/
ASC_APIMApiEndpointsShouldbeAuthenticated_AINE.json
53 lines (53 loc) · 1.81 KB
/
ASC_APIMApiEndpointsShouldbeAuthenticated_AINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{
"properties": {
"displayName": "API endpoints in Azure API Management should be authenticated",
"policyType": "BuiltIn",
"mode": "All",
"description": "API endpoints published within Azure API Management should enforce authentication to help minimize security risk. Authentication mechanisms are sometimes implemented incorrectly or are missing. This allows attackers to exploit implementation flaws and to access data. Learn More about the OWASP API Threat for Broken User Authentication here: https://learn.microsoft.com/azure/api-management/mitigate-owasp-api-threats#broken-user-authentication",
"metadata": {
"category": "Security Center",
"version": "1.0.1"
},
"version": "1.0.1",
"parameters": {
"effect": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.ApiManagement/service/apis/operations"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/assessments",
"name": "91af2040-7874-4659-abf0-578e1f8d07dc",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
}
}
}
},
"versions": [
"1.0.1",
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/8ac833bd-f505-48d5-887e-c993a1d3eea0",
"name": "8ac833bd-f505-48d5-887e-c993a1d3eea0"
}