Assessments Metadata - Get In Subscription

服務:

Defender for Cloud

API 版本:

2021-06-01

取得特定訂用帳戶中評量類型的元數據資訊

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}?api-version=2021-06-01

URI 參數

名稱	位於	必要	類型	Description
assessmentMetadataName	path	True	string	評定金鑰 - 評量類型的唯一索引鍵
subscriptionId	path	True	string	Azure 訂用帳戶標識碼 Regex 模式: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	作業的 API 版本

回應

名稱	類型	Description
200 OK	SecurityAssessmentMetadataResponse	還行
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Get security assessment metadata for subscription

範例要求

HTTP

GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata GetInSubscription.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * GetAssessmentsMetadata_subscription_example.json
     */
    /**
     * Sample code: Get security assessment metadata for subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getSecurityAssessmentMetadataForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().getInSubscriptionWithResponse("21300918-b2e3-0346-785f-c77ff57d243b",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
func ExampleAssessmentsMetadataClient_GetInSubscription() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssessmentsMetadataClient().GetInSubscription(ctx, "21300918-b2e3-0346-785f-c77ff57d243b", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AssessmentMetadataResponse = armsecurity.AssessmentMetadataResponse{
	// 	Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
	// 	ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
	// 	Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
	// 		Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
	// 		AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
	// 		Categories: []*armsecurity.Categories{
	// 			to.Ptr(armsecurity.CategoriesCompute)},
	// 			DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
	// 			ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
	// 			PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
	// 			RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
	// 			Severity: to.Ptr(armsecurity.SeverityMedium),
	// 			Threats: []*armsecurity.Threats{
	// 				to.Ptr(armsecurity.ThreatsDataExfiltration),
	// 				to.Ptr(armsecurity.ThreatsDataSpillage),
	// 				to.Ptr(armsecurity.ThreatsMaliciousInsider)},
	// 				UserImpact: to.Ptr(armsecurity.UserImpactLow),
	// 				PlannedDeprecationDate: to.Ptr("03/2022"),
	// 				PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
	// 					GA: to.Ptr("06/01/2021"),
	// 					Public: to.Ptr("06/01/2021"),
	// 				},
	// 				Tactics: []*armsecurity.Tactics{
	// 					to.Ptr(armsecurity.TacticsCredentialAccess),
	// 					to.Ptr(armsecurity.TacticsPersistence),
	// 					to.Ptr(armsecurity.TacticsExecution),
	// 					to.Ptr(armsecurity.TacticsDefenseEvasion),
	// 					to.Ptr(armsecurity.TacticsCollection),
	// 					to.Ptr(armsecurity.TacticsDiscovery),
	// 					to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
	// 					Techniques: []*armsecurity.Techniques{
	// 						to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
	// 						to.Ptr(armsecurity.TechniquesIngressToolTransfer),
	// 						to.Ptr(armsecurity.TechniquesPhishing),
	// 						to.Ptr(armsecurity.TechniquesUserExecution)},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on an assessment type in a specific subscription
 *
 * @summary Get metadata information on an assessment type in a specific subscription
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
 */
async function getSecurityAssessmentMetadataForSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "0980887d-03d6-408c-9566-532f3456804e";
  const assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.assessmentsMetadata.getInSubscription(assessmentMetadataName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
// this example is just showing the usage of "AssessmentsMetadata_GetInSubscription" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionAssessmentMetadataResource created on azure
// for more information of creating SubscriptionAssessmentMetadataResource, please refer to the document of SubscriptionAssessmentMetadataResource
string subscriptionId = "0980887d-03d6-408c-9566-532f3456804e";
string assessmentMetadataName = "21300918-b2e3-0346-785f-c77ff57d243b";
ResourceIdentifier subscriptionAssessmentMetadataResourceId = SubscriptionAssessmentMetadataResource.CreateResourceIdentifier(subscriptionId, assessmentMetadataName);
SubscriptionAssessmentMetadataResource subscriptionAssessmentMetadata = client.GetSubscriptionAssessmentMetadataResource(subscriptionAssessmentMetadataResourceId);

// invoke the operation
SubscriptionAssessmentMetadataResource result = await subscriptionAssessmentMetadata.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAssessmentMetadataData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
  "name": "21300918-b2e3-0346-785f-c77ff57d243b",
  "type": "Microsoft.Security/assessmentMetadata",
  "properties": {
    "displayName": "Install endpoint protection solution on virtual machine scale sets",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
    "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
    "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
    "categories": [
      "Compute"
    ],
    "severity": "Medium",
    "userImpact": "Low",
    "implementationEffort": "Low",
    "threats": [
      "dataExfiltration",
      "dataSpillage",
      "maliciousInsider"
    ],
    "publishDates": {
      "GA": "06/01/2021",
      "public": "06/01/2021"
    },
    "plannedDeprecationDate": "03/2022",
    "tactics": [
      "Credential Access",
      "Persistence",
      "Execution",
      "Defense Evasion",
      "Collection",
      "Discovery",
      "Privilege Escalation"
    ],
    "techniques": [
      "Obfuscated Files or Information",
      "Ingress Tool Transfer",
      "Phishing",
      "User Execution"
    ],
    "assessmentType": "BuiltIn"
  }
}

定義

名稱	Description
assessmentType	根據內建的 Azure 原則定義進行評量時，BuiltIn 會根據自定義 Azure 原則定義自定義評量
categories
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。
CloudErrorBody	錯誤詳細數據。
ErrorAdditionalInfo	資源管理錯誤其他資訊。
implementationEffort	補救此評估所需的實作工作
PublishDates
SecurityAssessmentMetadataPartnerData	描述建立評定的合作夥伴
SecurityAssessmentMetadataResponse	安全性評定元數據回應
severity	評定的嚴重性層級
tactics
techniques
threats
userImpact	評估的用戶影響

assessmentType

根據內建的 Azure 原則定義進行評量時，BuiltIn 會根據自定義 Azure 原則定義自定義評量

名稱	類型	Description
BuiltIn	string	適用於雲端的Defender受控評量Microsoft
CustomPolicy	string	自動從 Azure 原則擷取到適用於雲端的 Defender Microsoft 使用者定義的原則
CustomerManaged	string	由使用者或其他第三方直接推送至適用於雲端的Defender Microsoft用戶評量
VerifiedPartner	string	如果使用者將它連線至 ASC，由已驗證的第三方所建立的評量

categories

名稱	類型	Description
Compute	string
Data	string
IdentityAndAccess	string
IoT	string
Networking	string

CloudError

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細數據。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

implementationEffort

補救此評估所需的實作工作

名稱	類型	Description
High	string
Low	string
Moderate	string

PublishDates

名稱	類型	Description
GA	string
public	string

SecurityAssessmentMetadataPartnerData

描述建立評定的合作夥伴

名稱	類型	Description
partnerName	string	合作夥伴公司的名稱
productName	string	建立評量之合作夥伴的產品名稱
secret	string	驗證合作夥伴並確認其已建立評定的秘密 - 僅寫入

SecurityAssessmentMetadataResponse

安全性評定元數據回應

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.assessmentType	assessmentType	根據內建的 Azure 原則定義進行評量時，BuiltIn 會根據自定義 Azure 原則定義自定義評量
properties.categories	categories[]	評量狀況不良時有風險的資源類別
properties.description	string	評估的人類可讀描述
properties.displayName	string	評估的使用者易記顯示名稱
properties.implementationEffort	implementationEffort	補救此評估所需的實作工作
properties.partnerData	SecurityAssessmentMetadataPartnerData	描述建立評定的合作夥伴
properties.plannedDeprecationDate	string
properties.policyDefinitionId	string	開啟此評量計算的原則定義 Azure 資源識別碼
properties.preview	boolean	True 是表示 如果此評量處於預覽版本狀態
properties.publishDates	PublishDates
properties.remediationDescription	string	人類可讀的關於您應該執行哪些動作來減輕此安全性問題的描述
properties.severity	severity	評定的嚴重性層級
properties.tactics	tactics[]	評估策略
properties.techniques	techniques[]	評定的技術
properties.threats	threats[]	評估的威脅影響
properties.userImpact	userImpact	評估的用戶影響
type	string	資源類型

severity

評定的嚴重性層級

名稱	類型	Description
High	string
Low	string
Medium	string

tactics

名稱	類型	Description
Collection	string
Command and Control	string
Credential Access	string
Defense Evasion	string
Discovery	string
Execution	string
Exfiltration	string
Impact	string
Initial Access	string
Lateral Movement	string
Persistence	string
Privilege Escalation	string
Reconnaissance	string
Resource Development	string

techniques

名稱	類型	Description
Abuse Elevation Control Mechanism	string
Access Token Manipulation	string
Account Discovery	string
Account Manipulation	string
Active Scanning	string
Application Layer Protocol	string
Audio Capture	string
Boot or Logon Autostart Execution	string
Boot or Logon Initialization Scripts	string
Brute Force	string
Cloud Infrastructure Discovery	string
Cloud Service Dashboard	string
Cloud Service Discovery	string
Command and Scripting Interpreter	string
Compromise Client Software Binary	string
Compromise Infrastructure	string
Container and Resource Discovery	string
Create Account	string
Create or Modify System Process	string
Credentials from Password Stores	string
Data Destruction	string
Data Encrypted for Impact	string
Data Manipulation	string
Data Staged	string
Data from Cloud Storage Object	string
Data from Configuration Repository	string
Data from Information Repositories	string
Data from Local System	string
Defacement	string
Deobfuscate/Decode Files or Information	string
Disk Wipe	string
Domain Trust Discovery	string
Drive-by Compromise	string
Dynamic Resolution	string
Endpoint Denial of Service	string
Event Triggered Execution	string
Exfiltration Over Alternative Protocol	string
Exploit Public-Facing Application	string
Exploitation for Client Execution	string
Exploitation for Credential Access	string
Exploitation for Defense Evasion	string
Exploitation for Privilege Escalation	string
Exploitation of Remote Services	string
External Remote Services	string
Fallback Channels	string
File and Directory Discovery	string
File and Directory Permissions Modification	string
Gather Victim Network Information	string
Hide Artifacts	string
Hijack Execution Flow	string
Impair Defenses	string
Implant Container Image	string
Indicator Removal on Host	string
Indirect Command Execution	string
Ingress Tool Transfer	string
Input Capture	string
Inter-Process Communication	string
Lateral Tool Transfer	string
Man-in-the-Middle	string
Masquerading	string
Modify Authentication Process	string
Modify Registry	string
Network Denial of Service	string
Network Service Scanning	string
Network Sniffing	string
Non-Application Layer Protocol	string
Non-Standard Port	string
OS Credential Dumping	string
Obfuscated Files or Information	string
Obtain Capabilities	string
Office Application Startup	string
Permission Groups Discovery	string
Phishing	string
Pre-OS Boot	string
Process Discovery	string
Process Injection	string
Protocol Tunneling	string
Proxy	string
Query Registry	string
Remote Access Software	string
Remote Service Session Hijacking	string
Remote Services	string
Remote System Discovery	string
Resource Hijacking	string
SQL Stored Procedures	string
Scheduled Task/Job	string
Screen Capture	string
Search Victim-Owned Websites	string
Server Software Component	string
Service Stop	string
Signed Binary Proxy Execution	string
Software Deployment Tools	string
Steal or Forge Kerberos Tickets	string
Subvert Trust Controls	string
Supply Chain Compromise	string
System Information Discovery	string
Taint Shared Content	string
Traffic Signaling	string
Transfer Data to Cloud Account	string
Trusted Relationship	string
Unsecured Credentials	string
User Execution	string
Valid Accounts	string
Windows Management Instrumentation	string

threats

名稱	類型	Description
accountBreach	string
dataExfiltration	string
dataSpillage	string
denialOfService	string
elevationOfPrivilege	string
maliciousInsider	string
missingCoverage	string
threatResistance	string

userImpact

評估的用戶影響

名稱	類型	Description
High	string
Low	string
Moderate	string