Sub Assessments - List All

服務:

Defender for Cloud

API 版本:

2019-01-01-preview

取得訂用帳戶範圍內所有已掃描資源的安全性子評估

GET https://management.azure.com/{scope}/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

URI 參數

名稱	位於	必要	類型	Description
scope	path	True	string	查詢的範圍可以是訂用帳戶 （/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f） 或管理群組 （/providers/Microsoft.Management/managementGroups/mgName）。
api-version	query	True	string	作業的 API 版本

回應

名稱	類型	Description
200 OK	SecuritySubAssessmentList	還行
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

List security sub-assessments

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments ListAll.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubscriptionSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().listAll("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListAllPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListAllPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host."),
		// 				AdditionalData: &armsecurity.ContainerRegistryVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeContainerRegistryVulnerability),
		// 					Type: to.Ptr("Vulnerability"),
		// 					Cve: []*armsecurity.CVE{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("CVE-2019-12345"),
		// 					}},
		// 					Cvss: map[string]*armsecurity.CVSS{
		// 						"2.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 						"3.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 					},
		// 					ImageDigest: to.Ptr("c186fc44-3154-4ce2-ba18-b719d895c3b0"),
		// 					Patchable: to.Ptr(true),
		// 					PublishedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-01-01T00:00:00.000Z"); return t}()),
		// 					RepositoryName: to.Ptr("myRepo"),
		// 					VendorReferences: []*armsecurity.VendorReference{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("Reference_1"),
		// 					}},
		// 				},
		// 				Category: to.Ptr("Backdoors and trojan horses"),
		// 				DisplayName: to.Ptr("'Back Orifice' Backdoor"),
		// 				ID: to.Ptr("1001"),
		// 				Impact: to.Ptr("3"),
		// 				Remediation: to.Ptr("Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Description: to.Ptr("The resource is unhealthy"),
		// 					Cause: to.Ptr(""),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a subscription scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a subscription scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.subAssessments.listAll(scope)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
      "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "displayName": "'Back Orifice' Backdoor",
        "id": "1001",
        "status": {
          "code": "Unhealthy",
          "cause": "",
          "severity": "High",
          "description": "The resource is unhealthy"
        },
        "resourceDetails": {
          "source": "Azure",
          "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
        },
        "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
        "impact": "3",
        "category": "Backdoors and trojan horses",
        "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "additionalData": {
          "assessedResourceType": "ContainerRegistryVulnerability",
          "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
          "repositoryName": "myRepo",
          "type": "Vulnerability",
          "cvss": {
            "2.0": {
              "base": 10
            },
            "3.0": {
              "base": 10
            }
          },
          "patchable": true,
          "cve": [
            {
              "title": "CVE-2019-12345",
              "link": "http://contoso.com"
            }
          ],
          "publishedTime": "2018-01-01T00:00:00.0000000Z",
          "vendorReferences": [
            {
              "title": "Reference_1",
              "link": "http://contoso.com"
            }
          ]
        }
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

定義

名稱	Description
AzureResourceDetails	已評估的 Azure 資源詳細數據
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。
CloudErrorBody	錯誤詳細數據。
ContainerRegistryVulnerabilityProperties	容器登錄弱點評估的其他內容欄位
CVE	CVE 詳細數據
CVSS	CVSS 詳細數據
ErrorAdditionalInfo	資源管理錯誤其他資訊。
OnPremiseResourceDetails	評估的內部部署資源詳細數據
OnPremiseSqlResourceDetails	已評估之內部部署 Sql 資源的詳細數據
SecuritySubAssessment	資源的安全性子評估
SecuritySubAssessmentList	安全性子評估清單
ServerVulnerabilityProperties	伺服器弱點評估的其他內容欄位
severity	子評估嚴重性層級
SqlServerVulnerabilityProperties	已評估之資源的詳細數據
SubAssessmentStatus	子評估的狀態
SubAssessmentStatusCode	評估狀態的程式設計程序代碼
VendorReference	廠商參考

AzureResourceDetails

已評估的 Azure 資源詳細數據

名稱	類型	Description
id	string	已評估資源的 Azure 資源識別碼
source	string: Azure	評估資源所在的平臺

CloudError

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細數據。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

ContainerRegistryVulnerabilityProperties

容器登錄弱點評估的其他內容欄位

名稱	類型	Description
assessedResourceType	string: ContainerRegistryVulnerability	子評定資源類型
cve	CVE[]	CVE 清單
cvss	<string,  CVSS>	從 cvss 版本到 cvss 詳細資料物件的字典
imageDigest	string	易受攻擊影像的摘要
patchable	boolean	指出修補程式是否可用
publishedTime	string	發佈時間
repositoryName	string	易受攻擊映像所屬的存放庫名稱
type	string	弱點類型。 例如：弱點、潛在弱點、收集到的資訊、弱點
vendorReferences	VendorReference[]	廠商參考

CVE

CVE 詳細數據

名稱	類型	Description
link	string	連結 URL
title	string	CVE 標題

CVSS

CVSS 詳細數據

名稱	類型	Description
base	number	CVSS 基底

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

OnPremiseResourceDetails

評估的內部部署資源詳細數據

名稱	類型	Description
machineName	string	計算機的名稱
source	string: OnPremise	評估資源所在的平臺
sourceComputerId	string	計算機上安裝的 oms 代理程式識別碼
vmuuid	string	計算機的唯一標識碼
workspaceId	string	計算機所連結工作區的 Azure 資源識別碼

OnPremiseSqlResourceDetails

已評估之內部部署 Sql 資源的詳細數據

名稱	類型	Description
databaseName	string	計算機上安裝的 Sql 資料庫名稱
machineName	string	計算機的名稱
serverName	string	計算機上安裝的 Sql Server 名稱
source	string: OnPremiseSql	評估資源所在的平臺
sourceComputerId	string	計算機上安裝的 oms 代理程式識別碼
vmuuid	string	計算機的唯一標識碼
workspaceId	string	計算機所連結工作區的 Azure 資源識別碼

SecuritySubAssessment

資源的安全性子評估

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	子評估的詳細數據
properties.category	string	子評估的類別
properties.description	string	評估狀態的人類可讀描述
properties.displayName	string	子評估的使用者易記顯示名稱
properties.id	string	弱點標識碼
properties.impact	string	此子評估影響的描述
properties.remediation	string	如何補救此子評估的相關信息
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	已評估之資源的詳細數據
properties.status	SubAssessmentStatus	子評估的狀態
properties.timeGenerated	string	產生子評估的日期和時間
type	string	資源類型

SecuritySubAssessmentList

安全性子評估清單

名稱	類型	Description
nextLink	string	要擷取下一頁的 URI。
value	SecuritySubAssessment[]	資源的安全性子評估

ServerVulnerabilityProperties

伺服器弱點評估的其他內容欄位

名稱	類型	Description
assessedResourceType	string: ServerVulnerabilityAssessment	子評定資源類型
cve	CVE[]	CVE 清單
cvss	<string,  CVSS>	從 cvss 版本到 cvss 詳細資料物件的字典
patchable	boolean	指出修補程式是否可用
publishedTime	string	發佈時間
threat	string	威脅名稱
type	string	弱點類型。 例如：弱點、潛在弱點、收集到的資訊
vendorReferences	VendorReference[]	廠商參考

severity

子評估嚴重性層級

名稱	類型	Description
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

已評估之資源的詳細數據

名稱	類型	Description
assessedResourceType	string: SqlServerVulnerability	子評定資源類型
query	string	在您的 SQL 資料庫上執行的 T-SQL 查詢，以執行特定檢查
type	string	子評量的資源類型會在其資源詳細數據中參考

SubAssessmentStatus

子評估的狀態

名稱	類型	Description
cause	string	評估狀態原因的程式設計程序代碼
code	SubAssessmentStatusCode	評估狀態的程式設計程序代碼
description	string	評估狀態的人類可讀描述
severity	severity	子評估嚴重性層級

SubAssessmentStatusCode

評估狀態的程式設計程序代碼

名稱	類型	Description
Healthy	string	資源狀況良好
NotApplicable	string	此資源的評定未發生
Unhealthy	string	資源有需要解決的安全性問題

VendorReference

廠商參考

名稱	類型	Description
link	string	連結 URL
title	string	連結標題