你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Sub Assessments - List All

服务:

Defender for Cloud

API 版本:

2019-01-01-preview

获取订阅范围内所有扫描资源的安全子评估

GET https://management.azure.com/{scope}/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

URI 参数

名称	在	必需	类型	说明
scope	path	True	string	查询范围，可以是订阅（/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f）或管理组（/providers/Microsoft.Management/managementGroups/mgName）。
api-version	query	True	string	操作的 API 版本

响应

名称	类型	说明
200 OK	SecuritySubAssessmentList	还行
Other Status Codes	CloudError	描述操作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

List security sub-assessments

示例请求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments ListAll.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubscriptionSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().listAll("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListAllPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListAllPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host."),
		// 				AdditionalData: &armsecurity.ContainerRegistryVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeContainerRegistryVulnerability),
		// 					Type: to.Ptr("Vulnerability"),
		// 					Cve: []*armsecurity.CVE{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("CVE-2019-12345"),
		// 					}},
		// 					Cvss: map[string]*armsecurity.CVSS{
		// 						"2.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 						"3.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 					},
		// 					ImageDigest: to.Ptr("c186fc44-3154-4ce2-ba18-b719d895c3b0"),
		// 					Patchable: to.Ptr(true),
		// 					PublishedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-01-01T00:00:00.000Z"); return t}()),
		// 					RepositoryName: to.Ptr("myRepo"),
		// 					VendorReferences: []*armsecurity.VendorReference{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("Reference_1"),
		// 					}},
		// 				},
		// 				Category: to.Ptr("Backdoors and trojan horses"),
		// 				DisplayName: to.Ptr("'Back Orifice' Backdoor"),
		// 				ID: to.Ptr("1001"),
		// 				Impact: to.Ptr("3"),
		// 				Remediation: to.Ptr("Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Description: to.Ptr("The resource is unhealthy"),
		// 					Cause: to.Ptr(""),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a subscription scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a subscription scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.subAssessments.listAll(scope)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
      "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "displayName": "'Back Orifice' Backdoor",
        "id": "1001",
        "status": {
          "code": "Unhealthy",
          "cause": "",
          "severity": "High",
          "description": "The resource is unhealthy"
        },
        "resourceDetails": {
          "source": "Azure",
          "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
        },
        "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
        "impact": "3",
        "category": "Backdoors and trojan horses",
        "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "additionalData": {
          "assessedResourceType": "ContainerRegistryVulnerability",
          "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
          "repositoryName": "myRepo",
          "type": "Vulnerability",
          "cvss": {
            "2.0": {
              "base": 10
            },
            "3.0": {
              "base": 10
            }
          },
          "patchable": true,
          "cve": [
            {
              "title": "CVE-2019-12345",
              "link": "http://contoso.com"
            }
          ],
          "publishedTime": "2018-01-01T00:00:00.0000000Z",
          "vendorReferences": [
            {
              "title": "Reference_1",
              "link": "http://contoso.com"
            }
          ]
        }
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

定义

名称	说明
AzureResourceDetails	已评估的 Azure 资源的详细信息
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ContainerRegistryVulnerabilityProperties	容器注册表漏洞评估的其他上下文字段
CVE	CVE 详细信息
CVSS	CVSS 详细信息
ErrorAdditionalInfo	资源管理错误附加信息。
OnPremiseResourceDetails	已评估的本地资源的详细信息
OnPremiseSqlResourceDetails	已评估的本地 Sql 资源的详细信息
SecuritySubAssessment	资源的安全子评估
SecuritySubAssessmentList	安全子评估列表
ServerVulnerabilityProperties	服务器漏洞评估的其他上下文字段
severity	子评估严重性级别
SqlServerVulnerabilityProperties	已评估的资源的详细信息
SubAssessmentStatus	子评估的状态
SubAssessmentStatusCode	评估状态的编程代码
VendorReference	供应商参考

AzureResourceDetails

已评估的 Azure 资源的详细信息

名称	类型	说明
id	string	已评估资源的 Azure 资源 ID
source	string: Azure	评估资源所在的平台

CloudError

所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。 （这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ContainerRegistryVulnerabilityProperties

容器注册表漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ContainerRegistryVulnerability	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
imageDigest	string	易受攻击图像的摘要
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
repositoryName	string	易受攻击映像所属的存储库的名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息、漏洞
vendorReferences	VendorReference[]	供应商参考

CVE

CVE 详细信息

名称	类型	说明
link	string	链接 URL
title	string	CVE 标题

CVSS

CVSS 详细信息

名称	类型	说明
base	number	CVSS 基础

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

OnPremiseResourceDetails

已评估的本地资源的详细信息

名称	类型	说明
machineName	string	计算机的名称
source	string: OnPremise	评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

OnPremiseSqlResourceDetails

已评估的本地 Sql 资源的详细信息

名称	类型	说明
databaseName	string	计算机上安装的 Sql 数据库名称
machineName	string	计算机的名称
serverName	string	计算机上安装的 Sql Server 名称
source	string: OnPremiseSql	评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

SecuritySubAssessment

资源的安全子评估

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	子评估的详细信息
properties.category	string	子评估类别
properties.description	string	评估状态的人工可读说明
properties.displayName	string	子评估的用户友好显示名称
properties.id	string	漏洞 ID
properties.impact	string	此子评估的影响说明
properties.remediation	string	有关如何修正此子评估的信息
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	已评估的资源的详细信息
properties.status	SubAssessmentStatus	子评估的状态
properties.timeGenerated	string	生成子评估的日期和时间
type	string	资源类型

SecuritySubAssessmentList

安全子评估列表

名称	类型	说明
nextLink	string	要提取下一页的 URI。
value	SecuritySubAssessment[]	资源的安全子评估

ServerVulnerabilityProperties

服务器漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ServerVulnerabilityAssessment	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
threat	string	威胁名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息
vendorReferences	VendorReference[]	供应商参考

severity

子评估严重性级别

名称	类型	说明
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

已评估的资源的详细信息

名称	类型	说明
assessedResourceType	string: SqlServerVulnerability	子评估资源类型
query	string	在 SQL 数据库上运行以执行特定检查的 T-SQL 查询
type	string	子评估的资源类型在其资源详细信息中引用

SubAssessmentStatus

子评估的状态

名称	类型	说明
cause	string	评估状态原因的编程代码
code	SubAssessmentStatusCode	评估状态的编程代码
description	string	评估状态的人工可读说明
severity	severity	子评估严重性级别

SubAssessmentStatusCode

评估状态的编程代码

名称	类型	说明
Healthy	string	资源正常
NotApplicable	string	此资源的评估未发生
Unhealthy	string	资源存在需要解决的安全问题

VendorReference

供应商参考

名称	类型	说明
link	string	链接 URL
title	string	链接标题