共用方式為


Assessments Metadata - List

取得所有評量類型的元數據資訊

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

URI 參數

名稱 位於 必要 類型 Description
api-version
query True

string

作業的 API 版本

回應

名稱 類型 Description
200 OK

SecurityAssessmentMetadataResponseList

還行

Other Status Codes

CloudError

描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱 Description
user_impersonation 模擬您的用戶帳戶

範例

List security assessment metadata

範例要求

GET https://management.azure.com/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

範例回覆

{
  "value": [
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
      "name": "21300918-b2e3-0346-785f-c77ff57d243b",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Install endpoint protection solution on virtual machine scale sets",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
        "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "plannedDeprecationDate": "03/2022",
        "tactics": [
          "Credential Access",
          "Persistence",
          "Execution",
          "Defense Evasion",
          "Collection",
          "Discovery",
          "Privilege Escalation"
        ],
        "techniques": [
          "Obfuscated Files or Information",
          "Ingress Tool Transfer",
          "Phishing",
          "User Execution"
        ],
        "assessmentType": "BuiltIn"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Close management ports on your virtual machines",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
        "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
        "categories": [
          "Networking"
        ],
        "severity": "Medium",
        "userImpact": "High",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "preview": true,
        "assessmentType": "CustomPolicy"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "My organization security assessment",
        "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
        "remediationDescription": "Fix it with these remediation instructions",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "assessmentType": "CustomerManaged"
      }
    }
  ]
}

定義

名稱 Description
assessmentType

根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量

categories
CloudError

所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。

CloudErrorBody

錯誤詳細數據。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

implementationEffort

補救此評估所需的實作工作

PublishDates
SecurityAssessmentMetadataPartnerData

描述建立評定的合作夥伴

SecurityAssessmentMetadataResponse

安全性評定元數據回應

SecurityAssessmentMetadataResponseList

安全性評估元數據清單

severity

評定的嚴重性層級

tactics
techniques
threats
userImpact

評估的用戶影響

assessmentType

根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量

名稱 類型 Description
BuiltIn

string

適用於雲端的Defender受控評量Microsoft

CustomPolicy

string

自動從 Azure 原則擷取到適用於雲端的 Defender Microsoft 使用者定義的原則

CustomerManaged

string

由使用者或其他第三方直接推送至適用於雲端的Defender Microsoft用戶評量

VerifiedPartner

string

如果使用者將它連線至 ASC,由已驗證的第三方所建立的評量

categories

名稱 類型 Description
Compute

string

Data

string

IdentityAndAccess

string

IoT

string

Networking

string

CloudError

所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。

名稱 類型 Description
error.additionalInfo

ErrorAdditionalInfo[]

錯誤其他資訊。

error.code

string

錯誤碼。

error.details

CloudErrorBody[]

錯誤詳細數據。

error.message

string

錯誤訊息。

error.target

string

錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱 類型 Description
additionalInfo

ErrorAdditionalInfo[]

錯誤其他資訊。

code

string

錯誤碼。

details

CloudErrorBody[]

錯誤詳細數據。

message

string

錯誤訊息。

target

string

錯誤目標。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱 類型 Description
info

object

其他資訊。

type

string

其他信息類型。

implementationEffort

補救此評估所需的實作工作

名稱 類型 Description
High

string

Low

string

Moderate

string

PublishDates

名稱 類型 Description
GA

string

public

string

SecurityAssessmentMetadataPartnerData

描述建立評定的合作夥伴

名稱 類型 Description
partnerName

string

合作夥伴公司的名稱

productName

string

建立評量之合作夥伴的產品名稱

secret

string

驗證合作夥伴並確認其已建立評定的秘密 - 僅寫入

SecurityAssessmentMetadataResponse

安全性評定元數據回應

名稱 類型 Description
id

string

資源標識碼

name

string

資源名稱

properties.assessmentType

assessmentType

根據內建的 Azure 原則定義進行評量時,BuiltIn 會根據自定義 Azure 原則定義自定義評量

properties.categories

categories[]

評量狀況不良時有風險的資源類別

properties.description

string

評估的人類可讀描述

properties.displayName

string

評估的使用者易記顯示名稱

properties.implementationEffort

implementationEffort

補救此評估所需的實作工作

properties.partnerData

SecurityAssessmentMetadataPartnerData

描述建立評定的合作夥伴

properties.plannedDeprecationDate

string

properties.policyDefinitionId

string

開啟此評量計算的原則定義 Azure 資源識別碼

properties.preview

boolean

True 是表示 如果此評量處於預覽版本狀態

properties.publishDates

PublishDates

properties.remediationDescription

string

人類可讀的關於您應該執行哪些動作來減輕此安全性問題的描述

properties.severity

severity

評定的嚴重性層級

properties.tactics

tactics[]

評估策略

properties.techniques

techniques[]

評定的技術

properties.threats

threats[]

評估的威脅影響

properties.userImpact

userImpact

評估的用戶影響

type

string

資源類型

SecurityAssessmentMetadataResponseList

安全性評估元數據清單

名稱 類型 Description
nextLink

string

要擷取下一頁的 URI。

value

SecurityAssessmentMetadataResponse[]

安全性評定元數據回應

severity

評定的嚴重性層級

名稱 類型 Description
High

string

Low

string

Medium

string

tactics

名稱 類型 Description
Collection

string

Command and Control

string

Credential Access

string

Defense Evasion

string

Discovery

string

Execution

string

Exfiltration

string

Impact

string

Initial Access

string

Lateral Movement

string

Persistence

string

Privilege Escalation

string

Reconnaissance

string

Resource Development

string

techniques

名稱 類型 Description
Abuse Elevation Control Mechanism

string

Access Token Manipulation

string

Account Discovery

string

Account Manipulation

string

Active Scanning

string

Application Layer Protocol

string

Audio Capture

string

Boot or Logon Autostart Execution

string

Boot or Logon Initialization Scripts

string

Brute Force

string

Cloud Infrastructure Discovery

string

Cloud Service Dashboard

string

Cloud Service Discovery

string

Command and Scripting Interpreter

string

Compromise Client Software Binary

string

Compromise Infrastructure

string

Container and Resource Discovery

string

Create Account

string

Create or Modify System Process

string

Credentials from Password Stores

string

Data Destruction

string

Data Encrypted for Impact

string

Data Manipulation

string

Data Staged

string

Data from Cloud Storage Object

string

Data from Configuration Repository

string

Data from Information Repositories

string

Data from Local System

string

Defacement

string

Deobfuscate/Decode Files or Information

string

Disk Wipe

string

Domain Trust Discovery

string

Drive-by Compromise

string

Dynamic Resolution

string

Endpoint Denial of Service

string

Event Triggered Execution

string

Exfiltration Over Alternative Protocol

string

Exploit Public-Facing Application

string

Exploitation for Client Execution

string

Exploitation for Credential Access

string

Exploitation for Defense Evasion

string

Exploitation for Privilege Escalation

string

Exploitation of Remote Services

string

External Remote Services

string

Fallback Channels

string

File and Directory Discovery

string

File and Directory Permissions Modification

string

Gather Victim Network Information

string

Hide Artifacts

string

Hijack Execution Flow

string

Impair Defenses

string

Implant Container Image

string

Indicator Removal on Host

string

Indirect Command Execution

string

Ingress Tool Transfer

string

Input Capture

string

Inter-Process Communication

string

Lateral Tool Transfer

string

Man-in-the-Middle

string

Masquerading

string

Modify Authentication Process

string

Modify Registry

string

Network Denial of Service

string

Network Service Scanning

string

Network Sniffing

string

Non-Application Layer Protocol

string

Non-Standard Port

string

OS Credential Dumping

string

Obfuscated Files or Information

string

Obtain Capabilities

string

Office Application Startup

string

Permission Groups Discovery

string

Phishing

string

Pre-OS Boot

string

Process Discovery

string

Process Injection

string

Protocol Tunneling

string

Proxy

string

Query Registry

string

Remote Access Software

string

Remote Service Session Hijacking

string

Remote Services

string

Remote System Discovery

string

Resource Hijacking

string

SQL Stored Procedures

string

Scheduled Task/Job

string

Screen Capture

string

Search Victim-Owned Websites

string

Server Software Component

string

Service Stop

string

Signed Binary Proxy Execution

string

Software Deployment Tools

string

Steal or Forge Kerberos Tickets

string

Subvert Trust Controls

string

Supply Chain Compromise

string

System Information Discovery

string

Taint Shared Content

string

Traffic Signaling

string

Transfer Data to Cloud Account

string

Trusted Relationship

string

Unsecured Credentials

string

User Execution

string

Valid Accounts

string

Windows Management Instrumentation

string

threats

名稱 類型 Description
accountBreach

string

dataExfiltration

string

dataSpillage

string

denialOfService

string

elevationOfPrivilege

string

maliciousInsider

string

missingCoverage

string

threatResistance

string

userImpact

評估的用戶影響

名稱 類型 Description
High

string

Low

string

Moderate

string