你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Sub Assessments - Get

服务:

Defender for Cloud

API 版本:

2019-01-01-preview

获取扫描资源的安全子评估

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}?api-version=2019-01-01-preview

URI 参数

名称	在	必需	类型	说明
assessmentName	path	True	string	评估密钥 - 评估类型的唯一键
scope	path	True	string	查询范围，可以是订阅（/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f）或管理组（/providers/Microsoft.Management/managementGroups/mgName）。
subAssessmentName	path	True	string	Sub-Assessment 密钥 - 子评估类型的唯一键
api-version	query	True	string	操作的 API 版本

响应

名称	类型	说明
200 OK	SecuritySubAssessment	还行
Other Status Codes	CloudError	描述操作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Get security recommendation task from security data location

示例请求

HTTP

GET https://management.azure.com/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subAssessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * GetSubAssessment_example.json
     */
    /**
     * Sample code: Get security recommendation task from security data location.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getSecurityRecommendationTaskFromSecurityDataLocation(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().getWithResponse(
            "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2",
            "1195afff-c881-495e-9bc5-1486211ae03f", "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
func ExampleSubAssessmentsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSubAssessmentsClient().Get(ctx, "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", "1195afff-c881-495e-9bc5-1486211ae03f", "95f7da9c-a2a4-1322-0758-fcd24ef09b85", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SubAssessment = armsecurity.SubAssessment{
	// 	Name: to.Ptr("95f7da9c-a2a4-1322-0758-fcd24ef09b85"),
	// 	Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
	// 	ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85"),
	// 	Properties: &armsecurity.SubAssessmentProperties{
	// 		Description: to.Ptr("PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability"),
	// 		AdditionalData: &armsecurity.AdditionalData{
	// 			AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeServerVulnerability),
	// 		},
	// 		Category: to.Ptr("Local"),
	// 		DisplayName: to.Ptr("PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability"),
	// 		ID: to.Ptr("370361"),
	// 		Impact: to.Ptr("Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message."),
	// 		Remediation: to.Ptr("Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability."),
	// 		ResourceDetails: &armsecurity.AzureResourceDetails{
	// 			Source: to.Ptr(armsecurity.SourceAzure),
	// 			ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"),
	// 		},
	// 		Status: &armsecurity.SubAssessmentStatus{
	// 			Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
	// 			Severity: to.Ptr(armsecurity.SeverityMedium),
	// 		},
	// 		TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-02T12:36:50.779Z"); return t}()),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get a security sub-assessment on your scanned resource
 *
 * @summary Get a security sub-assessment on your scanned resource
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
 */
async function getSecurityRecommendationTaskFromSecurityDataLocation() {
  const scope =
    "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2";
  const assessmentName = "1195afff-c881-495e-9bc5-1486211ae03f";
  const subAssessmentName = "95f7da9c-a2a4-1322-0758-fcd24ef09b85";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.subAssessments.get(scope, assessmentName, subAssessmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
// this example is just showing the usage of "SubAssessments_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecuritySubAssessmentResource created on azure
// for more information of creating SecuritySubAssessmentResource, please refer to the document of SecuritySubAssessmentResource
string scope = "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2";
string assessmentName = "1195afff-c881-495e-9bc5-1486211ae03f";
string subAssessmentName = "95f7da9c-a2a4-1322-0758-fcd24ef09b85";
ResourceIdentifier securitySubAssessmentResourceId = SecuritySubAssessmentResource.CreateResourceIdentifier(scope, assessmentName, subAssessmentName);
SecuritySubAssessmentResource securitySubAssessment = client.GetSecuritySubAssessmentResource(securitySubAssessmentResourceId);

// invoke the operation
SecuritySubAssessmentResource result = await securitySubAssessment.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecuritySubAssessmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "type": "Microsoft.Security/assessments/subAssessments",
  "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "properties": {
    "id": "370361",
    "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "status": {
      "code": "Unhealthy",
      "severity": "Medium"
    },
    "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.",
    "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.",
    "category": "Local",
    "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "timeGenerated": "2021-02-02T12:36:50.779Z",
    "resourceDetails": {
      "source": "Azure",
      "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"
    },
    "additionalData": {
      "assessedResourceType": "ServerVulnerability",
      "type": "VirtualMachine",
      "cvss": {
        "2.0": {
          "base": 7.5
        },
        "3.0": {
          "base": 9.8
        }
      },
      "patchable": true,
      "cve": [
        {
          "title": "CVE-2017-6542",
          "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542"
        }
      ],
      "publishedTime": "2017-04-06T10:58:25",
      "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols",
      "vendorReferences": [
        {
          "title": "CVE-2017-6542",
          "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html"
        }
      ]
    }
  }
}

定义

名称	说明
AzureResourceDetails	已评估的 Azure 资源的详细信息
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ContainerRegistryVulnerabilityProperties	容器注册表漏洞评估的其他上下文字段
CVE	CVE 详细信息
CVSS	CVSS 详细信息
ErrorAdditionalInfo	资源管理错误附加信息。
OnPremiseResourceDetails	已评估的本地资源的详细信息
OnPremiseSqlResourceDetails	已评估的本地 Sql 资源的详细信息
SecuritySubAssessment	资源的安全子评估
ServerVulnerabilityProperties	服务器漏洞评估的其他上下文字段
severity	子评估严重性级别
SqlServerVulnerabilityProperties	已评估的资源的详细信息
SubAssessmentStatus	子评估的状态
SubAssessmentStatusCode	评估状态的编程代码
VendorReference	供应商参考

AzureResourceDetails

已评估的 Azure 资源的详细信息

名称	类型	说明
id	string	已评估资源的 Azure 资源 ID
source	string: Azure	评估资源所在的平台

CloudError

所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ContainerRegistryVulnerabilityProperties

容器注册表漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ContainerRegistryVulnerability	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
imageDigest	string	易受攻击图像的摘要
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
repositoryName	string	易受攻击映像所属的存储库的名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息、漏洞
vendorReferences	VendorReference[]	供应商参考

CVE

CVE 详细信息

名称	类型	说明
link	string	链接 URL
title	string	CVE 标题

CVSS

CVSS 详细信息

名称	类型	说明
base	number	CVSS 基础

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

OnPremiseResourceDetails

已评估的本地资源的详细信息

名称	类型	说明
machineName	string	计算机的名称
source	string: OnPremise	评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

OnPremiseSqlResourceDetails

已评估的本地 Sql 资源的详细信息

名称	类型	说明
databaseName	string	计算机上安装的 Sql 数据库名称
machineName	string	计算机的名称
serverName	string	计算机上安装的 Sql Server 名称
source	string: OnPremiseSql	评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

SecuritySubAssessment

资源的安全子评估

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	子评估的详细信息
properties.category	string	子评估类别
properties.description	string	评估状态的人工可读说明
properties.displayName	string	子评估的用户友好显示名称
properties.id	string	漏洞 ID
properties.impact	string	此子评估的影响说明
properties.remediation	string	有关如何修正此子评估的信息
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	已评估的资源的详细信息
properties.status	SubAssessmentStatus	子评估的状态
properties.timeGenerated	string	生成子评估的日期和时间
type	string	资源类型

ServerVulnerabilityProperties

服务器漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ServerVulnerabilityAssessment	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
threat	string	威胁名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息
vendorReferences	VendorReference[]	供应商参考

severity

子评估严重性级别

名称	类型	说明
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

已评估的资源的详细信息

名称	类型	说明
assessedResourceType	string: SqlServerVulnerability	子评估资源类型
query	string	在 SQL 数据库上运行以执行特定检查的 T-SQL 查询
type	string	子评估的资源类型在其资源详细信息中引用

SubAssessmentStatus

子评估的状态

名称	类型	说明
cause	string	评估状态原因的编程代码
code	SubAssessmentStatusCode	评估状态的编程代码
description	string	评估状态的人工可读说明
severity	severity	子评估严重性级别

SubAssessmentStatusCode

评估状态的编程代码

名称	类型	说明
Healthy	string	资源正常
NotApplicable	string	此资源的评估未发生
Unhealthy	string	资源存在需要解决的安全问题

VendorReference

供应商参考

名称	类型	说明
link	string	链接 URL
title	string	链接标题