Sub Assessments - List

Service:: Defender for Cloud

API Version:: 2019-01-01-preview

Get security sub-assessments on all your scanned resources inside a scope

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments?api-version=2019-01-01-preview

URI Parameters

Name	In	Required	Type	Description
assessmentName	path	True	string	The Assessment Key - Unique key for the assessment type
scope	path	True	string	Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).
api-version	query	True	string	API version for the operation

Responses

Name	Type	Description
200 OK	SecuritySubAssessmentList	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List security sub-assessments

Sample request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subAssessments?api-version=2019-01-01-preview


/**
 * Samples for SubAssessments List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().list("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            "82e20e14-edc5-4373-bfc4-f13121257c37", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.security import SecurityCenter

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-security
# USAGE
    python list_sub_assessments_example.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SecurityCenter(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.sub_assessments.list(
        scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        assessment_name="82e20e14-edc5-4373-bfc4-f13121257c37",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "82e20e14-edc5-4373-bfc4-f13121257c37", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const assessmentName = "82e20e14-edc5-4373-bfc4-f13121257c37";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.subAssessments.list(scope, assessmentName)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
// this example is just showing the usage of "SubAssessments_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityAssessmentResource created on azure
// for more information of creating SecurityAssessmentResource, please refer to the document of SecurityAssessmentResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string assessmentName = "82e20e14-edc5-4373-bfc4-f13121257c37";
ResourceIdentifier securityAssessmentResourceId = SecurityAssessmentResource.CreateResourceIdentifier(scope, assessmentName);
SecurityAssessmentResource securityAssessment = client.GetSecurityAssessmentResource(securityAssessmentResourceId);

// get the collection of this SecuritySubAssessmentResource
SecuritySubAssessmentCollection collection = securityAssessment.GetSecuritySubAssessments();

// invoke the operation and iterate over the result
await foreach (SecuritySubAssessmentResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecuritySubAssessmentData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

Definitions

Name	Description
AzureResourceDetails	Details of the Azure resource that was assessed
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
ContainerRegistryVulnerabilityProperties	Additional context fields for container registry Vulnerability assessment
CVE	CVE details
CVSS	CVSS details
ErrorAdditionalInfo	The resource management error additional info.
OnPremiseResourceDetails	Details of the On Premise resource that was assessed
OnPremiseSqlResourceDetails	Details of the On Premise Sql resource that was assessed
SecuritySubAssessment	Security sub-assessment on a resource
SecuritySubAssessmentList	List of security sub-assessments
ServerVulnerabilityProperties	Additional context fields for server vulnerability assessment
severity	The sub-assessment severity level
SqlServerVulnerabilityProperties	Details of the resource that was assessed
SubAssessmentStatus	Status of the sub-assessment
SubAssessmentStatusCode	Programmatic code for the status of the assessment
VendorReference	Vendor reference

AzureResourceDetails

Object

Details of the Azure resource that was assessed

Name	Type	Description
id	string	Azure resource Id of the assessed resource
source	string: Azure	The platform where the assessed resource resides

CloudError

Object

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

ContainerRegistryVulnerabilityProperties

Object

Additional context fields for container registry Vulnerability assessment

Name	Type	Description
assessedResourceType	string: ContainerRegistryVulnerability	Sub-assessment resource type
cve	CVE[]	List of CVEs
cvss	<string, CVSS>	Dictionary from cvss version to cvss details object
imageDigest	string	Digest of the vulnerable image
patchable	boolean	Indicates whether a patch is available or not
publishedTime	string (date-time)	Published time
repositoryName	string	Name of the repository which the vulnerable image belongs to
type	string	Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability
vendorReferences	VendorReference[]	Vendor reference

CVE

Object

CVE details

Name	Type	Description
link	string	Link url
title	string	CVE title

CVSS

Object

CVSS details

Name	Type	Description
base	number	CVSS base

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

OnPremiseResourceDetails

Object

Details of the On Premise resource that was assessed

Name	Type	Description
machineName	string	The name of the machine
source	string: OnPremise	The platform where the assessed resource resides
sourceComputerId	string	The oms agent Id installed on the machine
vmuuid	string	The unique Id of the machine
workspaceId	string	Azure resource Id of the workspace the machine is attached to

OnPremiseSqlResourceDetails

Object

Details of the On Premise Sql resource that was assessed

Name	Type	Description
databaseName	string	The Sql database name installed on the machine
machineName	string	The name of the machine
serverName	string	The Sql server name installed on the machine
source	string: OnPremiseSql	The platform where the assessed resource resides
sourceComputerId	string	The oms agent Id installed on the machine
vmuuid	string	The unique Id of the machine
workspaceId	string	Azure resource Id of the workspace the machine is attached to

SecuritySubAssessment

Object

Security sub-assessment on a resource

Name	Type	Description
id	string	Resource Id
name	string	Resource name
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	Details of the sub-assessment
properties.category	string	Category of the sub-assessment
properties.description	string	Human readable description of the assessment status
properties.displayName	string	User friendly display name of the sub-assessment
properties.id	string	Vulnerability ID
properties.impact	string	Description of the impact of this sub-assessment
properties.remediation	string	Information on how to remediate this sub-assessment
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	Details of the resource that was assessed
properties.status	SubAssessmentStatus	Status of the sub-assessment
properties.timeGenerated	string (date-time)	The date and time the sub-assessment was generated
type	string	Resource type

SecuritySubAssessmentList

Object

List of security sub-assessments

Name	Type	Description
nextLink	string	The URI to fetch the next page.
value	SecuritySubAssessment[]	Security sub-assessment on a resource

ServerVulnerabilityProperties

Object

Additional context fields for server vulnerability assessment

Name	Type	Description
assessedResourceType	string: ServerVulnerabilityAssessment	Sub-assessment resource type
cve	CVE[]	List of CVEs
cvss	<string, CVSS>	Dictionary from cvss version to cvss details object
patchable	boolean	Indicates whether a patch is available or not
publishedTime	string (date-time)	Published time
threat	string	Threat name
type	string	Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered
vendorReferences	VendorReference[]	Vendor reference

severity

Enumeration

The sub-assessment severity level

Value	Description
Low
Medium
High

SqlServerVulnerabilityProperties

Object

Details of the resource that was assessed

Name	Type	Description
assessedResourceType	string: SqlServerVulnerability	Sub-assessment resource type
query	string	The T-SQL query that runs on your SQL database to perform the particular check
type	string	The resource type the sub assessment refers to in its resource details

SubAssessmentStatus

Object

Status of the sub-assessment

Name	Type	Description
cause	string	Programmatic code for the cause of the assessment status
code	SubAssessmentStatusCode	Programmatic code for the status of the assessment
description	string	Human readable description of the assessment status
severity	severity	The sub-assessment severity level

SubAssessmentStatusCode

Enumeration

Programmatic code for the status of the assessment

Value	Description
Healthy	The resource is healthy
Unhealthy	The resource has a security issue that needs to be addressed
NotApplicable	Assessment for this resource did not happen

VendorReference

Object

Vendor reference

Name	Type	Description
link	string	Link url
title	string	Link title