Getting the subscription level settings for Defender for Cloud vulnerability solution

Sascha 20 Reputation points
2023-09-19T09:55:29.3633333+00:00

Hi guys!

I am trying to check what vulnerability solution is enabled on the subscription level using API call. I was able to get the status on each individual virtual machine by using this API call:

GET https://management.azure.com/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeee/resourceGroups/rg-name/providers/Microsoft.Compute/virtualMachines/Windows2019/providers/Microsoft.Security/serverVulnerabilityAssessments/default?api-version=2020-01-01

Which gets me:

{
    "properties": {
        "provisioningState": "Succeeded"
    },
    "name": "Default",
    "type": "providers/Microsoft.Security/serverVulnerabilityAssessments",
    "id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeee/resourceGroups/rg-name/providers/Microsoft.Compute/virtualMachines/Windows2019/providers/Microsoft.Security/serverVulnerabilityAssessments/Default"
}

This tells me that on this particular VM, the Qualys TVM is installed. It does not tell, however, what is the setting on the subscription level. Having one VM with qualys enabled does not necessarily mean that the Qualys is set up on subscription level.

I am struggling to find the right URI that can give me what I need.

Appreciate any help.

Sascha

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,339 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,761 Reputation points Microsoft Employee
    2023-09-20T07:25:16.7366667+00:00

    @Sascha

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking for API to get the settings defined at subscription level by Microsoft Defender for Cloud.

    Please do correct me if this is not the case by responding in the comments section.

    If yes then you may use Settings - List API***.***

    GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/settings?api-version=2021-06-01

    The output would look like below:

    {
      "value": [
        {
          "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/settings/WDATP",
          "name": "WDATP",
          "kind": "DataExportSettings",
          "type": "Microsoft.Security/settings",
          "properties": {
            "enabled": false
          }
        },
        {
          "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/settings/Sentinel",
          "name": "Sentinel",
          "kind": "AlertSyncSettings",
          "type": "Microsoft.Security/settings",
          "properties": {
            "enabled": false
          }
        }
      ]
    }
    
    
    

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.