Penilaian kerentanan kontainer REST API
Gambaran Umum
Azure Resource Graph (ARG) menyediakan REST API yang dapat digunakan untuk mengakses hasil penilaian kerentanan secara terprogram untuk registri Azure dan rekomendasi kerentanan runtime. Pelajari selengkapnya tentang referensi ARG dan contoh kueri.
Sub-penilaian kerentanan registri kontainer Azure, AWS, dan GCP diterbitkan ke ARG sebagai bagian dari sumber daya keamanan. Pelajari selengkapnya tentang sub-penilaian keamanan.
Contoh kueri ARG
Untuk menarik sub penilaian tertentu, Anda memerlukan kunci penilaian.
- Untuk penilaian kerentanan kontainer Azure yang didukung oleh MDVM, kuncinya adalah
c0b7cfc6-3172-465a-b378-53c7ff2cc0d5. - Untuk penilaian kerentanan kontainer AWS yang didukung oleh MDVM, kuncinya adalah
c27441ae-775c-45be-8ffa-655de37362ce. - Untuk penilaian kerentanan kontainer GCP yang didukung oleh MDVM, kuncinya adalah
5cc3a2c1-8397-456f-8792-fe9d0d4c9145.
Berikut ini adalah contoh kueri sub penilaian keamanan generik yang dapat digunakan sebagai contoh untuk membuat kueri. Kueri ini menarik sub penilaian pertama yang dihasilkan dalam satu jam terakhir.
securityresources
| where type =~ "microsoft.security/assessments/subassessments" and properties.additionalData.assessedResourceType == "AzureContainerRegistryVulnerability"
| extend assessmentKey=extract(@"(?i)providers/Microsoft.Security/assessments/([^/]*)", 1, id)
| where assessmentKey == "c0b7cfc6-3172-465a-b378-53c7ff2cc0d5"
| extend timeGenerated = properties.timeGenerated
| where timeGenerated > ago(1h)
Hasil kueri - Sub-penilaian Azure
[
{
"id": "/subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroup}/providers/Microsoft.ContainerRegistry/registries/{Registry Name}/providers/Microsoft.Security/assessments/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5/subassessments/{SubAssessmentId}",
"name": "{SubAssessmentId}",
"type": "microsoft.security/assessments/subassessments",
"tenantId": "{TenantId}",
"kind": "",
"location": "global",
"resourceGroup": "{ResourceGroup}",
"subscriptionId": "{SubscriptionId}",
"managedBy": "",
"sku": null,
"plan": null,
"properties": {
"id": "CVE-2022-42969",
"additionalData": {
"assessedResourceType": "AzureContainerRegistryVulnerability",
"vulnerabilityDetails": {
"severity": "High",
"exploitabilityAssessment": {
"exploitStepsPublished": false,
"exploitStepsVerified": false,
"isInExploitKit": false,
"exploitUris": [],
"types": [
"Remote"
]
},
"lastModifiedDate": "2023-09-12T00:00:00Z",
"publishedDate": "2022-10-16T06:15:00Z",
"workarounds": [],
"references": [
{
"title": "CVE-2022-42969",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2022-42969"
},
{
"title": "oval:org.opensuse.security:def:202242969",
"link": "https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.15.xml.gz"
},
{
"title": "oval:com.microsoft.cbl-mariner:def:11166",
"link": "https://raw.githubusercontent.com/microsoft/CBL-MarinerVulnerabilityData/main/cbl-mariner-1.0-oval.xml"
},
{
"title": "ReDoS in py library when used with subversion ",
"link": "https://github.com/advisories/GHSA-w596-4wvx-j9j6"
}
],
"weaknesses": {
"cwe": [
{
"id": "CWE-1333"
}
]
},
"cveId": "CVE-2022-42969",
"cvss": {
"2.0": null,
"3.0": {
"cvssVectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"base": 7.5
}
},
"cpe": {
"language": "*",
"softwareEdition": "*",
"version": "*",
"targetHardware": "*",
"targetSoftware": "python",
"vendor": "py",
"edition": "*",
"product": "py",
"update": "*",
"other": "*",
"part": "Applications",
"uri": "cpe:2.3:a:py:py:*:*:*:*:*:python:*:*"
}
},
"artifactDetails": {
"lastPushedToRegistryUTC": "2023-09-04T16:05:32.8223098Z",
"repositoryName": "public/azureml/aifx/stable-ubuntu2004-cu117-py39-torch200",
"registryHost": "ptebic.azurecr.io",
"artifactType": "ContainerImage",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:4af8e6f002401a965bbe753a381af308b40d8947fad2b9e1f6a369aa81abee59",
"tags": [
"biweekly.202309.1"
]
},
"softwareDetails": {
"category": "Language",
"language": "python",
"fixedVersion": "",
"version": "1.11.0.0",
"vendor": "py",
"packageName": "py",
"osDetails": {
"osPlatform": "linux",
"osVersion": "ubuntu_linux_20.04"
},
"fixStatus": "FixAvailable",
"evidence": []
},
"cvssV30Score": 7.5
},
"description": "This vulnerability affects the following vendors: Pytest, Suse, Microsoft, Py. To view more details about this vulnerability please visit the vendor website.",
"displayName": "CVE-2022-42969",
"resourceDetails": {
"id": "/repositories/public/azureml/aifx/stable-ubuntu2004-cu117-py39-torch200/images/sha256:4af8e6f002401a965bbe753a381af308b40d8947fad2b9e1f6a369aa81abee59",
"source": "Azure"
},
"timeGenerated": "2023-09-12T13:36:15.0772799Z",
"remediation": "No remediation exists",
"status": {
"description": "Disabled parent assessment",
"severity": "High",
"code": "NotApplicable",
"cause": "Exempt"
}
},
"tags": null,
"identity": null,
"zones": null,
"extendedLocation": null,
"assessmentKey": "c0b7cfc6-3172-465a-b378-53c7ff2cc0d5",
"timeGenerated": "2023-09-12T13:36:15.0772799Z"
}
]
Hasil kueri - sub-penilaian AWS
[
{
"id": "/subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroup}/providers/ microsoft.security/ securityconnectors/{SecurityConnectorName}/ securityentitydata/aws-ecr-repository-{RepositoryName}-{Region}/providers/Microsoft.Security/assessments/c27441ae-775c-45be-8ffa-655de37362ce/subassessments/{SubAssessmentId}",
"name": "{SubAssessmentId}",
"type": "microsoft.security/assessments/subassessments",
"tenantId": "{TenantId}",
"kind": "",
"location": "global",
"resourceGroup": "{ResourceGroup}",
"subscriptionId": "{SubscriptionId}",
"managedBy": "",
"sku": null,
"plan": null,
"properties": {
"description": "This vulnerability affects the following vendors: Debian, Fedora, Luatex_Project, Miktex, Oracle, Suse, Tug, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"resourceDetails": {
"id": "544047870946.dkr.ecr.us-east-1.amazonaws.com/mc/va/eastus/verybigimage@sha256:87e18285c301bc09b7f2da126992475eb0c536d38272aa0a7066324b7dda3d87",
"source": "Aws",
"connectorId": "649e5f3a-ea19-4057-88fd-58b1f4b774e2",
"region": "us-east-1",
"nativeCloudUniqueIdentifier": "arn:aws:ecr:us-east-1:544047870946:image/mc/va/eastus/verybigimage",
"resourceProvider": "ecr",
"resourceType": "repository",
"resourceName": "mc/va/eastus/verybigimage",
"hierarchyId": "544047870946"
},
"additionalData": {
"assessedResourceType": "AwsContainerRegistryVulnerability",
"cvssV30Score": 7.8,
"vulnerabilityDetails": {
"severity": "High",
"exploitabilityAssessment": {
"exploitStepsPublished": false,
"exploitStepsVerified": false,
"isInExploitKit": false,
"exploitUris": [],
"types": []
},
"lastModifiedDate": "2023-11-07T00:00:00.0000000Z",
"publishedDate": "2023-05-16T00:00:00.0000000Z",
"workarounds": [],
"weaknesses": {
"cwe": []
},
"references": [
{
"title": "CVE-2023-32700",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2023-32700"
},
{
"title": "CVE-2023-32700_oval:com.oracle.elsa:def:20233661",
"link": "https://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2"
},
{
"title": "CVE-2023-32700_oval:com.ubuntu.bionic:def:61151000000",
"link": "https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"
},
{
"title": "CVE-2023-32700_oval:org.debian:def:155787957530144107267311766002078821941",
"link": "https://www.debian.org/security/oval/oval-definitions-bullseye.xml"
},
{
"title": "oval:org.opensuse.security:def:202332700",
"link": "https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.15.xml.gz"
},
{
"title": "texlive-base-20220321-72.fc38",
"link": "https://archives.fedoraproject.org/pub/fedora/linux/updates/38/Everything/x86_64/repodata/c7921a40ea935e92e8cfe8f4f0062fbc3a8b55bc01eaf0e5cfc196d51ebab20d-updateinfo.xml.xz"
}
],
"cvss": {
"2.0": null,
"3.0": {
"cvssVectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"base": 7.8
}
},
"cveId": "CVE-2023-32700",
"cpe": {
"language": "*",
"softwareEdition": "*",
"version": "*",
"targetSoftware": "ubuntu_linux_20.04",
"targetHardware": "*",
"vendor": "ubuntu",
"edition": "*",
"product": "libptexenc1",
"update": "*",
"other": "*",
"part": "Applications",
"uri": "cpe:2.3:a:ubuntu:libptexenc1:*:*:*:*:*:ubuntu_linux_20.04:*:*"
}
},
"artifactDetails": {
"repositoryName": "mc/va/eastus/verybigimage",
"registryHost": "544047870946.dkr.ecr.us-east-1.amazonaws.com",
"lastPushedToRegistryUTC": "2022-06-26T13:24:03.0000000Z",
"artifactType": "ContainerImage",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:87e18285c301bc09b7f2da126992475eb0c536d38272aa0a7066324b7dda3d87",
"tags": [
"latest"
]
},
"softwareDetails": {
"fixedVersion": "2019.20190605.51237-3ubuntu0.1",
"language": "",
"category": "OS",
"osDetails": {
"osPlatform": "linux",
"osVersion": "ubuntu_linux_20.04"
},
"version": "2019.20190605.51237-3build2",
"vendor": "ubuntu",
"packageName": "libptexenc1",
"fixStatus": "FixAvailable",
"evidence": [
"dpkg-query -f '${Package}:${Source}:\\n' -W | grep -e ^libptexenc1:.* -e .*:libptexenc1: | cut -f 1 -d ':' | xargs dpkg-query -s",
"dpkg-query -f '${Package}:${Source}:\\n' -W | grep -e ^libptexenc1:.* -e .*:libptexenc1: | cut -f 1 -d ':' | xargs dpkg-query -s"
],
"fixReference": {
"description": "USN-6115-1: TeX Live vulnerability 2023 May 30",
"id": "USN-6115-1",
"releaseDate": "2023-05-30T00:00:00.0000000Z",
"url": "https://ubuntu.com/security/notices/USN-6115-1"
}
}
},
"timeGenerated": "2023-12-11T13:23:58.4539977Z",
"displayName": "CVE-2023-32700",
"remediation": "Create new image with updated package libptexenc1 with version 2019.20190605.51237-3ubuntu0.1 or higher.",
"status": {
"severity": "High",
"code": "Unhealthy"
},
"id": "CVE-2023-32700"
},
"tags": null,
"identity": null,
"zones": null,
"extendedLocation": null,
"assessmentKey": "c27441ae-775c-45be-8ffa-655de37362ce",
"timeGenerated": "2023-12-11T13:23:58.4539977Z"
}
]
Hasil kueri - sub-penilaian GCP
[
{
"id": "/subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroup}/providers/ microsoft.security/ securityconnectors/{SecurityConnectorName}/securityentitydata/gar-gcp-repository-{RepositoryName}-{Region}/providers/Microsoft.Security/assessments/5cc3a2c1-8397-456f-8792-fe9d0d4c9145/subassessments/{SubAssessmentId}",
"name": "{SubAssessmentId}",
"type": "microsoft.security/assessments/subassessments",
"tenantId": "{TenantId}",
"kind": "",
"location": "global",
"resourceGroup": "{ResourceGroup}",
"subscriptionId": "{SubscriptionId}",
"managedBy": "",
"sku": null,
"plan": null,
"properties": {
"description": "This vulnerability affects the following vendors: Alpine, Debian, Libtiff, Suse, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"resourceDetails": {
"id": "us-central1-docker.pkg.dev/detection-stg-manual-tests-2/hital/nginx@sha256:09e210fe1e7f54647344d278a8d0dee8a4f59f275b72280e8b5a7c18c560057f",
"source": "Gcp",
"resourceType": "repository",
"nativeCloudUniqueIdentifier": "projects/detection-stg-manual-tests-2/locations/us-central1/repositories/hital/dockerImages/nginx@sha256:09e210fe1e7f54647344d278a8d0dee8a4f59f275b72280e8b5a7c18c560057f",
"resourceProvider": "gar",
"resourceName": "detection-stg-manual-tests-2/hital/nginx",
"hierarchyId": "788875449976",
"connectorId": "40139bd8-5bae-e3e0-c640-2a45cdcd2d0c",
"region": "us-central1"
},
"displayName": "CVE-2017-11613",
"additionalData": {
"assessedResourceType": "GcpContainerRegistryVulnerability",
"vulnerabilityDetails": {
"severity": "Low",
"lastModifiedDate": "2023-12-09T00:00:00.0000000Z",
"exploitabilityAssessment": {
"exploitStepsPublished": false,
"exploitStepsVerified": false,
"exploitUris": [],
"isInExploitKit": false,
"types": [
"PrivilegeEscalation"
]
},
"publishedDate": "2017-07-26T00:00:00.0000000Z",
"workarounds": [],
"references": [
{
"title": "CVE-2017-11613",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2017-11613"
},
{
"title": "129463",
"link": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129463"
},
{
"title": "CVE-2017-11613_oval:com.ubuntu.trusty:def:36061000000",
"link": "https://security-metadata.canonical.com/oval/com.ubuntu.trusty.usn.oval.xml.bz2"
},
{
"title": "CVE-2017-11613_oval:org.debian:def:85994619016140765823174295608399452222",
"link": "https://www.debian.org/security/oval/oval-definitions-stretch.xml"
},
{
"title": "oval:org.opensuse.security:def:201711613",
"link": "https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.15.xml.gz"
},
{
"title": "CVE-2017-11613-cpe:2.3:a:alpine:tiff:*:*:*:*:*:alpine_3.9:*:*-3.9",
"link": "https://security.alpinelinux.org/vuln/CVE-2017-11613"
}
],
"weaknesses": {
"cwe": [
{
"id": "CWE-20"
}
]
},
"cvss": {
"2.0": null,
"3.0": {
"cvssVectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R",
"base": 3.3
}
},
"cveId": "CVE-2017-11613",
"cpe": {
"version": "*",
"language": "*",
"vendor": "debian",
"softwareEdition": "*",
"targetSoftware": "debian_9",
"targetHardware": "*",
"product": "tiff",
"edition": "*",
"update": "*",
"other": "*",
"part": "Applications",
"uri": "cpe:2.3:a:debian:tiff:*:*:*:*:*:debian_9:*:*"
}
},
"cvssV30Score": 3.3,
"artifactDetails": {
"lastPushedToRegistryUTC": "2023-12-11T08:33:13.0000000Z",
"repositoryName": "detection-stg-manual-tests-2/hital/nginx",
"registryHost": "us-central1-docker.pkg.dev",
"artifactType": "ContainerImage",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:09e210fe1e7f54647344d278a8d0dee8a4f59f275b72280e8b5a7c18c560057f",
"tags": [
"1.12"
]
},
"softwareDetails": {
"version": "4.0.8-2+deb9u2",
"language": "",
"fixedVersion": "4.0.8-2+deb9u4",
"vendor": "debian",
"category": "OS",
"osDetails": {
"osPlatform": "linux",
"osVersion": "debian_9"
},
"packageName": "tiff",
"fixReference": {
"description": "DSA-4349-1: tiff security update 2018 November 30",
"id": "DSA-4349-1",
"releaseDate": "2018-11-30T22:41:54.0000000Z",
"url": "https://security-tracker.debian.org/tracker/DSA-4349-1"
},
"fixStatus": "FixAvailable",
"evidence": [
"dpkg-query -f '${Package}:${Source}:\\n' -W | grep -e ^tiff:.* -e .*:tiff: | cut -f 1 -d ':' | xargs dpkg-query -s",
"dpkg-query -f '${Package}:${Source}:\\n' -W | grep -e ^tiff:.* -e .*:tiff: | cut -f 1 -d ':' | xargs dpkg-query -s"
]
}
},
"timeGenerated": "2023-12-11T10:25:43.8751687Z",
"remediation": "Create new image with updated package tiff with version 4.0.8-2+deb9u4 or higher.",
"id": "CVE-2017-11613",
"status": {
"severity": "Low",
"code": "Unhealthy"
}
},
"tags": null,
"identity": null,
"zones": null,
"extendedLocation": null,
"assessmentKey": "5cc3a2c1-8397-456f-8792-fe9d0d4c9145",
"timeGenerated": "2023-12-11T10:25:43.8751687Z"
}
]
Definisi
| Nama | Deskripsi |
|---|---|
| ResourceDetails | Detail sumber daya Azure yang dinilai |
| ContainerRegistryVulnerability | Bidang konteks lainnya untuk penilaian kerentanan registri kontainer |
| CVE | Detail CVE |
| CVSS | Detail CVSS |
| SecuritySubAssessment | Subassesi keamanan pada sumber daya |
| SecuritySubAssessmentList | Daftar subassessmen keamanan |
| ArtefakDetails | Detail untuk gambar kontainer yang terpengaruh |
| SoftwareDetails | Detail untuk paket perangkat lunak yang terpengaruh |
| FixReference | Detail tentang perbaikan, jika tersedia |
| Detail OS | Detail tentang informasi os |
| KerentananDetails | Detail tentang kerentanan yang terdeteksi |
| CPE | Enumerasi Platform Umum |
| Cwe | Enumerasi kelemahan umum |
| KerentananReferensi | Tautan referensi ke kerentanan |
| ExploitabilityAssessment | Tautan referensi ke contoh eksploitasi |
ContainerRegistryVulnerability (MDVM)
Bidang konteks lain untuk penilaian kerentanan registri kontainer Azure
| Nama | Jenis | Keterangan |
|---|---|---|
| assessedResourceType | tali: AzureContainerRegistryVulnerability AwsContainerRegistryVulnerability GcpContainerRegistryVulnerability |
Jenis sumber daya sub-penilaian |
| cvssV30Score | Numerik | Skor CVSS V3 |
| vulnerabilityDetails | KerentananDetails | |
| artifactDetails | ArtefakDetails | |
| softwareDetails | SoftwareDetails |
ArtefakDetails
Detail konteks untuk gambar kontainer yang terpengaruh
| Nama | Jenis | Keterangan |
|---|---|---|
| repositoryName | String | Nama repositori |
| RegistryHost | String | Host registri |
| lastPublishedToRegistryUTC | Tanda Waktu | Tanda waktu UTC untuk tanggal penerbitan terakhir |
| ArtifactType | String: ContainerImage | |
| mediaType | String | Jenis media lapisan |
| digest | String | Hash gambar yang rentan |
| Tag | String | Tag gambar yang rentan |
Detail Perangkat Lunak
Detail untuk paket perangkat lunak yang terpengaruh
| Nama | Jenis | Keterangan |
|---|---|---|
| fixedVersion | String | Versi Tetap |
| category | String | Kategori kerentanan – OS atau Bahasa |
| osDetails | OsDetails | |
| bahasa | String | Bahasa paket yang terpengaruh (misalnya, Python, .NET) juga bisa kosong |
| versi | String | |
| penjual | String | |
| packageName | String | |
| fixStatus | String | Tidak diketahui, FixAvailable, NoFixAvailable, Scheduled, WontFix |
| bukti | String | Bukti untuk paket |
| fixReference | FixReference |
FixReference
Detail tentang perbaikan, jika tersedia
| Nama | Jenis | description |
|---|---|---|
| ID | String | ID Perbaikan |
| Deskripsi | String | Perbaiki Deskripsi |
| releaseDate | Tanda Waktu | Perbaiki tanda waktu |
| url | String | URL untuk memperbaiki pemberitahuan |
Detail OS
Detail tentang informasi os
| Nama | Jenis | Keterangan |
|---|---|---|
| osPlatform | String | Misalnya: Linux, Windows |
| osName | String | Misalnya: Ubuntu |
| osVersion | String |
KerentananDetails
Detail tentang kerentanan yang terdeteksi
| Keparahan | Keparahan | Tingkat keparahan sub-penilaian |
|---|---|---|
| LastModifiedDate | Tanda Waktu | |
| publishedDate | Tanda Waktu | Tanggal terbit |
| ExploitabilityAssessment | ExploitabilityAssessment | |
| CVSS | String kamus <, CVSS> | Kamus dari versi cvss ke objek detail cvss |
| Penyelesaian masalah | Solusi Sementara | Solusi yang diterbitkan untuk kerentanan |
| Referensi | KerentananReferensi | |
| Kelemahan | Kelemahan | |
| cveId | String | CVE ID |
| Cpe | CPE |
CPE (Enumerasi Platform Umum)
| Nama | Jenis | Keterangan |
|---|---|---|
| bahasa | String | Tag bahasa |
| softwareEdition | String | |
| Versi | String | Versi paket |
| targetSoftware | String | Perangkat Lunak Target |
| penjual | String | Vendor |
| product | String | Produk |
| edisi | String | |
| update | String | |
| lainnya | String | |
| bagian | String | Sistem Operasi Perangkat Keras Aplikasi |
| uri | String | Uri berformat CPE 2.3 |
Kelemahan
| Nama | Jenis | Keterangan |
|---|---|---|
| Cwe | Cwe |
Cwe (Enumerasi kelemahan umum)
Detail CWE
| Nama | Jenis | description |
|---|---|---|
| ID | String | CWE ID |
KerentananReferensi
Tautan referensi ke kerentanan
| Nama | Jenis | Keterangan |
|---|---|---|
| tautan | String | Url referensi |
| title | String | Judul referensi |
ExploitabilityAssessment
Tautan referensi ke contoh eksploitasi
| Nama | Jenis | Keterangan |
|---|---|---|
| exploitUris | String | |
| exploitStepsPublished | Boolean | Apakah langkah-langkah eksploitasi telah diterbitkan |
| exploitStepsVerified | Boolean | Apakah langkah-langkah eksploitasi diverifikasi |
| isInExploitKit | Boolean | Adalah bagian dari kit eksploitasi |
| Jenis | String | Jenis eksploitasi, misalnya: NotAvailable, Dos, Local, Remote, WebApps, PrivilegeEscalation |
ResourceDetails - Azure
Detail sumber daya Azure yang dinilai
| Nama | Jenis | Keterangan |
|---|---|---|
| ID | string | ID sumber daya Azure dari sumber daya yang dinilai |
| sumber | string: Azure | Platform tempat sumber daya yang dinilai berada |
ResourceDetails - AWS / GCP
Detail sumber daya AWS/GCP yang dinilai
| Nama | Jenis | Keterangan |
|---|---|---|
| id | string | ID sumber daya Azure dari sumber daya yang dinilai |
| sumber | string: Aws/Gcp | Platform tempat sumber daya yang dinilai berada |
| connectorId | string | ID Konektor |
| wilayah | string | Wilayah |
| nativeCloudUniqueIdentifier | string | ID Sumber Daya Native Cloud dari sumber daya yang Dinilai di |
| resourceProvider | string: ecr/gar/gcr | Penyedia sumber daya yang dinilai |
| resourceType | string | Jenis sumber daya yang dinilai |
| resourceName | string | Nama sumber daya yang dinilai |
| hierarkiId | string | ID Akun (Aws) / ID Proyek (Gcp) |
SubAssessmentStatus
Status sub-penilaian
| Nama | Jenis | Keterangan |
|---|---|---|
| penyebab | String | Kode terprogram untuk penyebab status penilaian |
| kode | SubAssessmentStatusCode | Kode terprogram untuk status penilaian |
| description | string | Deskripsi yang dapat dibaca manusia tentang status penilaian |
| keparahan | keparahan | Tingkat keparahan sub-penilaian |
SubAssessmentStatusCode
Kode terprogram untuk status penilaian
| Nama | Jenis | Keterangan |
|---|---|---|
| Sehat | string | Sumber daya sehat |
| Tidak Dapat Diaplikasikan | string | Penilaian untuk sumber daya ini tidak terjadi |
| Tidak sehat | string | Sumber daya memiliki masalah keamanan yang perlu ditangani |
SecuritySubAssessment
Subassesi keamanan pada sumber daya
| Nama | Jenis | Keterangan |
|---|---|---|
| ID | string | ID Sumber Daya |
| nama | string | Nama sumber daya |
| properties.additionalData | AdditionalData: AzureContainerRegistryVulnerability | Detail subassesi |
| properties.category | string | Kategori subassesi |
| properties.description | string | Deskripsi yang dapat dibaca manusia tentang status penilaian |
| properties.displayName | string | Nama tampilan subassessment yang mudah diingat pengguna |
| properties.id | string | ID Kerentanan |
| properties.impact | string | Deskripsi dampak subassessment ini |
| properties.remediation | string | Informasi tentang cara memulihkan subassesi ini |
| properties.resourceDetails | ResourceDetails: Detail Sumber Daya Azure Detail Sumber Daya AWS/GCP |
Detail sumber daya yang dinilai |
| properties.status | SubAssessmentStatus | Status sub-penilaian |
| properties.timeGenerated | string | Tanggal dan waktu subassesi dihasilkan |
| jenis | string | Jenis Sumber Daya |
SecuritySubAssessmentList
Daftar subassessmen keamanan
| Nama | Jenis | Keterangan |
|---|---|---|
| NextLink | string | URI untuk mengambil halaman berikutnya. |
| value | SecuritySubAssessment | Subassesi keamanan pada sumber daya |