Assessments Metadata - List

Service:

Defender for Cloud

API Version:

2021-06-01

Get metadata information on all assessment types

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

URI Parameters

Name	In	Required	Type	Description
api-version	query	True	string	API version for the operation

Responses

Name	Type	Description
200 OK	SecurityAssessmentMetadataResponseList	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List security assessment metadata

Sample request

HTTP

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * ListAssessmentsMetadata_example.json
     */
    /**
     * Sample code: List security assessment metadata.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecurityAssessmentMetadata(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().list(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
func ExampleAssessmentsMetadataClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssessmentsMetadataClient().NewListPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssessmentMetadataResponseList = armsecurity.AssessmentMetadataResponseList{
		// 	Value: []*armsecurity.AssessmentMetadataResponse{
		// 		{
		// 			Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 			ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 				Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
		// 				AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
		// 				Categories: []*armsecurity.Categories{
		// 					to.Ptr(armsecurity.CategoriesCompute)},
		// 					DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
		// 					ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 					PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
		// 					RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
		// 					Severity: to.Ptr(armsecurity.SeverityMedium),
		// 					Threats: []*armsecurity.Threats{
		// 						to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 						to.Ptr(armsecurity.ThreatsDataSpillage),
		// 						to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 						UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 						PlannedDeprecationDate: to.Ptr("03/2022"),
		// 						PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 							GA: to.Ptr("06/01/2021"),
		// 							Public: to.Ptr("06/01/2021"),
		// 						},
		// 						Tactics: []*armsecurity.Tactics{
		// 							to.Ptr(armsecurity.TacticsCredentialAccess),
		// 							to.Ptr(armsecurity.TacticsPersistence),
		// 							to.Ptr(armsecurity.TacticsExecution),
		// 							to.Ptr(armsecurity.TacticsDefenseEvasion),
		// 							to.Ptr(armsecurity.TacticsCollection),
		// 							to.Ptr(armsecurity.TacticsDiscovery),
		// 							to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
		// 							Techniques: []*armsecurity.Techniques{
		// 								to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
		// 								to.Ptr(armsecurity.TechniquesIngressToolTransfer),
		// 								to.Ptr(armsecurity.TechniquesPhishing),
		// 								to.Ptr(armsecurity.TechniquesUserExecution)},
		// 							},
		// 						},
		// 						{
		// 							Name: to.Ptr("bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 							ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 								Description: to.Ptr("Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine."),
		// 								AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomPolicy),
		// 								Categories: []*armsecurity.Categories{
		// 									to.Ptr(armsecurity.CategoriesNetworking)},
		// 									DisplayName: to.Ptr("Close management ports on your virtual machines"),
		// 									ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 									PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917"),
		// 									Preview: to.Ptr(true),
		// 									RemediationDescription: to.Ptr("We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'"),
		// 									Severity: to.Ptr(armsecurity.SeverityMedium),
		// 									Threats: []*armsecurity.Threats{
		// 										to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 										to.Ptr(armsecurity.ThreatsDataSpillage),
		// 										to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 										UserImpact: to.Ptr(armsecurity.UserImpactHigh),
		// 										PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 											GA: to.Ptr("06/01/2021"),
		// 											Public: to.Ptr("06/01/2021"),
		// 										},
		// 									},
		// 								},
		// 								{
		// 									Name: to.Ptr("ca039e75-a276-4175-aebc-bcd41e4b14b7"),
		// 									Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 									ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7"),
		// 									Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 										Description: to.Ptr("Assessment that my organization created to view our security assessment in Azure Security Center"),
		// 										AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomerManaged),
		// 										Categories: []*armsecurity.Categories{
		// 											to.Ptr(armsecurity.CategoriesCompute)},
		// 											DisplayName: to.Ptr("My organization security assessment"),
		// 											ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 											RemediationDescription: to.Ptr("Fix it with these remediation instructions"),
		// 											Severity: to.Ptr(armsecurity.SeverityMedium),
		// 											Threats: []*armsecurity.Threats{
		// 											},
		// 											UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 											PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 												GA: to.Ptr("06/01/2021"),
		// 												Public: to.Ptr("06/01/2021"),
		// 											},
		// 										},
		// 								}},
		// 							}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on all assessment types
 *
 * @summary Get metadata information on all assessment types
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
 */
async function listSecurityAssessmentMetadata() {
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.assessmentsMetadata.list()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
// this example is just showing the usage of "AssessmentsMetadata_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this TenantResource created on azure
// for more information of creating TenantResource, please refer to the document of TenantResource
var tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;

// get the collection of this TenantAssessmentMetadataResource
TenantAssessmentMetadataCollection collection = tenantResource.GetAllTenantAssessmentMetadata();

// invoke the operation and iterate over the result
await foreach (TenantAssessmentMetadataResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecurityAssessmentMetadataData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
      "name": "21300918-b2e3-0346-785f-c77ff57d243b",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Install endpoint protection solution on virtual machine scale sets",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
        "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "plannedDeprecationDate": "03/2022",
        "tactics": [
          "Credential Access",
          "Persistence",
          "Execution",
          "Defense Evasion",
          "Collection",
          "Discovery",
          "Privilege Escalation"
        ],
        "techniques": [
          "Obfuscated Files or Information",
          "Ingress Tool Transfer",
          "Phishing",
          "User Execution"
        ],
        "assessmentType": "BuiltIn"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Close management ports on your virtual machines",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
        "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
        "categories": [
          "Networking"
        ],
        "severity": "Medium",
        "userImpact": "High",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "preview": true,
        "assessmentType": "CustomPolicy"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "My organization security assessment",
        "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
        "remediationDescription": "Fix it with these remediation instructions",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "assessmentType": "CustomerManaged"
      }
    }
  ]
}

Definitions

Name	Description
assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
categories
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
ErrorAdditionalInfo	The resource management error additional info.
implementationEffort	The implementation effort required to remediate this assessment
PublishDates
SecurityAssessmentMetadataPartnerData	Describes the partner that created the assessment
SecurityAssessmentMetadataResponse	Security assessment metadata response
SecurityAssessmentMetadataResponseList	List of security assessment metadata
severity	The severity level of the assessment
tactics
techniques
threats
userImpact	The user impact of the assessment

assessmentType

BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition

Name	Type	Description
BuiltIn	string	Microsoft Defender for Cloud managed assessments
CustomPolicy	string	User defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
CustomerManaged	string	User assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
VerifiedPartner	string	An assessment that was created by a verified 3rd party if the user connected it to ASC

categories

Name	Type	Description
Compute	string
Data	string
IdentityAndAccess	string
IoT	string
Networking	string

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

implementationEffort

The implementation effort required to remediate this assessment

Name	Type	Description
High	string
Low	string
Moderate	string

PublishDates

Name	Type	Description
GA	string
public	string

SecurityAssessmentMetadataPartnerData

Describes the partner that created the assessment

Name	Type	Description
partnerName	string	Name of the company of the partner
productName	string	Name of the product of the partner that created the assessment
secret	string	Secret to authenticate the partner and verify it created the assessment - write only

SecurityAssessmentMetadataResponse

Security assessment metadata response

Name	Type	Description
id	string	Resource Id
name	string	Resource name
properties.assessmentType	assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
properties.categories	categories[]	The categories of resource that is at risk when the assessment is unhealthy
properties.description	string	Human readable description of the assessment
properties.displayName	string	User friendly display name of the assessment
properties.implementationEffort	implementationEffort	The implementation effort required to remediate this assessment
properties.partnerData	SecurityAssessmentMetadataPartnerData	Describes the partner that created the assessment
properties.plannedDeprecationDate	string
properties.policyDefinitionId	string	Azure resource ID of the policy definition that turns this assessment calculation on
properties.preview	boolean	True if this assessment is in preview release status
properties.publishDates	PublishDates
properties.remediationDescription	string	Human readable description of what you should do to mitigate this security issue
properties.severity	severity	The severity level of the assessment
properties.tactics	tactics[]	Tactic of the assessment
properties.techniques	techniques[]	Techniques of the assessment
properties.threats	threats[]	Threats impact of the assessment
properties.userImpact	userImpact	The user impact of the assessment
type	string	Resource type

SecurityAssessmentMetadataResponseList

List of security assessment metadata

Name	Type	Description
nextLink	string	The URI to fetch the next page.
value	SecurityAssessmentMetadataResponse[]	Security assessment metadata response

severity

The severity level of the assessment

Name	Type	Description
High	string
Low	string
Medium	string

tactics

Name	Type	Description
Collection	string
Command and Control	string
Credential Access	string
Defense Evasion	string
Discovery	string
Execution	string
Exfiltration	string
Impact	string
Initial Access	string
Lateral Movement	string
Persistence	string
Privilege Escalation	string
Reconnaissance	string
Resource Development	string

techniques

Name	Type	Description
Abuse Elevation Control Mechanism	string
Access Token Manipulation	string
Account Discovery	string
Account Manipulation	string
Active Scanning	string
Application Layer Protocol	string
Audio Capture	string
Boot or Logon Autostart Execution	string
Boot or Logon Initialization Scripts	string
Brute Force	string
Cloud Infrastructure Discovery	string
Cloud Service Dashboard	string
Cloud Service Discovery	string
Command and Scripting Interpreter	string
Compromise Client Software Binary	string
Compromise Infrastructure	string
Container and Resource Discovery	string
Create Account	string
Create or Modify System Process	string
Credentials from Password Stores	string
Data Destruction	string
Data Encrypted for Impact	string
Data Manipulation	string
Data Staged	string
Data from Cloud Storage Object	string
Data from Configuration Repository	string
Data from Information Repositories	string
Data from Local System	string
Defacement	string
Deobfuscate/Decode Files or Information	string
Disk Wipe	string
Domain Trust Discovery	string
Drive-by Compromise	string
Dynamic Resolution	string
Endpoint Denial of Service	string
Event Triggered Execution	string
Exfiltration Over Alternative Protocol	string
Exploit Public-Facing Application	string
Exploitation for Client Execution	string
Exploitation for Credential Access	string
Exploitation for Defense Evasion	string
Exploitation for Privilege Escalation	string
Exploitation of Remote Services	string
External Remote Services	string
Fallback Channels	string
File and Directory Discovery	string
File and Directory Permissions Modification	string
Gather Victim Network Information	string
Hide Artifacts	string
Hijack Execution Flow	string
Impair Defenses	string
Implant Container Image	string
Indicator Removal on Host	string
Indirect Command Execution	string
Ingress Tool Transfer	string
Input Capture	string
Inter-Process Communication	string
Lateral Tool Transfer	string
Man-in-the-Middle	string
Masquerading	string
Modify Authentication Process	string
Modify Registry	string
Network Denial of Service	string
Network Service Scanning	string
Network Sniffing	string
Non-Application Layer Protocol	string
Non-Standard Port	string
OS Credential Dumping	string
Obfuscated Files or Information	string
Obtain Capabilities	string
Office Application Startup	string
Permission Groups Discovery	string
Phishing	string
Pre-OS Boot	string
Process Discovery	string
Process Injection	string
Protocol Tunneling	string
Proxy	string
Query Registry	string
Remote Access Software	string
Remote Service Session Hijacking	string
Remote Services	string
Remote System Discovery	string
Resource Hijacking	string
SQL Stored Procedures	string
Scheduled Task/Job	string
Screen Capture	string
Search Victim-Owned Websites	string
Server Software Component	string
Service Stop	string
Signed Binary Proxy Execution	string
Software Deployment Tools	string
Steal or Forge Kerberos Tickets	string
Subvert Trust Controls	string
Supply Chain Compromise	string
System Information Discovery	string
Taint Shared Content	string
Traffic Signaling	string
Transfer Data to Cloud Account	string
Trusted Relationship	string
Unsecured Credentials	string
User Execution	string
Valid Accounts	string
Windows Management Instrumentation	string

threats

Name	Type	Description
accountBreach	string
dataExfiltration	string
dataSpillage	string
denialOfService	string
elevationOfPrivilege	string
maliciousInsider	string
missingCoverage	string
threatResistance	string

userImpact

The user impact of the assessment

Name	Type	Description
High	string
Low	string
Moderate	string