Assessments Metadata - List By Subscription

Služba:

Defender for Cloud

Verze rozhraní API:

2021-06-01

Získání informací o metadatech pro všechny typy posouzení v konkrétním předplatném

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

Parametry identifikátoru URI

Name	V	Vyžadováno	Typ	Description
subscriptionId	path	True	string	ID předplatného Azure Vzor regulárního výrazu: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	Verze rozhraní API pro operaci

Odpovědi

Name	Typ	Description
200 OK	SecurityAssessmentMetadataResponseList	OK
Other Status Codes	CloudError	Chybová odpověď popisující, proč operace selhala.

Zabezpečení

azure_auth

Azure Active Directory OAuth2 Flow

Typ: oauth2
Tok: implicit
URL autorizace: https://login.microsoftonline.com/common/oauth2/authorize

Rozsahy

Name	Description
user_impersonation	zosobnění uživatelského účtu

Příklady

List security assessment metadata for subscription

Ukázkový požadavek

HTTP

GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata ListBySubscription.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * ListAssessmentsMetadata_subscription_example.json
     */
    /**
     * Sample code: List security assessment metadata for subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        listSecurityAssessmentMetadataForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().listBySubscription(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
func ExampleAssessmentsMetadataClient_NewListBySubscriptionPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssessmentsMetadataClient().NewListBySubscriptionPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssessmentMetadataResponseList = armsecurity.AssessmentMetadataResponseList{
		// 	Value: []*armsecurity.AssessmentMetadataResponse{
		// 		{
		// 			Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 			ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 				Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
		// 				AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
		// 				Categories: []*armsecurity.Categories{
		// 					to.Ptr(armsecurity.CategoriesCompute)},
		// 					DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
		// 					ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 					PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
		// 					RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
		// 					Severity: to.Ptr(armsecurity.SeverityMedium),
		// 					Threats: []*armsecurity.Threats{
		// 						to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 						to.Ptr(armsecurity.ThreatsDataSpillage),
		// 						to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 						UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 						PlannedDeprecationDate: to.Ptr("03/2022"),
		// 						PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 							GA: to.Ptr("06/01/2021"),
		// 							Public: to.Ptr("06/01/2021"),
		// 						},
		// 						Tactics: []*armsecurity.Tactics{
		// 							to.Ptr(armsecurity.TacticsCredentialAccess),
		// 							to.Ptr(armsecurity.TacticsPersistence),
		// 							to.Ptr(armsecurity.TacticsExecution),
		// 							to.Ptr(armsecurity.TacticsDefenseEvasion),
		// 							to.Ptr(armsecurity.TacticsCollection),
		// 							to.Ptr(armsecurity.TacticsDiscovery),
		// 							to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
		// 							Techniques: []*armsecurity.Techniques{
		// 								to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
		// 								to.Ptr(armsecurity.TechniquesIngressToolTransfer),
		// 								to.Ptr(armsecurity.TechniquesPhishing),
		// 								to.Ptr(armsecurity.TechniquesUserExecution)},
		// 							},
		// 						},
		// 						{
		// 							Name: to.Ptr("bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 							ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 								Description: to.Ptr("Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine."),
		// 								AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomPolicy),
		// 								Categories: []*armsecurity.Categories{
		// 									to.Ptr(armsecurity.CategoriesNetworking)},
		// 									DisplayName: to.Ptr("Close management ports on your virtual machines"),
		// 									ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 									PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917"),
		// 									Preview: to.Ptr(true),
		// 									RemediationDescription: to.Ptr("We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'"),
		// 									Severity: to.Ptr(armsecurity.SeverityMedium),
		// 									Threats: []*armsecurity.Threats{
		// 										to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 										to.Ptr(armsecurity.ThreatsDataSpillage),
		// 										to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 										UserImpact: to.Ptr(armsecurity.UserImpactHigh),
		// 										PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 											GA: to.Ptr("06/01/2021"),
		// 											Public: to.Ptr("06/01/2021"),
		// 										},
		// 									},
		// 							}},
		// 						}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on all assessment types in a specific subscription
 *
 * @summary Get metadata information on all assessment types in a specific subscription
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
 */
async function listSecurityAssessmentMetadataForSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "0980887d-03d6-408c-9566-532f3456804e";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.assessmentsMetadata.listBySubscription()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
// this example is just showing the usage of "AssessmentsMetadata_ListBySubscription" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "0980887d-03d6-408c-9566-532f3456804e";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// get the collection of this SubscriptionAssessmentMetadataResource
SubscriptionAssessmentMetadataCollection collection = subscriptionResource.GetAllSubscriptionAssessmentMetadata();

// invoke the operation and iterate over the result
await foreach (SubscriptionAssessmentMetadataResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecurityAssessmentMetadataData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Ukázková odpověď

Stavový kód:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
      "name": "21300918-b2e3-0346-785f-c77ff57d243b",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Install endpoint protection solution on virtual machine scale sets",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
        "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "plannedDeprecationDate": "03/2022",
        "tactics": [
          "Credential Access",
          "Persistence",
          "Execution",
          "Defense Evasion",
          "Collection",
          "Discovery",
          "Privilege Escalation"
        ],
        "techniques": [
          "Obfuscated Files or Information",
          "Ingress Tool Transfer",
          "Phishing",
          "User Execution"
        ],
        "assessmentType": "BuiltIn"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Close management ports on your virtual machines",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
        "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
        "categories": [
          "Networking"
        ],
        "severity": "Medium",
        "userImpact": "High",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "preview": true,
        "assessmentType": "CustomPolicy"
      }
    }
  ]
}

Definice

Name	Description
assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
categories
CloudError	Běžná chybová odpověď pro všechna rozhraní API Azure Resource Manageru pro vrácení podrobností o chybě pro neúspěšné operace (To se také řídí formátem odpovědi na chybu OData.)
CloudErrorBody	Podrobnosti o chybě.
ErrorAdditionalInfo	Další informace o chybě správy prostředků
implementationEffort	Úsilí o implementaci potřebné k nápravě tohoto posouzení
PublishDates
SecurityAssessmentMetadataPartnerData	Popisuje partnera, který vytvořil posouzení.
SecurityAssessmentMetadataResponse	Odpověď na metadata posouzení zabezpečení
SecurityAssessmentMetadataResponseList	Seznam metadat posouzení zabezpečení
severity	Úroveň závažnosti posouzení
tactics
techniques
threats
userImpact	Dopad posouzení na uživatele

assessmentType

BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition

Name	Typ	Description
BuiltIn	string	Posouzení spravovaná v programu Microsoft Defender pro cloud
CustomPolicy	string	Uživatelem definované zásady, které se automaticky ingestují ze služby Azure Policy do Microsoft Defenderu pro cloud
CustomerManaged	string	Hodnocení uživatelů nabízená přímo uživatelem nebo jinou třetí stranou do programu Microsoft Defender for Cloud
VerifiedPartner	string	Posouzení vytvořené ověřenou třetí stranou, pokud ho uživatel připojil k ASC

categories

Name	Typ	Description
Compute	string
Data	string
IdentityAndAccess	string
IoT	string
Networking	string

CloudError

Běžná chybová odpověď pro všechna rozhraní API Azure Resource Manageru pro vrácení podrobností o chybě pro neúspěšné operace (To se také řídí formátem odpovědi na chybu OData.)

Name	Typ	Description
error.additionalInfo	ErrorAdditionalInfo[]	Další informace o chybě.
error.code	string	Kód chyby.
error.details	CloudErrorBody[]	Podrobnosti o chybě.
error.message	string	Chybová zpráva.
error.target	string	Cíl chyby.

CloudErrorBody

Podrobnosti o chybě.

Name	Typ	Description
additionalInfo	ErrorAdditionalInfo[]	Další informace o chybě.
code	string	Kód chyby.
details	CloudErrorBody[]	Podrobnosti o chybě.
message	string	Chybová zpráva.
target	string	Cíl chyby.

ErrorAdditionalInfo

Další informace o chybě správy prostředků

Name	Typ	Description
info	object	Další informace.
type	string	Další typ informací.

implementationEffort

Úsilí o implementaci potřebné k nápravě tohoto posouzení

Name	Typ	Description
High	string
Low	string
Moderate	string

PublishDates

Name	Typ	Description
GA	string
public	string

SecurityAssessmentMetadataPartnerData

Popisuje partnera, který vytvořil posouzení.

Name	Typ	Description
partnerName	string	Název společnosti partnera
productName	string	Název produktu partnera, který posouzení vytvořil
secret	string	Tajný kód pro ověření partnera a ověření vytvoření posouzení – pouze zápis

SecurityAssessmentMetadataResponse

Odpověď na metadata posouzení zabezpečení

Name	Typ	Description
id	string	ID prostředku
name	string	Název prostředku
properties.assessmentType	assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
properties.categories	categories[]	Kategorie prostředků, které jsou ohroženy, když posouzení není v pořádku
properties.description	string	Human readable description of the assessment
properties.displayName	string	Uživatelsky přívětivý zobrazovaný název posouzení
properties.implementationEffort	implementationEffort	Úsilí o implementaci potřebné k nápravě tohoto posouzení
properties.partnerData	SecurityAssessmentMetadataPartnerData	Popisuje partnera, který vytvořil posouzení.
properties.plannedDeprecationDate	string
properties.policyDefinitionId	string	ID prostředku Azure definice zásady, která tento výpočet posouzení zapne
properties.preview	boolean	Hodnota True, pokud je toto posouzení ve stavu verze Preview
properties.publishDates	PublishDates
properties.remediationDescription	string	Popis toho, co byste měli udělat pro zmírnění tohoto problému se zabezpečením, je čitelný pro člověka
properties.severity	severity	Úroveň závažnosti posouzení
properties.tactics	tactics[]	Taktika posouzení
properties.techniques	techniques[]	Techniky posouzení
properties.threats	threats[]	Dopad posouzení na hrozby
properties.userImpact	userImpact	Dopad posouzení na uživatele
type	string	Typ prostředku

SecurityAssessmentMetadataResponseList

Seznam metadat posouzení zabezpečení

Name	Typ	Description
nextLink	string	Identifikátor URI pro načtení další stránky.
value	SecurityAssessmentMetadataResponse[]	Odpověď na metadata posouzení zabezpečení

severity

Úroveň závažnosti posouzení

Name	Typ	Description
High	string
Low	string
Medium	string

tactics

Name	Typ	Description
Collection	string
Command and Control	string
Credential Access	string
Defense Evasion	string
Discovery	string
Execution	string
Exfiltration	string
Impact	string
Initial Access	string
Lateral Movement	string
Persistence	string
Privilege Escalation	string
Reconnaissance	string
Resource Development	string

techniques

Name	Typ	Description
Abuse Elevation Control Mechanism	string
Access Token Manipulation	string
Account Discovery	string
Account Manipulation	string
Active Scanning	string
Application Layer Protocol	string
Audio Capture	string
Boot or Logon Autostart Execution	string
Boot or Logon Initialization Scripts	string
Brute Force	string
Cloud Infrastructure Discovery	string
Cloud Service Dashboard	string
Cloud Service Discovery	string
Command and Scripting Interpreter	string
Compromise Client Software Binary	string
Compromise Infrastructure	string
Container and Resource Discovery	string
Create Account	string
Create or Modify System Process	string
Credentials from Password Stores	string
Data Destruction	string
Data Encrypted for Impact	string
Data Manipulation	string
Data Staged	string
Data from Cloud Storage Object	string
Data from Configuration Repository	string
Data from Information Repositories	string
Data from Local System	string
Defacement	string
Deobfuscate/Decode Files or Information	string
Disk Wipe	string
Domain Trust Discovery	string
Drive-by Compromise	string
Dynamic Resolution	string
Endpoint Denial of Service	string
Event Triggered Execution	string
Exfiltration Over Alternative Protocol	string
Exploit Public-Facing Application	string
Exploitation for Client Execution	string
Exploitation for Credential Access	string
Exploitation for Defense Evasion	string
Exploitation for Privilege Escalation	string
Exploitation of Remote Services	string
External Remote Services	string
Fallback Channels	string
File and Directory Discovery	string
File and Directory Permissions Modification	string
Gather Victim Network Information	string
Hide Artifacts	string
Hijack Execution Flow	string
Impair Defenses	string
Implant Container Image	string
Indicator Removal on Host	string
Indirect Command Execution	string
Ingress Tool Transfer	string
Input Capture	string
Inter-Process Communication	string
Lateral Tool Transfer	string
Man-in-the-Middle	string
Masquerading	string
Modify Authentication Process	string
Modify Registry	string
Network Denial of Service	string
Network Service Scanning	string
Network Sniffing	string
Non-Application Layer Protocol	string
Non-Standard Port	string
OS Credential Dumping	string
Obfuscated Files or Information	string
Obtain Capabilities	string
Office Application Startup	string
Permission Groups Discovery	string
Phishing	string
Pre-OS Boot	string
Process Discovery	string
Process Injection	string
Protocol Tunneling	string
Proxy	string
Query Registry	string
Remote Access Software	string
Remote Service Session Hijacking	string
Remote Services	string
Remote System Discovery	string
Resource Hijacking	string
SQL Stored Procedures	string
Scheduled Task/Job	string
Screen Capture	string
Search Victim-Owned Websites	string
Server Software Component	string
Service Stop	string
Signed Binary Proxy Execution	string
Software Deployment Tools	string
Steal or Forge Kerberos Tickets	string
Subvert Trust Controls	string
Supply Chain Compromise	string
System Information Discovery	string
Taint Shared Content	string
Traffic Signaling	string
Transfer Data to Cloud Account	string
Trusted Relationship	string
Unsecured Credentials	string
User Execution	string
Valid Accounts	string
Windows Management Instrumentation	string

threats

Name	Typ	Description
accountBreach	string
dataExfiltration	string
dataSpillage	string
denialOfService	string
elevationOfPrivilege	string
maliciousInsider	string
missingCoverage	string
threatResistance	string

userImpact

Dopad posouzení na uživatele

Name	Typ	Description
High	string
Low	string
Moderate	string