Bump armsecurity - Githubissues

Bump arm security and solve breaking changes.

The payload of arm security has changed from the previous version:

From

{
  "id": "/subscriptions/<subID>/providers/Microsoft.Security/securityContacts/default",
  "name": "default",
  "type": "Microsoft.Security/securityContacts",
  "properties": {
    "alertNotifications": {
      "state": "On",
      "minimalSeverity": "High"
    },
    "notificationsByRole": {
      "state": "On",
      "roles": [
        "Owner"
      ]
    },
    "emails": "...",
    "phone": ""
  }
}

{
  "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContact/default",
  "name": "default",
  "type": "Microsoft.Security/securityContact",
  "properties": {
    "notificationsByRole": {
      "state": "On",
      "roles": [
        "Owner",
        "Admin"
      ]
    },
    "isEnabled": true,
    "emails": "john@contoso.com;Jane@contoso.com",
    "phone": "(214)275-4038",
    "notificationsSources": [
      {
        "sourceType": "AttackPath",
        "minimalRiskLevel": "Critical"
      },
      {
        "sourceType": "Alert",
        "minimalSeverity": "Medium"
      }
    ]
  }
}

There isn't however any docs on what is the migration path. Therefore I tested the UI and API and made a few assumptions.

Assumption 1:

We can't save the email settings without selecting Notify about alerts with the following severity (or higher):, therefore I assume the the default Notification Source with a valid level means that the notification is enabled

Assumption 2: There is no clarity on what is the default notification source type. By testing, it seems to be Alert. I'm using it as the default.

Related issues

Closes https://github.com/elastic/cloudbeat/issues/2242

elastic / cloudbeat

Bump armsecurity #2450

Related issues