Defender for Cloud Assessment IDs

Question

Greetings,

I am looking to automate some handling of CVE vulnerabilities found in my containers by Defender for Cloud, most probably using a combination of Function and Logic Apps.

My question: does the ID of the assessment for the 'Container registry images should have vulnerability findings resolved' assessment ever change?

Example: /subscriptions/<sub-id>/resourceGroups/<rg-id>/providers/Microsoft.ContainerRegistry/registries/<acr-name>/providers/Microsoft.Security/assessments/<ASSESSMENT-ID>

I am fetching the relevant information for my vunerabilities over the API, and I am wondering what is the best way to fetch the relevant assessment. Currently I am fetching the assessment by matching the display name of the assessment 'Container registry images should have vulnerability findings resolved', but that seems... yuck.

So I was wondering if I can use the ID that the assessment currently has assigned - of course only if it won't ever change, e.g. in the case that I solve all vulnerabilities and then a new one is found and the assessment recreated.

Answer 1

Hi @NSimpraga The ID of the security assessment in Azure Defender is generated based on the specific resource that is being evaluated. It consists of the subscription ID, resource group name, resource name, and assessment metadata name. The ID does not change unless the underlying resource (in this case, the container registry) changes. The assessment metadata name is unique for each assessment type and it is constant. For 'Container registry images should have vulnerability findings resolved' assessment, the assessment metadata name is 119d688d-124e-4a8e-9082-f643d746572f.