{"files":{"SKILL.md":"---\nname: security-center\ndescription: \"Security Center API skill. Use when working with Security Center for subscriptions. Covers 10 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Security Center\nAPI version: 2019-01-01\n\n## Auth\nOAuth2\n\n## Base URL\nhttps://management.azure.com\n\n## Setup\n1. Configure auth: OAuth2\n2. GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts -- list all the alerts that are associated with the subscription\n3. POST /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss -- create first dismiss\n\n## Endpoints\n10 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Subscriptions\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts | List all the alerts that are associated with the subscription |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/alerts | List all the alerts that are associated with the resource group |\n| GET | /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts | List all the alerts that are associated with the subscription that are stored in a specific location |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts | List all the alerts that are associated with the resource group that are stored in a specific location |\n| GET | /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName} | Get an alert that is associated with a subscription |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName} | Get an alert that is associated a resource group or a resource in a resource group |\n| POST | /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss | Update the alert's state |\n| POST | /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate | Update the alert's state |\n| POST | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss | Update the alert's state |\n| POST | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate | Update the alert's state |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"List all alerts?\" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts\n- \"Get alert details?\" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}\n- \"Create a dismiss?\" -> POST /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss\n- \"Create a reactivate?\" -> POST /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Security Center\n@base https://management.azure.com\n@version 2019-01-01\n@auth OAuth2\n@endpoints 10\n@toc subscriptions(10)\n\n@endpoint GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts\n@desc List all the alerts that are associated with the subscription\n@optional {$filter: any # OData filter. Optional., $select: any # OData select. Optional., $expand: any # OData expand. Optional., autoDismissRuleName: any # The name of an existing auto dismiss rule. Use it to simulate the rule on existing alerts and get the alerts that would have been dismissed if the rule was enabled when the alert was created}\n@returns(200) OK\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/alerts\n@desc List all the alerts that are associated with the resource group\n@optional {$filter: any # OData filter. Optional., $select: any # OData select. Optional., $expand: any # OData expand. Optional., autoDismissRuleName: any # The name of an existing auto dismiss rule. Use it to simulate the rule on existing alerts and get the alerts that would have been dismissed if the rule was enabled when the alert was created}\n@returns(200) OK\n\n@endpoint GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts\n@desc List all the alerts that are associated with the subscription that are stored in a specific location\n@optional {$filter: any # OData filter. Optional., $select: any # OData select. Optional., $expand: any # OData expand. Optional., autoDismissRuleName: any # The name of an existing auto dismiss rule. Use it to simulate the rule on existing alerts and get the alerts that would have been dismissed if the rule was enabled when the alert was created}\n@returns(200) OK\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts\n@desc List all the alerts that are associated with the resource group that are stored in a specific location\n@optional {$filter: any # OData filter. Optional., $select: any # OData select. Optional., $expand: any # OData expand. Optional., autoDismissRuleName: any # The name of an existing auto dismiss rule. Use it to simulate the rule on existing alerts and get the alerts that would have been dismissed if the rule was enabled when the alert was created}\n@returns(200) OK\n\n@endpoint GET /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}\n@desc Get an alert that is associated with a subscription\n@required {alertName: any # Name of the alert object}\n@returns(200) OK\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}\n@desc Get an alert that is associated a resource group or a resource in a resource group\n@required {alertName: any # Name of the alert object}\n@returns(200) OK\n\n@endpoint POST /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss\n@desc Update the alert's state\n@required {alertName: any # Name of the alert object}\n@returns(204) No Content\n\n@endpoint POST /subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate\n@desc Update the alert's state\n@required {alertName: any # Name of the alert object}\n@returns(204) No Content\n\n@endpoint POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss\n@desc Update the alert's state\n@required {alertName: any # Name of the alert object}\n@returns(204) No Content\n\n@endpoint POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate\n@desc Update the alert's state\n@required {alertName: any # Name of the alert object}\n@returns(204) No Content\n\n@end\n"}}