Assessments Metadata - List By Subscription
取得特定訂用帳戶中所有評量類型的元數據資訊
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01
URI 參數
名稱 | 位於 | 必要 | 類型 | Description |
---|---|---|---|---|
subscription
|
path | True |
string |
Azure 訂用帳戶標識碼 Regex 模式: |
api-version
|
query | True |
string |
作業的 API 版本 |
回應
名稱 | 類型 | Description |
---|---|---|
200 OK |
還行 |
|
Other Status Codes |
描述作業失敗原因的錯誤回應。 |
安全性
azure_auth
Azure Active Directory OAuth2 Flow
類型:
oauth2
Flow:
implicit
授權 URL:
https://login.microsoftonline.com/common/oauth2/authorize
範圍
名稱 | Description |
---|---|
user_impersonation | 模擬您的用戶帳戶 |
範例
List security assessment metadata for subscription
範例要求
GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01
範例回覆
{
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"categories": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"publishDates": {
"GA": "06/01/2021",
"public": "06/01/2021"
},
"plannedDeprecationDate": "03/2022",
"tactics": [
"Credential Access",
"Persistence",
"Execution",
"Defense Evasion",
"Collection",
"Discovery",
"Privilege Escalation"
],
"techniques": [
"Obfuscated Files or Information",
"Ingress Tool Transfer",
"Phishing",
"User Execution"
],
"assessmentType": "BuiltIn"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Close management ports on your virtual machines",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"categories": [
"Networking"
],
"severity": "Medium",
"userImpact": "High",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"publishDates": {
"GA": "06/01/2021",
"public": "06/01/2021"
},
"preview": true,
"assessmentType": "CustomPolicy"
}
}
]
}
定義
名稱 | Description |
---|---|
assessment |
根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量 |
categories | |
Cloud |
所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。 |
Cloud |
錯誤詳細數據。 |
Error |
資源管理錯誤其他資訊。 |
implementation |
補救此評估所需的實作工作 |
Publish |
|
Security |
描述建立評定的合作夥伴 |
Security |
安全性評定元數據回應 |
Security |
安全性評估元數據清單 |
severity |
評定的嚴重性層級 |
tactics | |
techniques | |
threats | |
user |
評估的用戶影響 |
assessmentType
根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量
名稱 | 類型 | Description |
---|---|---|
BuiltIn |
string |
適用於雲端的Defender受控評量Microsoft |
CustomPolicy |
string |
自動從 Azure 原則擷取到適用於雲端的 Defender Microsoft 使用者定義的原則 |
CustomerManaged |
string |
由使用者或其他第三方直接推送至適用於雲端的Defender Microsoft用戶評量 |
VerifiedPartner |
string |
如果使用者將它連線至 ASC,由已驗證的第三方所建立的評量 |
categories
名稱 | 類型 | Description |
---|---|---|
Compute |
string |
|
Data |
string |
|
IdentityAndAccess |
string |
|
IoT |
string |
|
Networking |
string |
CloudError
所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。
名稱 | 類型 | Description |
---|---|---|
error.additionalInfo |
錯誤其他資訊。 |
|
error.code |
string |
錯誤碼。 |
error.details |
錯誤詳細數據。 |
|
error.message |
string |
錯誤訊息。 |
error.target |
string |
錯誤目標。 |
CloudErrorBody
錯誤詳細數據。
名稱 | 類型 | Description |
---|---|---|
additionalInfo |
錯誤其他資訊。 |
|
code |
string |
錯誤碼。 |
details |
錯誤詳細數據。 |
|
message |
string |
錯誤訊息。 |
target |
string |
錯誤目標。 |
ErrorAdditionalInfo
資源管理錯誤其他資訊。
名稱 | 類型 | Description |
---|---|---|
info |
object |
其他資訊。 |
type |
string |
其他信息類型。 |
implementationEffort
補救此評估所需的實作工作
名稱 | 類型 | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Moderate |
string |
PublishDates
名稱 | 類型 | Description |
---|---|---|
GA |
string |
|
public |
string |
SecurityAssessmentMetadataPartnerData
描述建立評定的合作夥伴
名稱 | 類型 | Description |
---|---|---|
partnerName |
string |
合作夥伴公司的名稱 |
productName |
string |
建立評量之合作夥伴的產品名稱 |
secret |
string |
驗證合作夥伴並確認其已建立評定的秘密 - 僅寫入 |
SecurityAssessmentMetadataResponse
安全性評定元數據回應
名稱 | 類型 | Description |
---|---|---|
id |
string |
資源標識碼 |
name |
string |
資源名稱 |
properties.assessmentType |
根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量 |
|
properties.categories |
評量狀況不良時有風險的資源類別 |
|
properties.description |
string |
評估的人類可讀描述 |
properties.displayName |
string |
評估的使用者易記顯示名稱 |
properties.implementationEffort |
補救此評估所需的實作工作 |
|
properties.partnerData |
描述建立評定的合作夥伴 |
|
properties.plannedDeprecationDate |
string |
|
properties.policyDefinitionId |
string |
開啟此評量計算的原則定義 Azure 資源識別碼 |
properties.preview |
boolean |
True 是表示 如果此評量處於預覽版本狀態 |
properties.publishDates | ||
properties.remediationDescription |
string |
人類可讀的關於您應該執行哪些動作來減輕此安全性問題的描述 |
properties.severity |
評定的嚴重性層級 |
|
properties.tactics |
tactics[] |
評估策略 |
properties.techniques |
評定的技術 |
|
properties.threats |
threats[] |
評估的威脅影響 |
properties.userImpact |
評估的用戶影響 |
|
type |
string |
資源類型 |
SecurityAssessmentMetadataResponseList
安全性評估元數據清單
名稱 | 類型 | Description |
---|---|---|
nextLink |
string |
要擷取下一頁的 URI。 |
value |
安全性評定元數據回應 |
severity
評定的嚴重性層級
名稱 | 類型 | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Medium |
string |
tactics
名稱 | 類型 | Description |
---|---|---|
Collection |
string |
|
Command and Control |
string |
|
Credential Access |
string |
|
Defense Evasion |
string |
|
Discovery |
string |
|
Execution |
string |
|
Exfiltration |
string |
|
Impact |
string |
|
Initial Access |
string |
|
Lateral Movement |
string |
|
Persistence |
string |
|
Privilege Escalation |
string |
|
Reconnaissance |
string |
|
Resource Development |
string |
techniques
名稱 | 類型 | Description |
---|---|---|
Abuse Elevation Control Mechanism |
string |
|
Access Token Manipulation |
string |
|
Account Discovery |
string |
|
Account Manipulation |
string |
|
Active Scanning |
string |
|
Application Layer Protocol |
string |
|
Audio Capture |
string |
|
Boot or Logon Autostart Execution |
string |
|
Boot or Logon Initialization Scripts |
string |
|
Brute Force |
string |
|
Cloud Infrastructure Discovery |
string |
|
Cloud Service Dashboard |
string |
|
Cloud Service Discovery |
string |
|
Command and Scripting Interpreter |
string |
|
Compromise Client Software Binary |
string |
|
Compromise Infrastructure |
string |
|
Container and Resource Discovery |
string |
|
Create Account |
string |
|
Create or Modify System Process |
string |
|
Credentials from Password Stores |
string |
|
Data Destruction |
string |
|
Data Encrypted for Impact |
string |
|
Data Manipulation |
string |
|
Data Staged |
string |
|
Data from Cloud Storage Object |
string |
|
Data from Configuration Repository |
string |
|
Data from Information Repositories |
string |
|
Data from Local System |
string |
|
Defacement |
string |
|
Deobfuscate/Decode Files or Information |
string |
|
Disk Wipe |
string |
|
Domain Trust Discovery |
string |
|
Drive-by Compromise |
string |
|
Dynamic Resolution |
string |
|
Endpoint Denial of Service |
string |
|
Event Triggered Execution |
string |
|
Exfiltration Over Alternative Protocol |
string |
|
Exploit Public-Facing Application |
string |
|
Exploitation for Client Execution |
string |
|
Exploitation for Credential Access |
string |
|
Exploitation for Defense Evasion |
string |
|
Exploitation for Privilege Escalation |
string |
|
Exploitation of Remote Services |
string |
|
External Remote Services |
string |
|
Fallback Channels |
string |
|
File and Directory Discovery |
string |
|
File and Directory Permissions Modification |
string |
|
Gather Victim Network Information |
string |
|
Hide Artifacts |
string |
|
Hijack Execution Flow |
string |
|
Impair Defenses |
string |
|
Implant Container Image |
string |
|
Indicator Removal on Host |
string |
|
Indirect Command Execution |
string |
|
Ingress Tool Transfer |
string |
|
Input Capture |
string |
|
Inter-Process Communication |
string |
|
Lateral Tool Transfer |
string |
|
Man-in-the-Middle |
string |
|
Masquerading |
string |
|
Modify Authentication Process |
string |
|
Modify Registry |
string |
|
Network Denial of Service |
string |
|
Network Service Scanning |
string |
|
Network Sniffing |
string |
|
Non-Application Layer Protocol |
string |
|
Non-Standard Port |
string |
|
OS Credential Dumping |
string |
|
Obfuscated Files or Information |
string |
|
Obtain Capabilities |
string |
|
Office Application Startup |
string |
|
Permission Groups Discovery |
string |
|
Phishing |
string |
|
Pre-OS Boot |
string |
|
Process Discovery |
string |
|
Process Injection |
string |
|
Protocol Tunneling |
string |
|
Proxy |
string |
|
Query Registry |
string |
|
Remote Access Software |
string |
|
Remote Service Session Hijacking |
string |
|
Remote Services |
string |
|
Remote System Discovery |
string |
|
Resource Hijacking |
string |
|
SQL Stored Procedures |
string |
|
Scheduled Task/Job |
string |
|
Screen Capture |
string |
|
Search Victim-Owned Websites |
string |
|
Server Software Component |
string |
|
Service Stop |
string |
|
Signed Binary Proxy Execution |
string |
|
Software Deployment Tools |
string |
|
Steal or Forge Kerberos Tickets |
string |
|
Subvert Trust Controls |
string |
|
Supply Chain Compromise |
string |
|
System Information Discovery |
string |
|
Taint Shared Content |
string |
|
Traffic Signaling |
string |
|
Transfer Data to Cloud Account |
string |
|
Trusted Relationship |
string |
|
Unsecured Credentials |
string |
|
User Execution |
string |
|
Valid Accounts |
string |
|
Windows Management Instrumentation |
string |
threats
名稱 | 類型 | Description |
---|---|---|
accountBreach |
string |
|
dataExfiltration |
string |
|
dataSpillage |
string |
|
denialOfService |
string |
|
elevationOfPrivilege |
string |
|
maliciousInsider |
string |
|
missingCoverage |
string |
|
threatResistance |
string |
userImpact
評估的用戶影響
名稱 | 類型 | Description |
---|---|---|
High |
string |
|
Low |
string |
|
Moderate |
string |