Assessments Metadata - Get In Subscription
Get metadata information on an assessment type in a specific subscription
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}?api-version=2021-06-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
assessment
|
path | True |
string |
The Assessment Key - Unique key for the assessment type |
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Get security assessment metadata for subscription
Sample request
GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b?api-version=2021-06-01
Sample response
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"categories": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"publishDates": {
"GA": "06/01/2021",
"public": "06/01/2021"
},
"plannedDeprecationDate": "03/2022",
"tactics": [
"Credential Access",
"Persistence",
"Execution",
"Defense Evasion",
"Collection",
"Discovery",
"Privilege Escalation"
],
"techniques": [
"Obfuscated Files or Information",
"Ingress Tool Transfer",
"Phishing",
"User Execution"
],
"assessmentType": "BuiltIn"
}
}
Definitions
Name | Description |
---|---|
assessment |
BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition |
categories | |
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
Error |
The resource management error additional info. |
implementation |
The implementation effort required to remediate this assessment |
Publish |
|
Security |
Describes the partner that created the assessment |
Security |
Security assessment metadata response |
severity |
The severity level of the assessment |
tactics | |
techniques | |
threats | |
user |
The user impact of the assessment |
assessmentType
BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
Name | Type | Description |
---|---|---|
BuiltIn |
string |
Microsoft Defender for Cloud managed assessments |
CustomPolicy |
string |
User defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud |
CustomerManaged |
string |
User assessments pushed directly by the user or other third party to Microsoft Defender for Cloud |
VerifiedPartner |
string |
An assessment that was created by a verified 3rd party if the user connected it to ASC |
categories
Name | Type | Description |
---|---|---|
Compute |
string |
|
Data |
string |
|
IdentityAndAccess |
string |
|
IoT |
string |
|
Networking |
string |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
implementationEffort
The implementation effort required to remediate this assessment
Name | Type | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Moderate |
string |
PublishDates
Name | Type | Description |
---|---|---|
GA |
string |
|
public |
string |
SecurityAssessmentMetadataPartnerData
Describes the partner that created the assessment
Name | Type | Description |
---|---|---|
partnerName |
string |
Name of the company of the partner |
productName |
string |
Name of the product of the partner that created the assessment |
secret |
string |
Secret to authenticate the partner and verify it created the assessment - write only |
SecurityAssessmentMetadataResponse
Security assessment metadata response
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
name |
string |
Resource name |
properties.assessmentType |
BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition |
|
properties.categories |
The categories of resource that is at risk when the assessment is unhealthy |
|
properties.description |
string |
Human readable description of the assessment |
properties.displayName |
string |
User friendly display name of the assessment |
properties.implementationEffort |
The implementation effort required to remediate this assessment |
|
properties.partnerData |
Describes the partner that created the assessment |
|
properties.plannedDeprecationDate |
string |
|
properties.policyDefinitionId |
string |
Azure resource ID of the policy definition that turns this assessment calculation on |
properties.preview |
boolean |
True if this assessment is in preview release status |
properties.publishDates | ||
properties.remediationDescription |
string |
Human readable description of what you should do to mitigate this security issue |
properties.severity |
The severity level of the assessment |
|
properties.tactics |
tactics[] |
Tactic of the assessment |
properties.techniques |
Techniques of the assessment |
|
properties.threats |
threats[] |
Threats impact of the assessment |
properties.userImpact |
The user impact of the assessment |
|
type |
string |
Resource type |
severity
The severity level of the assessment
Name | Type | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Medium |
string |
tactics
Name | Type | Description |
---|---|---|
Collection |
string |
|
Command and Control |
string |
|
Credential Access |
string |
|
Defense Evasion |
string |
|
Discovery |
string |
|
Execution |
string |
|
Exfiltration |
string |
|
Impact |
string |
|
Initial Access |
string |
|
Lateral Movement |
string |
|
Persistence |
string |
|
Privilege Escalation |
string |
|
Reconnaissance |
string |
|
Resource Development |
string |
techniques
Name | Type | Description |
---|---|---|
Abuse Elevation Control Mechanism |
string |
|
Access Token Manipulation |
string |
|
Account Discovery |
string |
|
Account Manipulation |
string |
|
Active Scanning |
string |
|
Application Layer Protocol |
string |
|
Audio Capture |
string |
|
Boot or Logon Autostart Execution |
string |
|
Boot or Logon Initialization Scripts |
string |
|
Brute Force |
string |
|
Cloud Infrastructure Discovery |
string |
|
Cloud Service Dashboard |
string |
|
Cloud Service Discovery |
string |
|
Command and Scripting Interpreter |
string |
|
Compromise Client Software Binary |
string |
|
Compromise Infrastructure |
string |
|
Container and Resource Discovery |
string |
|
Create Account |
string |
|
Create or Modify System Process |
string |
|
Credentials from Password Stores |
string |
|
Data Destruction |
string |
|
Data Encrypted for Impact |
string |
|
Data Manipulation |
string |
|
Data Staged |
string |
|
Data from Cloud Storage Object |
string |
|
Data from Configuration Repository |
string |
|
Data from Information Repositories |
string |
|
Data from Local System |
string |
|
Defacement |
string |
|
Deobfuscate/Decode Files or Information |
string |
|
Disk Wipe |
string |
|
Domain Trust Discovery |
string |
|
Drive-by Compromise |
string |
|
Dynamic Resolution |
string |
|
Endpoint Denial of Service |
string |
|
Event Triggered Execution |
string |
|
Exfiltration Over Alternative Protocol |
string |
|
Exploit Public-Facing Application |
string |
|
Exploitation for Client Execution |
string |
|
Exploitation for Credential Access |
string |
|
Exploitation for Defense Evasion |
string |
|
Exploitation for Privilege Escalation |
string |
|
Exploitation of Remote Services |
string |
|
External Remote Services |
string |
|
Fallback Channels |
string |
|
File and Directory Discovery |
string |
|
File and Directory Permissions Modification |
string |
|
Gather Victim Network Information |
string |
|
Hide Artifacts |
string |
|
Hijack Execution Flow |
string |
|
Impair Defenses |
string |
|
Implant Container Image |
string |
|
Indicator Removal on Host |
string |
|
Indirect Command Execution |
string |
|
Ingress Tool Transfer |
string |
|
Input Capture |
string |
|
Inter-Process Communication |
string |
|
Lateral Tool Transfer |
string |
|
Man-in-the-Middle |
string |
|
Masquerading |
string |
|
Modify Authentication Process |
string |
|
Modify Registry |
string |
|
Network Denial of Service |
string |
|
Network Service Scanning |
string |
|
Network Sniffing |
string |
|
Non-Application Layer Protocol |
string |
|
Non-Standard Port |
string |
|
OS Credential Dumping |
string |
|
Obfuscated Files or Information |
string |
|
Obtain Capabilities |
string |
|
Office Application Startup |
string |
|
Permission Groups Discovery |
string |
|
Phishing |
string |
|
Pre-OS Boot |
string |
|
Process Discovery |
string |
|
Process Injection |
string |
|
Protocol Tunneling |
string |
|
Proxy |
string |
|
Query Registry |
string |
|
Remote Access Software |
string |
|
Remote Service Session Hijacking |
string |
|
Remote Services |
string |
|
Remote System Discovery |
string |
|
Resource Hijacking |
string |
|
SQL Stored Procedures |
string |
|
Scheduled Task/Job |
string |
|
Screen Capture |
string |
|
Search Victim-Owned Websites |
string |
|
Server Software Component |
string |
|
Service Stop |
string |
|
Signed Binary Proxy Execution |
string |
|
Software Deployment Tools |
string |
|
Steal or Forge Kerberos Tickets |
string |
|
Subvert Trust Controls |
string |
|
Supply Chain Compromise |
string |
|
System Information Discovery |
string |
|
Taint Shared Content |
string |
|
Traffic Signaling |
string |
|
Transfer Data to Cloud Account |
string |
|
Trusted Relationship |
string |
|
Unsecured Credentials |
string |
|
User Execution |
string |
|
Valid Accounts |
string |
|
Windows Management Instrumentation |
string |
threats
Name | Type | Description |
---|---|---|
accountBreach |
string |
|
dataExfiltration |
string |
|
dataSpillage |
string |
|
denialOfService |
string |
|
elevationOfPrivilege |
string |
|
maliciousInsider |
string |
|
missingCoverage |
string |
|
threatResistance |
string |
userImpact
The user impact of the assessment
Name | Type | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Moderate |
string |