Sub Assessments - Get

Service:

Defender for Cloud

API Version:

2019-01-01-preview

Get a security sub-assessment on your scanned resource

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}?api-version=2019-01-01-preview

URI Parameters

Name	In	Required	Type	Description
assessmentName	path	True	string	The Assessment Key - Unique key for the assessment type
scope	path	True	string	Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).
subAssessmentName	path	True	string	The Sub-Assessment Key - Unique key for the sub-assessment type
api-version	query	True	string	API version for the operation

Responses

Name	Type	Description
200 OK	SecuritySubAssessment	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Get security recommendation task from security data location

Sample Request

HTTP

GET https://management.azure.com/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subAssessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * GetSubAssessment_example.json
     */
    /**
     * Sample code: Get security recommendation task from security data location.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getSecurityRecommendationTaskFromSecurityDataLocation(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().getWithResponse(
            "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2",
            "1195afff-c881-495e-9bc5-1486211ae03f", "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
func ExampleSubAssessmentsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSubAssessmentsClient().Get(ctx, "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", "1195afff-c881-495e-9bc5-1486211ae03f", "95f7da9c-a2a4-1322-0758-fcd24ef09b85", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SubAssessment = armsecurity.SubAssessment{
	// 	Name: to.Ptr("95f7da9c-a2a4-1322-0758-fcd24ef09b85"),
	// 	Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
	// 	ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85"),
	// 	Properties: &armsecurity.SubAssessmentProperties{
	// 		Description: to.Ptr("PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability"),
	// 		AdditionalData: &armsecurity.AdditionalData{
	// 			AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeServerVulnerability),
	// 		},
	// 		Category: to.Ptr("Local"),
	// 		DisplayName: to.Ptr("PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability"),
	// 		ID: to.Ptr("370361"),
	// 		Impact: to.Ptr("Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message."),
	// 		Remediation: to.Ptr("Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability."),
	// 		ResourceDetails: &armsecurity.AzureResourceDetails{
	// 			Source: to.Ptr(armsecurity.SourceAzure),
	// 			ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"),
	// 		},
	// 		Status: &armsecurity.SubAssessmentStatus{
	// 			Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
	// 			Severity: to.Ptr(armsecurity.SeverityMedium),
	// 		},
	// 		TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-02T12:36:50.779Z"); return t}()),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get a security sub-assessment on your scanned resource
 *
 * @summary Get a security sub-assessment on your scanned resource
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
 */
async function getSecurityRecommendationTaskFromSecurityDataLocation() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2";
  const assessmentName = "1195afff-c881-495e-9bc5-1486211ae03f";
  const subAssessmentName = "95f7da9c-a2a4-1322-0758-fcd24ef09b85";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.subAssessments.get(scope, assessmentName, subAssessmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
// this example is just showing the usage of "SubAssessments_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecuritySubAssessmentResource created on azure
// for more information of creating SecuritySubAssessmentResource, please refer to the document of SecuritySubAssessmentResource
string scope = "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2";
string assessmentName = "1195afff-c881-495e-9bc5-1486211ae03f";
string subAssessmentName = "95f7da9c-a2a4-1322-0758-fcd24ef09b85";
ResourceIdentifier securitySubAssessmentResourceId = SecuritySubAssessmentResource.CreateResourceIdentifier(scope, assessmentName, subAssessmentName);
SecuritySubAssessmentResource securitySubAssessment = client.GetSecuritySubAssessmentResource(securitySubAssessmentResourceId);

// invoke the operation
SecuritySubAssessmentResource result = await securitySubAssessment.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecuritySubAssessmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "type": "Microsoft.Security/assessments/subAssessments",
  "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "properties": {
    "id": "370361",
    "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "status": {
      "code": "Unhealthy",
      "severity": "Medium"
    },
    "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.",
    "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.",
    "category": "Local",
    "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "timeGenerated": "2021-02-02T12:36:50.779Z",
    "resourceDetails": {
      "source": "Azure",
      "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"
    },
    "additionalData": {
      "assessedResourceType": "ServerVulnerability",
      "type": "VirtualMachine",
      "cvss": {
        "2.0": {
          "base": 7.5
        },
        "3.0": {
          "base": 9.8
        }
      },
      "patchable": true,
      "cve": [
        {
          "title": "CVE-2017-6542",
          "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542"
        }
      ],
      "publishedTime": "2017-04-06T10:58:25",
      "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols",
      "vendorReferences": [
        {
          "title": "CVE-2017-6542",
          "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html"
        }
      ]
    }
  }
}

Definitions

Name	Description
AzureResourceDetails	Details of the Azure resource that was assessed
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
ContainerRegistryVulnerabilityProperties	Additional context fields for container registry Vulnerability assessment
CVE	CVE details
CVSS	CVSS details
ErrorAdditionalInfo	The resource management error additional info.
OnPremiseResourceDetails	Details of the On Premise resource that was assessed
OnPremiseSqlResourceDetails	Details of the On Premise Sql resource that was assessed
SecuritySubAssessment	Security sub-assessment on a resource
ServerVulnerabilityProperties	Additional context fields for server vulnerability assessment
severity	The sub-assessment severity level
SqlServerVulnerabilityProperties	Details of the resource that was assessed
SubAssessmentStatus	Status of the sub-assessment
SubAssessmentStatusCode	Programmatic code for the status of the assessment
VendorReference	Vendor reference

AzureResourceDetails

Details of the Azure resource that was assessed

Name	Type	Description
id	string	Azure resource Id of the assessed resource
source	string: Azure	The platform where the assessed resource resides

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

Name	Type	Description
assessedResourceType	string: ContainerRegistryVulnerability	Sub-assessment resource type
cve	CVE[]	List of CVEs
cvss	<string,  CVSS>	Dictionary from cvss version to cvss details object
imageDigest	string	Digest of the vulnerable image
patchable	boolean	Indicates whether a patch is available or not
publishedTime	string	Published time
repositoryName	string	Name of the repository which the vulnerable image belongs to
type	string	Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability
vendorReferences	VendorReference[]	Vendor reference

CVE

CVE details

Name	Type	Description
link	string	Link url
title	string	CVE title

CVSS

CVSS details

Name	Type	Description
base	number	CVSS base

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

Name	Type	Description
machineName	string	The name of the machine
source	string: OnPremise	The platform where the assessed resource resides
sourceComputerId	string	The oms agent Id installed on the machine
vmuuid	string	The unique Id of the machine
workspaceId	string	Azure resource Id of the workspace the machine is attached to

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

Name	Type	Description
databaseName	string	The Sql database name installed on the machine
machineName	string	The name of the machine
serverName	string	The Sql server name installed on the machine
source	string: OnPremiseSql	The platform where the assessed resource resides
sourceComputerId	string	The oms agent Id installed on the machine
vmuuid	string	The unique Id of the machine
workspaceId	string	Azure resource Id of the workspace the machine is attached to

SecuritySubAssessment

Security sub-assessment on a resource

Name	Type	Description
id	string	Resource Id
name	string	Resource name
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	Details of the sub-assessment
properties.category	string	Category of the sub-assessment
properties.description	string	Human readable description of the assessment status
properties.displayName	string	User friendly display name of the sub-assessment
properties.id	string	Vulnerability ID
properties.impact	string	Description of the impact of this sub-assessment
properties.remediation	string	Information on how to remediate this sub-assessment
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	Details of the resource that was assessed
properties.status	SubAssessmentStatus	Status of the sub-assessment
properties.timeGenerated	string	The date and time the sub-assessment was generated
type	string	Resource type

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

Name	Type	Description
assessedResourceType	string: ServerVulnerabilityAssessment	Sub-assessment resource type
cve	CVE[]	List of CVEs
cvss	<string,  CVSS>	Dictionary from cvss version to cvss details object
patchable	boolean	Indicates whether a patch is available or not
publishedTime	string	Published time
threat	string	Threat name
type	string	Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered
vendorReferences	VendorReference[]	Vendor reference

severity

The sub-assessment severity level

Name	Type	Description
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

Details of the resource that was assessed

Name	Type	Description
assessedResourceType	string: SqlServerVulnerability	Sub-assessment resource type
query	string	The T-SQL query that runs on your SQL database to perform the particular check
type	string	The resource type the sub assessment refers to in its resource details

SubAssessmentStatus

Status of the sub-assessment

Name	Type	Description
cause	string	Programmatic code for the cause of the assessment status
code	SubAssessmentStatusCode	Programmatic code for the status of the assessment
description	string	Human readable description of the assessment status
severity	severity	The sub-assessment severity level

SubAssessmentStatusCode

Programmatic code for the status of the assessment

Name	Type	Description
Healthy	string	The resource is healthy
NotApplicable	string	Assessment for this resource did not happen
Unhealthy	string	The resource has a security issue that needs to be addressed

VendorReference

Vendor reference

Name	Type	Description
link	string	Link url
title	string	Link title