你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Assessments Metadata - Get In Subscription

参考

服务:: Defender for Cloud

API 版本:: 2021-06-01

获取特定订阅中评估类型的元数据信息

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}?api-version=2021-06-01

URI 参数

名称在必需类型说明

名称	在	必需	类型	说明
assessmentMetadataName	path	True	string	评估密钥 - 评估类型的唯一键
subscriptionId	path	True	string	Azure 订阅 ID 正则表达式模式: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	操作的 API 版本

assessmentMetadataName

path

True

string

评估密钥 - 评估类型的唯一键

subscriptionId

path

True

string

Azure 订阅 ID

正则表达式模式: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version

query

True

string

操作的 API 版本

响应

名称	类型	说明
200 OK	SecurityAssessmentMetadataResponse	还行
Other Status Codes	CloudError	描述操作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Get security assessment metadata for subscription

示例请求

GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b?api-version=2021-06-01


/**
 * Samples for AssessmentsMetadata GetInSubscription.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * GetAssessmentsMetadata_subscription_example.json
     */
    /**
     * Sample code: Get security assessment metadata for subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getSecurityAssessmentMetadataForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().getInSubscriptionWithResponse("21300918-b2e3-0346-785f-c77ff57d243b",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
func ExampleAssessmentsMetadataClient_GetInSubscription() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssessmentsMetadataClient().GetInSubscription(ctx, "21300918-b2e3-0346-785f-c77ff57d243b", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AssessmentMetadataResponse = armsecurity.AssessmentMetadataResponse{
	// 	Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
	// 	ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
	// 		Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
	// 		AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
	// 		Categories: []*armsecurity.Categories{
	// 			to.Ptr(armsecurity.CategoriesCompute)},
	// 			DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
	// 			ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
	// 			PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
	// 			RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
	// 			Severity: to.Ptr(armsecurity.SeverityMedium),
	// 			Threats: []*armsecurity.Threats{
	// 				to.Ptr(armsecurity.ThreatsDataExfiltration),
	// 				to.Ptr(armsecurity.ThreatsDataSpillage),
	// 				to.Ptr(armsecurity.ThreatsMaliciousInsider)},
	// 				UserImpact: to.Ptr(armsecurity.UserImpactLow),
	// 				PlannedDeprecationDate: to.Ptr("03/2022"),
	// 				PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
	// 					GA: to.Ptr("06/01/2021"),
	// 					Public: to.Ptr("06/01/2021"),
	// 				},
	// 				Tactics: []*armsecurity.Tactics{
	// 					to.Ptr(armsecurity.TacticsCredentialAccess),
	// 					to.Ptr(armsecurity.TacticsPersistence),
	// 					to.Ptr(armsecurity.TacticsExecution),
	// 					to.Ptr(armsecurity.TacticsDefenseEvasion),
	// 					to.Ptr(armsecurity.TacticsCollection),
	// 					to.Ptr(armsecurity.TacticsDiscovery),
	// 					to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
	// 					Techniques: []*armsecurity.Techniques{
	// 						to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
	// 						to.Ptr(armsecurity.TechniquesIngressToolTransfer),
	// 						to.Ptr(armsecurity.TechniquesPhishing),
	// 						to.Ptr(armsecurity.TechniquesUserExecution)},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on an assessment type in a specific subscription
 *
 * @summary Get metadata information on an assessment type in a specific subscription
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
 */
async function getSecurityAssessmentMetadataForSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "0980887d-03d6-408c-9566-532f3456804e";
  const assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.assessmentsMetadata.getInSubscription(assessmentMetadataName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
// this example is just showing the usage of "AssessmentsMetadata_GetInSubscription" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionAssessmentMetadataResource created on azure
// for more information of creating SubscriptionAssessmentMetadataResource, please refer to the document of SubscriptionAssessmentMetadataResource
string subscriptionId = "0980887d-03d6-408c-9566-532f3456804e";
string assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
ResourceIdentifier subscriptionAssessmentMetadataResourceId = SubscriptionAssessmentMetadataResource.CreateResourceIdentifier(subscriptionId, assessmentMetadataName);
SubscriptionAssessmentMetadataResource subscriptionAssessmentMetadata = client.GetSubscriptionAssessmentMetadataResource(subscriptionAssessmentMetadataResourceId);

// invoke the operation
SubscriptionAssessmentMetadataResource result = await subscriptionAssessmentMetadata.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAssessmentMetadataData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
  "name": "21300918-b2e3-0346-785f-c77ff57d243b",
  "type": "Microsoft.Security/assessmentMetadata",
  "properties": {
    "displayName": "Install endpoint protection solution on virtual machine scale sets",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
    "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
    "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
    "categories": [
      "Compute"
    ],
    "severity": "Medium",
    "userImpact": "Low",
    "implementationEffort": "Low",
    "threats": [
      "dataExfiltration",
      "dataSpillage",
      "maliciousInsider"
    ],
    "publishDates": {
      "GA": "06/01/2021",
      "public": "06/01/2021"
    },
    "plannedDeprecationDate": "03/2022",
    "tactics": [
      "Credential Access",
      "Persistence",
      "Execution",
      "Defense Evasion",
      "Collection",
      "Discovery",
      "Privilege Escalation"
    ],
    "techniques": [
      "Obfuscated Files or Information",
      "Ingress Tool Transfer",
      "Phishing",
      "User Execution"
    ],
    "assessmentType": "BuiltIn"
  }
}

定义

名称	说明
assessmentType	如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn
categories
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。（这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ErrorAdditionalInfo	资源管理错误附加信息。
implementationEffort	修正此评估所需的实施工作
PublishDates
SecurityAssessmentMetadataPartnerData	描述创建评估的合作伙伴
SecurityAssessmentMetadataResponse	安全评估元数据响应
severity	评估的严重性级别
tactics
techniques
threats
userImpact	评估的用户影响

assessmentType

如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn

名称	类型	说明
BuiltIn	string	Microsoft Defender for Cloud 托管评估
CustomPolicy	string	从 Azure Policy 自动引入到 Microsoft Defender for Cloud 的用户定义策略
CustomerManaged	string	用户或其他第三方直接推送到 Microsoft Defender for Cloud 的用户评估
VerifiedPartner	string	如果用户将其连接到 ASC，则由已验证的第三方创建的评估

名称	类型	说明
Compute	string
Data	string
IdentityAndAccess	string
IoT	string
Networking	string

CloudError

所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。（这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

implementationEffort

修正此评估所需的实施工作

名称	类型	说明
High	string
Low	string
Moderate	string

PublishDates

名称	类型	说明
GA	string
public	string

SecurityAssessmentMetadataPartnerData

描述创建评估的合作伙伴

名称	类型	说明
partnerName	string	合作伙伴公司的名称
productName	string	创建评估的合作伙伴的产品的名称
secret	string	对合作伙伴进行身份验证并验证其是否创建了评估的机密 - 仅写入

SecurityAssessmentMetadataResponse

安全评估元数据响应

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.assessmentType	assessmentType	如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn
properties.categories	categories[]	评估不正常时面临风险的资源类别
properties.description	string	评估的人工可读说明
properties.displayName	string	评估的用户友好显示名称
properties.implementationEffort	implementationEffort	修正此评估所需的实施工作
properties.partnerData	SecurityAssessmentMetadataPartnerData	描述创建评估的合作伙伴
properties.plannedDeprecationDate	string
properties.policyDefinitionId	string	启用此评估计算的策略定义的 Azure 资源 ID
properties.preview	boolean	如此如果此评估处于预览版发布状态
properties.publishDates	PublishDates
properties.remediationDescription	string	人工可读说明应执行的操作以缓解此安全问题
properties.severity	severity	评估的严重性级别
properties.tactics	tactics[]	评估策略
properties.techniques	techniques[]	评估技术
properties.threats	threats[]	评估的威胁影响
properties.userImpact	userImpact	评估的用户影响
type	string	资源类型

severity

评估的严重性级别

名称	类型	说明
High	string
Low	string
Medium	string

tactics

名称	类型	说明
Collection	string
Command and Control	string
Credential Access	string
Defense Evasion	string
Discovery	string
Execution	string
Exfiltration	string
Impact	string
Initial Access	string
Lateral Movement	string
Persistence	string
Privilege Escalation	string
Reconnaissance	string
Resource Development	string

techniques

名称	类型	说明
Abuse Elevation Control Mechanism	string
Access Token Manipulation	string
Account Discovery	string
Account Manipulation	string
Active Scanning	string
Application Layer Protocol	string
Audio Capture	string
Boot or Logon Autostart Execution	string
Boot or Logon Initialization Scripts	string
Brute Force	string
Cloud Infrastructure Discovery	string
Cloud Service Dashboard	string
Cloud Service Discovery	string
Command and Scripting Interpreter	string
Compromise Client Software Binary	string
Compromise Infrastructure	string
Container and Resource Discovery	string
Create Account	string
Create or Modify System Process	string
Credentials from Password Stores	string
Data Destruction	string
Data Encrypted for Impact	string
Data Manipulation	string
Data Staged	string
Data from Cloud Storage Object	string
Data from Configuration Repository	string
Data from Information Repositories	string
Data from Local System	string
Defacement	string
Deobfuscate/Decode Files or Information	string
Disk Wipe	string
Domain Trust Discovery	string
Drive-by Compromise	string
Dynamic Resolution	string
Endpoint Denial of Service	string
Event Triggered Execution	string
Exfiltration Over Alternative Protocol	string
Exploit Public-Facing Application	string
Exploitation for Client Execution	string
Exploitation for Credential Access	string
Exploitation for Defense Evasion	string
Exploitation for Privilege Escalation	string
Exploitation of Remote Services	string
External Remote Services	string
Fallback Channels	string
File and Directory Discovery	string
File and Directory Permissions Modification	string
Gather Victim Network Information	string
Hide Artifacts	string
Hijack Execution Flow	string
Impair Defenses	string
Implant Container Image	string
Indicator Removal on Host	string
Indirect Command Execution	string
Ingress Tool Transfer	string
Input Capture	string
Inter-Process Communication	string
Lateral Tool Transfer	string
Man-in-the-Middle	string
Masquerading	string
Modify Authentication Process	string
Modify Registry	string
Network Denial of Service	string
Network Service Scanning	string
Network Sniffing	string
Non-Application Layer Protocol	string
Non-Standard Port	string
OS Credential Dumping	string
Obfuscated Files or Information	string
Obtain Capabilities	string
Office Application Startup	string
Permission Groups Discovery	string
Phishing	string
Pre-OS Boot	string
Process Discovery	string
Process Injection	string
Protocol Tunneling	string
Proxy	string
Query Registry	string
Remote Access Software	string
Remote Service Session Hijacking	string
Remote Services	string
Remote System Discovery	string
Resource Hijacking	string
SQL Stored Procedures	string
Scheduled Task/Job	string
Screen Capture	string
Search Victim-Owned Websites	string
Server Software Component	string
Service Stop	string
Signed Binary Proxy Execution	string
Software Deployment Tools	string
Steal or Forge Kerberos Tickets	string
Subvert Trust Controls	string
Supply Chain Compromise	string
System Information Discovery	string
Taint Shared Content	string
Traffic Signaling	string
Transfer Data to Cloud Account	string
Trusted Relationship	string
Unsecured Credentials	string
User Execution	string
Valid Accounts	string
Windows Management Instrumentation	string

threats

名称	类型	说明
accountBreach	string
dataExfiltration	string
dataSpillage	string
denialOfService	string
elevationOfPrivilege	string
maliciousInsider	string
missingCoverage	string
threatResistance	string

userImpact

评估的用户影响

名称	类型	说明
High	string
Low	string
Moderate	string

通过

Assessments Metadata - Get In Subscription

URI 参数

响应

安全性

azure_auth

作用域

示例

Get security assessment metadata for subscription

示例请求

示例响应

定义

assessmentType

categories

CloudError

CloudErrorBody

ErrorAdditionalInfo

implementationEffort

PublishDates

SecurityAssessmentMetadataPartnerData

SecurityAssessmentMetadataResponse

severity

tactics

techniques

threats

userImpact

其他资源