Sub Assessments - List All

Service:

Defender for Cloud

API-versie:

2019-01-01-preview

Beveiligingssubevaluaties ophalen voor al uw gescande resources binnen een abonnementsbereik

GET https://management.azure.com/{scope}/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

URI-parameters

Name	In	Vereist	Type	Description
scope	path	True	string	Het bereik van de query kan een abonnement zijn (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) of beheergroep (/providers/Microsoft.Management/managementGroups/mgName).
api-version	query	True	string	API-versie voor de bewerking

Antwoorden

Name	Type	Description
200 OK	SecuritySubAssessmentList	OK
Other Status Codes	CloudError	Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.

Beveiliging

azure_auth

Azure Active Directory OAuth2-stroom

Type: oauth2
Stroom: implicit
Autorisatie-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiken

Name	Description
user_impersonation	Uw gebruikersaccount imiteren

Voorbeelden

List security sub-assessments

Voorbeeldaanvraag

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments ListAll.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubscriptionSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().listAll("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListAllPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListAllPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host."),
		// 				AdditionalData: &armsecurity.ContainerRegistryVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeContainerRegistryVulnerability),
		// 					Type: to.Ptr("Vulnerability"),
		// 					Cve: []*armsecurity.CVE{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("CVE-2019-12345"),
		// 					}},
		// 					Cvss: map[string]*armsecurity.CVSS{
		// 						"2.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 						"3.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 					},
		// 					ImageDigest: to.Ptr("c186fc44-3154-4ce2-ba18-b719d895c3b0"),
		// 					Patchable: to.Ptr(true),
		// 					PublishedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-01-01T00:00:00.000Z"); return t}()),
		// 					RepositoryName: to.Ptr("myRepo"),
		// 					VendorReferences: []*armsecurity.VendorReference{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("Reference_1"),
		// 					}},
		// 				},
		// 				Category: to.Ptr("Backdoors and trojan horses"),
		// 				DisplayName: to.Ptr("'Back Orifice' Backdoor"),
		// 				ID: to.Ptr("1001"),
		// 				Impact: to.Ptr("3"),
		// 				Remediation: to.Ptr("Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Description: to.Ptr("The resource is unhealthy"),
		// 					Cause: to.Ptr(""),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a subscription scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a subscription scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.subAssessments.listAll(scope)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Voorbeeldrespons

Statuscode:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
      "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "displayName": "'Back Orifice' Backdoor",
        "id": "1001",
        "status": {
          "code": "Unhealthy",
          "cause": "",
          "severity": "High",
          "description": "The resource is unhealthy"
        },
        "resourceDetails": {
          "source": "Azure",
          "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
        },
        "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
        "impact": "3",
        "category": "Backdoors and trojan horses",
        "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "additionalData": {
          "assessedResourceType": "ContainerRegistryVulnerability",
          "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
          "repositoryName": "myRepo",
          "type": "Vulnerability",
          "cvss": {
            "2.0": {
              "base": 10
            },
            "3.0": {
              "base": 10
            }
          },
          "patchable": true,
          "cve": [
            {
              "title": "CVE-2019-12345",
              "link": "http://contoso.com"
            }
          ],
          "publishedTime": "2018-01-01T00:00:00.0000000Z",
          "vendorReferences": [
            {
              "title": "Reference_1",
              "link": "http://contoso.com"
            }
          ]
        }
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

Definities

Name	Description
AzureResourceDetails	Details van de Azure-resource die is geëvalueerd
CloudError	Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)
CloudErrorBody	De foutdetails.
ContainerRegistryVulnerabilityProperties	Aanvullende contextvelden voor evaluatie van beveiligingsproblemen in containerregister
CVE	CVE-details
CVSS	CVSS-details
ErrorAdditionalInfo	Aanvullende informatie over de resourcebeheerfout.
OnPremiseResourceDetails	Details van de on-premises resource die is geëvalueerd
OnPremiseSqlResourceDetails	Details van de on-premises SQL-resource die is geëvalueerd
SecuritySubAssessment	Beveiligingssubevaluatie voor een resource
SecuritySubAssessmentList	Lijst met beveiligingssubevaluaties
ServerVulnerabilityProperties	Aanvullende contextvelden voor evaluatie van serverproblemen
severity	Het ernstniveau van de subevaluatie
SqlServerVulnerabilityProperties	Details van de resource die is geëvalueerd
SubAssessmentStatus	Status van de subevaluatie
SubAssessmentStatusCode	Programmatische code voor de status van de evaluatie
VendorReference	Naslaginformatie over leveranciers

AzureResourceDetails

Details van de Azure-resource die is geëvalueerd

Name	Type	Description
id	string	Azure-resource-id van de geëvalueerde resource
source	string: Azure	Het platform waar de geëvalueerde resource zich bevindt

CloudError

Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
error.code	string	De foutcode.
error.details	CloudErrorBody[]	De foutdetails.
error.message	string	Het foutbericht.
error.target	string	Het foutdoel.

CloudErrorBody

De foutdetails.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
code	string	De foutcode.
details	CloudErrorBody[]	De foutdetails.
message	string	Het foutbericht.
target	string	Het foutdoel.

ContainerRegistryVulnerabilityProperties

Aanvullende contextvelden voor evaluatie van beveiligingsproblemen in containerregister

Name	Type	Description
assessedResourceType	string: ContainerRegistryVulnerability	Resourcetype subevaluatie
cve	CVE[]	Lijst met CVE's
cvss	<string,  CVSS>	Woordenlijst van cvss-versie naar cvss-detailobject
imageDigest	string	Samenvatting van het kwetsbare beeld
patchable	boolean	Geeft aan of een patch beschikbaar is of niet
publishedTime	string	Publicatietijd
repositoryName	string	Naam van de opslagplaats waartoe de kwetsbare installatiekopieën behoren
type	string	Type beveiligingsprobleem. bijvoorbeeld: Beveiligingsprobleem, potentieel beveiligingsprobleem, verzamelde informatie, beveiligingsprobleem
vendorReferences	VendorReference[]	Naslaginformatie over leveranciers

CVE

CVE-details

Name	Type	Description
link	string	Url van koppeling
title	string	CVE-titel

CVSS

CVSS-details

Name	Type	Description
base	number	CVSS-basis

ErrorAdditionalInfo

Aanvullende informatie over de resourcebeheerfout.

Name	Type	Description
info	object	De aanvullende informatie.
type	string	Het extra informatietype.

OnPremiseResourceDetails

Details van de on-premises resource die is geëvalueerd

Name	Type	Description
machineName	string	De naam van de computer
source	string: OnPremise	Het platform waar de geëvalueerde resource zich bevindt
sourceComputerId	string	De oms-agent-id die op de computer is geïnstalleerd
vmuuid	string	De unieke id van de machine
workspaceId	string	Azure-resource-id van de werkruimte waaraan de machine is gekoppeld

OnPremiseSqlResourceDetails

Details van de on-premises SQL-resource die is geëvalueerd

Name	Type	Description
databaseName	string	De sql-databasenaam die op de computer is geïnstalleerd
machineName	string	De naam van de computer
serverName	string	De sql-servernaam die op de computer is geïnstalleerd
source	string: OnPremiseSql	Het platform waar de geëvalueerde resource zich bevindt
sourceComputerId	string	De oms-agent-id die op de computer is geïnstalleerd
vmuuid	string	De unieke id van de machine
workspaceId	string	Azure-resource-id van de werkruimte waaraan de machine is gekoppeld

SecuritySubAssessment

Beveiligingssubevaluatie voor een resource

Name	Type	Description
id	string	Resource-id
name	string	Resourcenaam
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	Details van de subevaluatie
properties.category	string	Categorie van de subevaluatie
properties.description	string	Leesbare beschrijving van de evaluatiestatus
properties.displayName	string	Gebruiksvriendelijke weergavenaam van de subevaluatie
properties.id	string	Id van beveiligingsprobleem
properties.impact	string	Beschrijving van de gevolgen van deze subevaluatie
properties.remediation	string	Informatie over het oplossen van deze subevaluatie
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	Details van de resource die is geëvalueerd
properties.status	SubAssessmentStatus	Status van de subevaluatie
properties.timeGenerated	string	De datum en tijd waarop de subevaluatie is gegenereerd
type	string	Resourcetype

SecuritySubAssessmentList

Lijst met beveiligingssubevaluaties

Name	Type	Description
nextLink	string	De URI voor het ophalen van de volgende pagina.
value	SecuritySubAssessment[]	Beveiligingssubevaluatie voor een resource

ServerVulnerabilityProperties

Aanvullende contextvelden voor evaluatie van serverproblemen

Name	Type	Description
assessedResourceType	string: ServerVulnerabilityAssessment	Resourcetype subevaluatie
cve	CVE[]	Lijst met CVE's
cvss	<string,  CVSS>	Woordenlijst van cvss-versie naar cvss-detailobject
patchable	boolean	Geeft aan of een patch beschikbaar is of niet
publishedTime	string	Publicatietijd
threat	string	Naam van bedreiging
type	string	Type beveiligingsprobleem. bijvoorbeeld: Beveiligingsprobleem, potentieel beveiligingsprobleem, verzamelde informatie
vendorReferences	VendorReference[]	Naslaginformatie over leveranciers

severity

Het ernstniveau van de subevaluatie

Name	Type	Description
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

Details van de resource die is geëvalueerd

Name	Type	Description
assessedResourceType	string: SqlServerVulnerability	Resourcetype subevaluatie
query	string	De T-SQL-query die wordt uitgevoerd op uw SQL-database om de specifieke controle uit te voeren
type	string	Het resourcetype waarnaar de subevaluatie verwijst in de resourcedetails

SubAssessmentStatus

Status van de subevaluatie

Name	Type	Description
cause	string	Programmatische code voor de oorzaak van de evaluatiestatus
code	SubAssessmentStatusCode	Programmatische code voor de status van de evaluatie
description	string	Leesbare beschrijving van de evaluatiestatus
severity	severity	Het ernstniveau van de subevaluatie

SubAssessmentStatusCode

Programmatische code voor de status van de evaluatie

Name	Type	Description
Healthy	string	De resource is in orde
NotApplicable	string	Evaluatie voor deze resource is niet uitgevoerd
Unhealthy	string	De resource heeft een beveiligingsprobleem dat moet worden opgelost

VendorReference

Naslaginformatie over leveranciers

Name	Type	Description
link	string	Url van koppeling
title	string	Titel van koppeling