你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Assessments Metadata - List

服务:

Defender for Cloud

API 版本:

2021-06-01

获取所有评估类型的元数据信息

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

URI 参数

名称	在	必需	类型	说明
api-version	query	True	string	操作的 API 版本

响应

名称	类型	说明
200 OK	SecurityAssessmentMetadataResponseList	还行
Other Status Codes	CloudError	描述操作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

List security assessment metadata

示例请求

HTTP

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * ListAssessmentsMetadata_example.json
     */
    /**
     * Sample code: List security assessment metadata.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecurityAssessmentMetadata(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().list(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
func ExampleAssessmentsMetadataClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssessmentsMetadataClient().NewListPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssessmentMetadataResponseList = armsecurity.AssessmentMetadataResponseList{
		// 	Value: []*armsecurity.AssessmentMetadataResponse{
		// 		{
		// 			Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 			ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 				Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
		// 				AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
		// 				Categories: []*armsecurity.Categories{
		// 					to.Ptr(armsecurity.CategoriesCompute)},
		// 					DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
		// 					ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 					PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
		// 					RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
		// 					Severity: to.Ptr(armsecurity.SeverityMedium),
		// 					Threats: []*armsecurity.Threats{
		// 						to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 						to.Ptr(armsecurity.ThreatsDataSpillage),
		// 						to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 						UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 						PlannedDeprecationDate: to.Ptr("03/2022"),
		// 						PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 							GA: to.Ptr("06/01/2021"),
		// 							Public: to.Ptr("06/01/2021"),
		// 						},
		// 						Tactics: []*armsecurity.Tactics{
		// 							to.Ptr(armsecurity.TacticsCredentialAccess),
		// 							to.Ptr(armsecurity.TacticsPersistence),
		// 							to.Ptr(armsecurity.TacticsExecution),
		// 							to.Ptr(armsecurity.TacticsDefenseEvasion),
		// 							to.Ptr(armsecurity.TacticsCollection),
		// 							to.Ptr(armsecurity.TacticsDiscovery),
		// 							to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
		// 							Techniques: []*armsecurity.Techniques{
		// 								to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
		// 								to.Ptr(armsecurity.TechniquesIngressToolTransfer),
		// 								to.Ptr(armsecurity.TechniquesPhishing),
		// 								to.Ptr(armsecurity.TechniquesUserExecution)},
		// 							},
		// 						},
		// 						{
		// 							Name: to.Ptr("bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 							ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 								Description: to.Ptr("Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine."),
		// 								AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomPolicy),
		// 								Categories: []*armsecurity.Categories{
		// 									to.Ptr(armsecurity.CategoriesNetworking)},
		// 									DisplayName: to.Ptr("Close management ports on your virtual machines"),
		// 									ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 									PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917"),
		// 									Preview: to.Ptr(true),
		// 									RemediationDescription: to.Ptr("We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'"),
		// 									Severity: to.Ptr(armsecurity.SeverityMedium),
		// 									Threats: []*armsecurity.Threats{
		// 										to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 										to.Ptr(armsecurity.ThreatsDataSpillage),
		// 										to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 										UserImpact: to.Ptr(armsecurity.UserImpactHigh),
		// 										PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 											GA: to.Ptr("06/01/2021"),
		// 											Public: to.Ptr("06/01/2021"),
		// 										},
		// 									},
		// 								},
		// 								{
		// 									Name: to.Ptr("ca039e75-a276-4175-aebc-bcd41e4b14b7"),
		// 									Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 									ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7"),
		// 									Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 										Description: to.Ptr("Assessment that my organization created to view our security assessment in Azure Security Center"),
		// 										AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomerManaged),
		// 										Categories: []*armsecurity.Categories{
		// 											to.Ptr(armsecurity.CategoriesCompute)},
		// 											DisplayName: to.Ptr("My organization security assessment"),
		// 											ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 											RemediationDescription: to.Ptr("Fix it with these remediation instructions"),
		// 											Severity: to.Ptr(armsecurity.SeverityMedium),
		// 											Threats: []*armsecurity.Threats{
		// 											},
		// 											UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 											PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 												GA: to.Ptr("06/01/2021"),
		// 												Public: to.Ptr("06/01/2021"),
		// 											},
		// 										},
		// 								}},
		// 							}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on all assessment types
 *
 * @summary Get metadata information on all assessment types
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
 */
async function listSecurityAssessmentMetadata() {
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.assessmentsMetadata.list()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
// this example is just showing the usage of "AssessmentsMetadata_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

TenantResource tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;

// get the collection of this TenantAssessmentMetadataResource
TenantAssessmentMetadataCollection collection = tenantResource.GetAllTenantAssessmentMetadata();

// invoke the operation and iterate over the result
await foreach (TenantAssessmentMetadataResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecurityAssessmentMetadataData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
      "name": "21300918-b2e3-0346-785f-c77ff57d243b",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Install endpoint protection solution on virtual machine scale sets",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
        "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "plannedDeprecationDate": "03/2022",
        "tactics": [
          "Credential Access",
          "Persistence",
          "Execution",
          "Defense Evasion",
          "Collection",
          "Discovery",
          "Privilege Escalation"
        ],
        "techniques": [
          "Obfuscated Files or Information",
          "Ingress Tool Transfer",
          "Phishing",
          "User Execution"
        ],
        "assessmentType": "BuiltIn"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Close management ports on your virtual machines",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
        "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
        "categories": [
          "Networking"
        ],
        "severity": "Medium",
        "userImpact": "High",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "preview": true,
        "assessmentType": "CustomPolicy"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "My organization security assessment",
        "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
        "remediationDescription": "Fix it with these remediation instructions",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "assessmentType": "CustomerManaged"
      }
    }
  ]
}

定义

名称	说明
assessmentType	如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn
categories
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ErrorAdditionalInfo	资源管理错误附加信息。
implementationEffort	修正此评估所需的实施工作
PublishDates
SecurityAssessmentMetadataPartnerData	描述创建评估的合作伙伴
SecurityAssessmentMetadataResponse	安全评估元数据响应
SecurityAssessmentMetadataResponseList	安全评估元数据列表
severity	评估的严重性级别
tactics
techniques
threats
userImpact	评估的用户影响

assessmentType

枚举

如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn

值	说明
BuiltIn	Microsoft Defender for Cloud 托管评估
CustomPolicy	从 Azure Policy 自动引入到 Microsoft Defender for Cloud 的用户定义策略
CustomerManaged	用户或其他第三方直接推送到 Microsoft Defender for Cloud 的用户评估
VerifiedPartner	如果用户将其连接到 ASC，则由已验证的第三方创建的评估

categories

枚举

值	说明
Compute
Data
IdentityAndAccess
IoT
Networking

CloudError

Object

所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

Object

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorAdditionalInfo

Object

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

implementationEffort

枚举

修正此评估所需的实施工作

值	说明
High
Low
Moderate

PublishDates

Object

名称	类型	说明
GA	string pattern: ^([0-9]{2}/){2}[0-9]{4}$
public	string pattern: ^([0-9]{2}/){2}[0-9]{4}$

SecurityAssessmentMetadataPartnerData

Object

描述创建评估的合作伙伴

名称	类型	说明
partnerName	string	合作伙伴公司的名称
productName	string	创建评估的合作伙伴的产品的名称
secret	string	对合作伙伴进行身份验证并验证其是否创建了评估的机密 - 仅写入

SecurityAssessmentMetadataResponse

Object

安全评估元数据响应

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.assessmentType	assessmentType	如果基于内置 Azure Policy 定义的评估，则 BuiltIn;如果基于自定义 Azure Policy 定义的评估，则为 CustomIn
properties.categories	categories[]	评估不正常时面临风险的资源类别
properties.description	string	评估的人工可读说明
properties.displayName	string	评估的用户友好显示名称
properties.implementationEffort	implementationEffort	修正此评估所需的实施工作
properties.partnerData	SecurityAssessmentMetadataPartnerData	描述创建评估的合作伙伴
properties.plannedDeprecationDate	string pattern: ^[0-9]{2}/[0-9]{4}$
properties.policyDefinitionId	string	启用此评估计算的策略定义的 Azure 资源 ID
properties.preview	boolean	如此 如果此评估处于预览版发布状态
properties.publishDates	PublishDates
properties.remediationDescription	string	人工可读说明应执行的操作以缓解此安全问题
properties.severity	severity	评估的严重性级别
properties.tactics	tactics[]	评估策略
properties.techniques	techniques[]	评估技术
properties.threats	threats[]	评估的威胁影响
properties.userImpact	userImpact	评估的用户影响
type	string	资源类型

SecurityAssessmentMetadataResponseList

Object

安全评估元数据列表

名称	类型	说明
nextLink	string	要提取下一页的 URI。
value	SecurityAssessmentMetadataResponse[]	安全评估元数据响应

severity

枚举

评估的严重性级别

值	说明
High
Low
Medium

tactics

枚举

值	说明
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Reconnaissance
Resource Development

techniques

枚举

值	说明
Abuse Elevation Control Mechanism
Access Token Manipulation
Account Discovery
Account Manipulation
Active Scanning
Application Layer Protocol
Audio Capture
Boot or Logon Autostart Execution
Boot or Logon Initialization Scripts
Brute Force
Cloud Infrastructure Discovery
Cloud Service Dashboard
Cloud Service Discovery
Command and Scripting Interpreter
Compromise Client Software Binary
Compromise Infrastructure
Container and Resource Discovery
Create Account
Create or Modify System Process
Credentials from Password Stores
Data Destruction
Data Encrypted for Impact
Data Manipulation
Data Staged
Data from Cloud Storage Object
Data from Configuration Repository
Data from Information Repositories
Data from Local System
Defacement
Deobfuscate/Decode Files or Information
Disk Wipe
Domain Trust Discovery
Drive-by Compromise
Dynamic Resolution
Endpoint Denial of Service
Event Triggered Execution
Exfiltration Over Alternative Protocol
Exploit Public-Facing Application
Exploitation for Client Execution
Exploitation for Credential Access
Exploitation for Defense Evasion
Exploitation for Privilege Escalation
Exploitation of Remote Services
External Remote Services
Fallback Channels
File and Directory Discovery
File and Directory Permissions Modification
Gather Victim Network Information
Hide Artifacts
Hijack Execution Flow
Impair Defenses
Implant Container Image
Indicator Removal on Host
Indirect Command Execution
Ingress Tool Transfer
Input Capture
Inter-Process Communication
Lateral Tool Transfer
Man-in-the-Middle
Masquerading
Modify Authentication Process
Modify Registry
Network Denial of Service
Network Service Scanning
Network Sniffing
Non-Application Layer Protocol
Non-Standard Port
OS Credential Dumping
Obfuscated Files or Information
Obtain Capabilities
Office Application Startup
Permission Groups Discovery
Phishing
Pre-OS Boot
Process Discovery
Process Injection
Protocol Tunneling
Proxy
Query Registry
Remote Access Software
Remote Service Session Hijacking
Remote Services
Remote System Discovery
Resource Hijacking
SQL Stored Procedures
Scheduled Task/Job
Screen Capture
Search Victim-Owned Websites
Server Software Component
Service Stop
Signed Binary Proxy Execution
Software Deployment Tools
Steal or Forge Kerberos Tickets
Subvert Trust Controls
Supply Chain Compromise
System Information Discovery
Taint Shared Content
Traffic Signaling
Transfer Data to Cloud Account
Trusted Relationship
Unsecured Credentials
User Execution
Valid Accounts
Windows Management Instrumentation

threats

枚举

值	说明
accountBreach
dataExfiltration
dataSpillage
denialOfService
elevationOfPrivilege
maliciousInsider
missingCoverage
threatResistance

userImpact

枚举

评估的用户影响

值	说明
High
Low
Moderate