-version=2015-05-01-preview
  • listSQLServersByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers?api-version=2015-05-01-preview
  • listMYSQLServersByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.DBforMySQL/servers?api-version=2017-12-01
  • listPostgreSQLServersByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.DBforPostgreSQL/servers?api-version=2017-12-01
  • listPostgreSQLServerConfigurations - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.DBforPostgreSQL/servers/{pgservers}/configurations?api-version=2017-12-01
  • listSQLServerDatabases - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/databases?api-version=2017-10-01-preview
  • listSQLServerFirewallRules - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/firewallrules?api-version=2014-04-01

  • listMYSQLServersConfigurations - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/Microsoft.DBforMySQL/servers/%7Bserver%7D/configurations?api-version=2017-12-01%27'

  • listMYSQLFlexibleServersByResourceGroup - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/Microsoft.DBforMySQL/flexibleServers?api-version=2021-12-01-preview%27'

  • listMYSQLFlexibleServersConfigurations - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/Microsoft.DBforMySQL/flexibleServers/%7Bserver%7D/configurations?api-version=2021-12-01-preview%27

  • getSQLDBAuditingPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/databases/{sqldb}/auditingPolicies/Default?api-version=2014-04-01
  • getSQLDBBlobAuditingPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/databases/{sqldb}/auditingSettings/default?api-version=2017-03-01-preview
  • getSQLServerBlobAuditingPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/auditingSettings/default?api-version=2017-03-01-preview
  • getSQLServerAuditingPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/auditingSettings/default?api-version=2017-03-01-preview
  • getSQLServerSecurityAlertPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/securityAlertPolicies/default?api-version=2017-03-01-preview
  • getSQLDBSecurityAlertPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/databases/{sqldb}/securityAlertPolicies/default?api-version=2014-01-01
  • getSQLDBTransparentDataEncryptions - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/databases/{sqldb}/transparentDataEncryption/current?api-version=2014-04-01'
  • getSQLServerEncryptionProtector - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Sql/servers/{sqlservers}/encryptionProtector?api-version=2015-05-01-preview'

  • getDatabaseVulnerabilityAssessments - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/Microsoft.Sql/servers/%7Bsqlservers%7D/databases/%7Bsqldb%7D/vulnerabilityAssessments/default?api-version=2017-03-01-preview%27'

Storage Services

  • listStorageAccounts - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/microsoft.storage/storageAccounts?api-version=2018-02-01'
  • listDisksByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Compute/disks?api-version=2018-06-01'
  • listDisksBySubscription - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Compute/disks?api-version=2017-03-30'

Websites

  • listWebSitesByGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Web/sites?api-version=2016-08-01

VMs

  • listVMs - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Compute/virtualMachines?api-version=2017-12-01'
  • listVMExtensions - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Compute/virtualMachines/{vmname}/extensions?api-version=2017-12-01'
  • listVMInstanceView - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Compute/virtualMachines/{vmname}/instanceView?api-version=2017-12-01'

Network

  • listNetworkSecurityGroups - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Network/networkSecurityGroups?api-version=2018-02-01'
  • listNetworkWatcher - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Network/networkWatchers?api-version=2018-02-01'

  • listNetworkWatcherFlowLogs - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/Microsoft.Network/networkWatchers/%7BnetworkWatcherName%7D/flowLogs?api-version=2020-07-01%27'

Vaults/Policies

  • listVaultDiagnosticSetting - uri: 'https://management.azure.com{vaultResourceID}/providers/microsoft.insights/diagnosticSettings?api-version=2017-05-01-preview'
  • listVaultsByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.KeyVault/vaults?api-version=2016-10-01'
  • listSecurityPolicies - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/microsoft.Security/policies?api-version=2015-06-01-preview'
  • listLogProfiles - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/microsoft.insights/logprofiles?api-version=2016-03-01'
  • listActivityLogAlert - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/microsoft.insights/activityLogAlerts?api-version=2017-04-01'
  • listManagementLocksByResourceGroup - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Authorization/locks?api-version=2016-09-01'
  • listAutoProvisioningSettings - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Security/autoProvisioningSettings/default?api-version=2017-08-01-preview'
  • listSecurityCenterBuiltIns - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn?api-version=2018-05-01'
  • listSecurityContacts - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Security/securityContacts?api-version=2017-08-01-preview'

  • listActivityLogAlertByResourceGroup - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/resourceGroups/%7Bgroup%7D/providers/microsoft.insights/activityLogAlerts?api-version=2017-04-01%27'

  • listActivityLogAlertBySubscription - uri: 'https://graph.mmanagement.azure.comicrosoft.com/subscriptions/%7Bsubscription%7D/providers/microsoft.insights/activityLogAlerts?api-version=2017-04-01%27'

Kubernetes/Web Apps

  • listAksManagedClusters - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.ContainerService/managedClusters?api-version=2019-02-01'
  • listWebApps - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Web/sites?api-version=2016-08-01'
  • listAppServiceEnvironment - uri: 'https://management.azure.com/subscriptions/{subscription}/providers/Microsoft.Web/hostingEnvironments?api-version=2016-09-01'
  • listAppConfig - uri: 'https://management.azure.com/subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Web/sites/{webapps}/config?api-version=2016-08-01'