Assessments Metadata - Get In Subscription

Service:

Defender for Cloud

API-versie:

2021-06-01

Metagegevens ophalen over een evaluatietype in een specifiek abonnement

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}?api-version=2021-06-01

URI-parameters

Name	In	Vereist	Type	Description
assessmentMetadataName	path	True	string	De evaluatiesleutel - unieke sleutel voor het evaluatietype
subscriptionId	path	True	string	Azure-abonnements-id Regex-patroon: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	API-versie voor de bewerking

Antwoorden

Name	Type	Description
200 OK	SecurityAssessmentMetadataResponse	OK
Other Status Codes	CloudError	Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.

Beveiliging

azure_auth

Azure Active Directory OAuth2-stroom

Type: oauth2
Stroom: implicit
Autorisatie-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiken

Name	Description
user_impersonation	Uw gebruikersaccount imiteren

Voorbeelden

Get security assessment metadata for subscription

Voorbeeldaanvraag

HTTP

GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata GetInSubscription.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * GetAssessmentsMetadata_subscription_example.json
     */
    /**
     * Sample code: Get security assessment metadata for subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getSecurityAssessmentMetadataForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().getInSubscriptionWithResponse("21300918-b2e3-0346-785f-c77ff57d243b",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
func ExampleAssessmentsMetadataClient_GetInSubscription() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssessmentsMetadataClient().GetInSubscription(ctx, "21300918-b2e3-0346-785f-c77ff57d243b", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AssessmentMetadataResponse = armsecurity.AssessmentMetadataResponse{
	// 	Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
	// 	ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
	// 		Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
	// 		AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
	// 		Categories: []*armsecurity.Categories{
	// 			to.Ptr(armsecurity.CategoriesCompute)},
	// 			DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
	// 			ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
	// 			PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
	// 			RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
	// 			Severity: to.Ptr(armsecurity.SeverityMedium),
	// 			Threats: []*armsecurity.Threats{
	// 				to.Ptr(armsecurity.ThreatsDataExfiltration),
	// 				to.Ptr(armsecurity.ThreatsDataSpillage),
	// 				to.Ptr(armsecurity.ThreatsMaliciousInsider)},
	// 				UserImpact: to.Ptr(armsecurity.UserImpactLow),
	// 				PlannedDeprecationDate: to.Ptr("03/2022"),
	// 				PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
	// 					GA: to.Ptr("06/01/2021"),
	// 					Public: to.Ptr("06/01/2021"),
	// 				},
	// 				Tactics: []*armsecurity.Tactics{
	// 					to.Ptr(armsecurity.TacticsCredentialAccess),
	// 					to.Ptr(armsecurity.TacticsPersistence),
	// 					to.Ptr(armsecurity.TacticsExecution),
	// 					to.Ptr(armsecurity.TacticsDefenseEvasion),
	// 					to.Ptr(armsecurity.TacticsCollection),
	// 					to.Ptr(armsecurity.TacticsDiscovery),
	// 					to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
	// 					Techniques: []*armsecurity.Techniques{
	// 						to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
	// 						to.Ptr(armsecurity.TechniquesIngressToolTransfer),
	// 						to.Ptr(armsecurity.TechniquesPhishing),
	// 						to.Ptr(armsecurity.TechniquesUserExecution)},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on an assessment type in a specific subscription
 *
 * @summary Get metadata information on an assessment type in a specific subscription
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
 */
async function getSecurityAssessmentMetadataForSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "0980887d-03d6-408c-9566-532f3456804e";
  const assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.assessmentsMetadata.getInSubscription(assessmentMetadataName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
// this example is just showing the usage of "AssessmentsMetadata_GetInSubscription" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionAssessmentMetadataResource created on azure
// for more information of creating SubscriptionAssessmentMetadataResource, please refer to the document of SubscriptionAssessmentMetadataResource
string subscriptionId = "0980887d-03d6-408c-9566-532f3456804e";
string assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
ResourceIdentifier subscriptionAssessmentMetadataResourceId = SubscriptionAssessmentMetadataResource.CreateResourceIdentifier(subscriptionId, assessmentMetadataName);
SubscriptionAssessmentMetadataResource subscriptionAssessmentMetadata = client.GetSubscriptionAssessmentMetadataResource(subscriptionAssessmentMetadataResourceId);

// invoke the operation
SubscriptionAssessmentMetadataResource result = await subscriptionAssessmentMetadata.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAssessmentMetadataData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Voorbeeldrespons

Statuscode:

200

{
  "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
  "name": "21300918-b2e3-0346-785f-c77ff57d243b",
  "type": "Microsoft.Security/assessmentMetadata",
  "properties": {
    "displayName": "Install endpoint protection solution on virtual machine scale sets",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
    "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
    "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
    "categories": [
      "Compute"
    ],
    "severity": "Medium",
    "userImpact": "Low",
    "implementationEffort": "Low",
    "threats": [
      "dataExfiltration",
      "dataSpillage",
      "maliciousInsider"
    ],
    "publishDates": {
      "GA": "06/01/2021",
      "public": "06/01/2021"
    },
    "plannedDeprecationDate": "03/2022",
    "tactics": [
      "Credential Access",
      "Persistence",
      "Execution",
      "Defense Evasion",
      "Collection",
      "Discovery",
      "Privilege Escalation"
    ],
    "techniques": [
      "Obfuscated Files or Information",
      "Ingress Tool Transfer",
      "Phishing",
      "User Execution"
    ],
    "assessmentType": "BuiltIn"
  }
}

Definities

Name	Description
assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
categories
CloudError	Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)
CloudErrorBody	De foutdetails.
ErrorAdditionalInfo	Aanvullende informatie over de resourcebeheerfout.
implementationEffort	De implementatie die nodig is om deze evaluatie te herstellen
PublishDates
SecurityAssessmentMetadataPartnerData	Beschrijft de partner die de evaluatie heeft gemaakt
SecurityAssessmentMetadataResponse	Antwoord op metagegevens van beveiligingsevaluatie
severity	Het ernstniveau van de evaluatie
tactics
techniques
threats
userImpact	De impact van de gebruiker op de evaluatie

assessmentType

BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition

Name	Type	Description
BuiltIn	string	Beheerde evaluaties van Microsoft Defender voor Cloud
CustomPolicy	string	Door de gebruiker gedefinieerde beleidsregels die automatisch worden opgenomen van Azure Policy naar Microsoft Defender for Cloud
CustomerManaged	string	Gebruikersevaluaties die rechtstreeks door de gebruiker of een andere derde partij naar Microsoft Defender voor Cloud zijn gepusht
VerifiedPartner	string	Een evaluatie die is gemaakt door een geverifieerde derde partij als de gebruiker deze heeft verbonden met ASC

categories

Name	Type	Description
Compute	string
Data	string
IdentityAndAccess	string
IoT	string
Networking	string

CloudError

Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
error.code	string	De foutcode.
error.details	CloudErrorBody[]	De foutdetails.
error.message	string	Het foutbericht.
error.target	string	Het foutdoel.

CloudErrorBody

De foutdetails.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
code	string	De foutcode.
details	CloudErrorBody[]	De foutdetails.
message	string	Het foutbericht.
target	string	Het foutdoel.

ErrorAdditionalInfo

Aanvullende informatie over de resourcebeheerfout.

Name	Type	Description
info	object	De aanvullende informatie.
type	string	Het extra informatietype.

implementationEffort

De implementatie die nodig is om deze evaluatie te herstellen

Name	Type	Description
High	string
Low	string
Moderate	string

PublishDates

Name	Type	Description
GA	string
public	string

SecurityAssessmentMetadataPartnerData

Beschrijft de partner die de evaluatie heeft gemaakt

Name	Type	Description
partnerName	string	Naam van het bedrijf van de partner
productName	string	Naam van het product van de partner die de evaluatie heeft gemaakt
secret	string	Geheim om de partner te verifiëren en te controleren of deze de evaluatie heeft gemaakt - alleen schrijven

SecurityAssessmentMetadataResponse

Antwoord op metagegevens van beveiligingsevaluatie

Name	Type	Description
id	string	Resource-id
name	string	Resourcenaam
properties.assessmentType	assessmentType	BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
properties.categories	categories[]	De resourcecategorieën die risico lopen wanneer de evaluatie niet in orde is
properties.description	string	Leesbare beschrijving van de evaluatie
properties.displayName	string	Gebruiksvriendelijke weergavenaam van de evaluatie
properties.implementationEffort	implementationEffort	De implementatie die nodig is om deze evaluatie te herstellen
properties.partnerData	SecurityAssessmentMetadataPartnerData	Beschrijft de partner die de evaluatie heeft gemaakt
properties.plannedDeprecationDate	string
properties.policyDefinitionId	string	Azure-resource-id van de beleidsdefinitie waarmee deze evaluatieberekening wordt ingeschakeld
properties.preview	boolean	Waar als deze evaluatie de preview-releasestatus heeft
properties.publishDates	PublishDates
properties.remediationDescription	string	Leesbare beschrijving van wat u moet doen om dit beveiligingsprobleem te verhelpen
properties.severity	severity	Het ernstniveau van de evaluatie
properties.tactics	tactics[]	Tactiek van de evaluatie
properties.techniques	techniques[]	Technieken van de evaluatie
properties.threats	threats[]	Impact van bedreigingen van de evaluatie
properties.userImpact	userImpact	De impact van de gebruiker op de evaluatie
type	string	Resourcetype

severity

Het ernstniveau van de evaluatie

Name	Type	Description
High	string
Low	string
Medium	string

tactics

Name	Type	Description
Collection	string
Command and Control	string
Credential Access	string
Defense Evasion	string
Discovery	string
Execution	string
Exfiltration	string
Impact	string
Initial Access	string
Lateral Movement	string
Persistence	string
Privilege Escalation	string
Reconnaissance	string
Resource Development	string

techniques

Name	Type	Description
Abuse Elevation Control Mechanism	string
Access Token Manipulation	string
Account Discovery	string
Account Manipulation	string
Active Scanning	string
Application Layer Protocol	string
Audio Capture	string
Boot or Logon Autostart Execution	string
Boot or Logon Initialization Scripts	string
Brute Force	string
Cloud Infrastructure Discovery	string
Cloud Service Dashboard	string
Cloud Service Discovery	string
Command and Scripting Interpreter	string
Compromise Client Software Binary	string
Compromise Infrastructure	string
Container and Resource Discovery	string
Create Account	string
Create or Modify System Process	string
Credentials from Password Stores	string
Data Destruction	string
Data Encrypted for Impact	string
Data Manipulation	string
Data Staged	string
Data from Cloud Storage Object	string
Data from Configuration Repository	string
Data from Information Repositories	string
Data from Local System	string
Defacement	string
Deobfuscate/Decode Files or Information	string
Disk Wipe	string
Domain Trust Discovery	string
Drive-by Compromise	string
Dynamic Resolution	string
Endpoint Denial of Service	string
Event Triggered Execution	string
Exfiltration Over Alternative Protocol	string
Exploit Public-Facing Application	string
Exploitation for Client Execution	string
Exploitation for Credential Access	string
Exploitation for Defense Evasion	string
Exploitation for Privilege Escalation	string
Exploitation of Remote Services	string
External Remote Services	string
Fallback Channels	string
File and Directory Discovery	string
File and Directory Permissions Modification	string
Gather Victim Network Information	string
Hide Artifacts	string
Hijack Execution Flow	string
Impair Defenses	string
Implant Container Image	string
Indicator Removal on Host	string
Indirect Command Execution	string
Ingress Tool Transfer	string
Input Capture	string
Inter-Process Communication	string
Lateral Tool Transfer	string
Man-in-the-Middle	string
Masquerading	string
Modify Authentication Process	string
Modify Registry	string
Network Denial of Service	string
Network Service Scanning	string
Network Sniffing	string
Non-Application Layer Protocol	string
Non-Standard Port	string
OS Credential Dumping	string
Obfuscated Files or Information	string
Obtain Capabilities	string
Office Application Startup	string
Permission Groups Discovery	string
Phishing	string
Pre-OS Boot	string
Process Discovery	string
Process Injection	string
Protocol Tunneling	string
Proxy	string
Query Registry	string
Remote Access Software	string
Remote Service Session Hijacking	string
Remote Services	string
Remote System Discovery	string
Resource Hijacking	string
SQL Stored Procedures	string
Scheduled Task/Job	string
Screen Capture	string
Search Victim-Owned Websites	string
Server Software Component	string
Service Stop	string
Signed Binary Proxy Execution	string
Software Deployment Tools	string
Steal or Forge Kerberos Tickets	string
Subvert Trust Controls	string
Supply Chain Compromise	string
System Information Discovery	string
Taint Shared Content	string
Traffic Signaling	string
Transfer Data to Cloud Account	string
Trusted Relationship	string
Unsecured Credentials	string
User Execution	string
Valid Accounts	string
Windows Management Instrumentation	string

threats

Name	Type	Description
accountBreach	string
dataExfiltration	string
dataSpillage	string
denialOfService	string
elevationOfPrivilege	string
maliciousInsider	string
missingCoverage	string
threatResistance	string

userImpact

De impact van de gebruiker op de evaluatie

Name	Type	Description
High	string
Low	string
Moderate	string