|
コア機能
|
-
Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
-
Microsoft.ContainerService/managedClusters/read
-
Microsoft.Resources/subscriptions/resourceGroups/read
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Authorization/roleDefinitions/read
-
*/read
|
これらの権限は、コネクタをクラウドアカウントにデプロイするために必要です。
|
|
Server & Workload Protection
|
サブスクリプションの権限:
-
Microsoft.Resources/subscriptions/read
-
Microsoft.Resources/subscriptions/resourceGroups/read
-
Microsoft.Resources/providers/read
-
Microsoft.Resources/resources/read
|
|
|
仮想マシン (VM) の権限:
|
|
|
Virtual Machine Scale Set (VMSS) の権限:
|
|
|
クラシック仮想マシン (VM) の権限:
|
|
|
ネットワーク権限:
-
Microsoft.Network/networkSecurityGroups/read
-
Microsoft.Network/networkInterfaces/read
-
Microsoft.Network/publicIPAddresses/read
-
Microsoft.Network/virtualNetworks/read
|
|
|
AzureメタデータAPIの権限:
|
|
|
認証とIAM権限:
-
Microsoft.Resources/deployments/read
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Authorization/roleDefinitions/read
|
|
|
Cloud Security Posture
|
requiredResourceAccess:
|
|
|
requiredRoleAccess
-
resourceAppName: Microsoft App Configuration
ロールアクション:
- name:
Microsoft.AppConfiguration/configurationStores/ListKeyValue/action
-
resourceAppName: Microsoft Network
ロールアクション:
-
resourceAppName: Microsoft Web
ロールアクション:
-
resourceAppName: Microsoft Key Vault
dataActions:
|
|
requiredTenantScopeRoleAccess
|
|
エージェントレスによる脆弱性と脅威の検出
|
サブスクリプションの権限:
-
Microsoft.ContainerRegistry/registries/generateCredentials/action
-
Microsoft.ContainerRegistry/registries/read
-
Microsoft.ContainerRegistry/registries/pull/read
-
Microsoft.ContainerRegistry/registries/tokens/write
-
Microsoft.ContainerRegistry/registries/tokens/operationStatuses/read
-
Microsoft.ContainerRegistry/registries/scopeMaps/read
-
Microsoft.ContainerRegistry/registries/tokens/read
-
Microsoft.Compute/disks/read
-
Microsoft.Compute/virtualMachines//read
-
Microsoft.HybridCompute/machines//read
-
Microsoft.Authorization/roleAssignments/write
-
Microsoft.Authorization/roleAssignments/delete
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Compute/locations/usages/read
-
Microsoft.Quota/quotas/read
|
|
|
トレンドマイクロのリソースグループ権限
Azure の組み込みロール: 貢献者
-
NotActions:
-
Microsoft.Authorization/*/Delete
-
Microsoft.Authorization/*/Write
-
Microsoft.Authorization/elevateAccess/Action
-
Microsoft.Blueprint/blueprintAssignments/write
-
Microsoft.Blueprint/blueprintAssignments/delete
-
Microsoft.Compute/galleries/share/action
-
Microsoft.Purview/consents/write
-
Microsoft.Purview/consents/delete
-
Microsoft.Resources/deploymentStacks/manageDenySetting/action
-
Microsoft.Subscription/cancel/action
-
Microsoft.Subscription/enable/action
Azure組み込みロール: AcrPull
Azure組み込みロール: Storage Blob Data Owner
-
Microsoft.Storage/storageAccounts/blobServices/containers/*
-
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action
-
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*
|
|
トレンドマイクロストレージIDの権限
Azure組み込みロール: Storage Blob Data Reader
-
Microsoft.Storage/storageAccounts/blobServices/containers/read
-
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action
-
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
|
|
Azureアクティビティログのクラウド検出
|
N/A
|
|
|
Microsoft Defender for Endpoint ログコレクション
|
|
|
