Sub Assessments - List All

Service:

Defender for Cloud

API Version:

2019-01-01-preview

Mendapatkan sub-penilaian keamanan pada semua sumber daya yang dipindai di dalam cakupan langganan

GET https://management.azure.com/{scope}/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Parameter URI

Nama	Dalam	Diperlukan	Jenis	Deskripsi
scope	path	True	string	Cakupan kueri, bisa langganan (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) atau grup manajemen (/providers/Microsoft.Management/managementGroups/mgName).
api-version	query	True	string	Versi API untuk operasi

Respons

Nama	Jenis	Deskripsi
200 OK	SecuritySubAssessmentList	OK
Other Status Codes	CloudError	Respons kesalahan yang menjelaskan mengapa operasi gagal.

Keamanan

azure_auth

Alur OAuth2 Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nama	Deskripsi
user_impersonation	meniru akun pengguna Anda

Contoh

List security sub-assessments

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments ListAll.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubscriptionSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().listAll("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListAllPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListAllPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host."),
		// 				AdditionalData: &armsecurity.ContainerRegistryVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeContainerRegistryVulnerability),
		// 					Type: to.Ptr("Vulnerability"),
		// 					Cve: []*armsecurity.CVE{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("CVE-2019-12345"),
		// 					}},
		// 					Cvss: map[string]*armsecurity.CVSS{
		// 						"2.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 						"3.0": &armsecurity.CVSS{
		// 							Base: to.Ptr[float32](10),
		// 						},
		// 					},
		// 					ImageDigest: to.Ptr("c186fc44-3154-4ce2-ba18-b719d895c3b0"),
		// 					Patchable: to.Ptr(true),
		// 					PublishedTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-01-01T00:00:00.000Z"); return t}()),
		// 					RepositoryName: to.Ptr("myRepo"),
		// 					VendorReferences: []*armsecurity.VendorReference{
		// 						{
		// 							Link: to.Ptr("http://contoso.com"),
		// 							Title: to.Ptr("Reference_1"),
		// 					}},
		// 				},
		// 				Category: to.Ptr("Backdoors and trojan horses"),
		// 				DisplayName: to.Ptr("'Back Orifice' Backdoor"),
		// 				ID: to.Ptr("1001"),
		// 				Impact: to.Ptr("3"),
		// 				Remediation: to.Ptr("Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Description: to.Ptr("The resource is unhealthy"),
		// 					Cause: to.Ptr(""),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeUnhealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a subscription scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a subscription scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.subAssessments.listAll(scope)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
      "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "displayName": "'Back Orifice' Backdoor",
        "id": "1001",
        "status": {
          "code": "Unhealthy",
          "cause": "",
          "severity": "High",
          "description": "The resource is unhealthy"
        },
        "resourceDetails": {
          "source": "Azure",
          "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
        },
        "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
        "impact": "3",
        "category": "Backdoors and trojan horses",
        "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "additionalData": {
          "assessedResourceType": "ContainerRegistryVulnerability",
          "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
          "repositoryName": "myRepo",
          "type": "Vulnerability",
          "cvss": {
            "2.0": {
              "base": 10
            },
            "3.0": {
              "base": 10
            }
          },
          "patchable": true,
          "cve": [
            {
              "title": "CVE-2019-12345",
              "link": "http://contoso.com"
            }
          ],
          "publishedTime": "2018-01-01T00:00:00.0000000Z",
          "vendorReferences": [
            {
              "title": "Reference_1",
              "link": "http://contoso.com"
            }
          ]
        }
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

Definisi

Nama	Deskripsi
AzureResourceDetails	Detail sumber daya Azure yang dinilai
CloudError	Respons kesalahan umum untuk semua API Azure Resource Manager untuk mengembalikan detail kesalahan untuk operasi yang gagal. (Ini juga mengikuti format respons kesalahan OData.).
CloudErrorBody	Detail kesalahan.
ContainerRegistryVulnerabilityProperties	Bidang konteks tambahan untuk penilaian Kerentanan registri kontainer
CVE	Detail CVE
CVSS	Detail CVSS
ErrorAdditionalInfo	Info tambahan kesalahan manajemen sumber daya.
OnPremiseResourceDetails	Detail sumber daya Lokal yang dinilai
OnPremiseSqlResourceDetails	Detail sumber daya Sql Lokal yang dinilai
SecuritySubAssessment	Sub-penilaian keamanan pada sumber daya
SecuritySubAssessmentList	Daftar sub-penilaian keamanan
ServerVulnerabilityProperties	Bidang konteks tambahan untuk penilaian kerentanan server
severity	Tingkat keparahan sub-penilaian
SqlServerVulnerabilityProperties	Detail sumber daya yang dinilai
SubAssessmentStatus	Status sub-penilaian
SubAssessmentStatusCode	Kode terprogram untuk status penilaian
VendorReference	Referensi vendor

AzureResourceDetails

Detail sumber daya Azure yang dinilai

Nama	Jenis	Deskripsi
id	string	Id sumber daya Azure dari sumber daya yang dinilai
source	string: Azure	Platform tempat sumber daya yang dinilai berada

CloudError

Respons kesalahan umum untuk semua API Azure Resource Manager untuk mengembalikan detail kesalahan untuk operasi yang gagal. (Ini juga mengikuti format respons kesalahan OData.).

Nama	Jenis	Deskripsi
error.additionalInfo	ErrorAdditionalInfo[]	Info tambahan kesalahan.
error.code	string	Kode kesalahan.
error.details	CloudErrorBody[]	Detail kesalahan.
error.message	string	Pesan kesalahan.
error.target	string	Target kesalahan.

CloudErrorBody

Detail kesalahan.

Nama	Jenis	Deskripsi
additionalInfo	ErrorAdditionalInfo[]	Info tambahan kesalahan.
code	string	Kode kesalahan.
details	CloudErrorBody[]	Detail kesalahan.
message	string	Pesan kesalahan.
target	string	Target kesalahan.

ContainerRegistryVulnerabilityProperties

Bidang konteks tambahan untuk penilaian Kerentanan registri kontainer

Nama	Jenis	Deskripsi
assessedResourceType	string: ContainerRegistryVulnerability	Jenis sumber daya sub-penilaian
cve	CVE[]	Daftar CVE
cvss	<string,  CVSS>	Kamus dari versi cvss ke objek detail cvss
imageDigest	string	Hash gambar yang rentan
patchable	boolean	Menunjukkan apakah patch tersedia atau tidak
publishedTime	string	Waktu yang diterbitkan
repositoryName	string	Nama repositori tempat gambar rentan berada
type	string	Jenis Kerentanan. misalnya: Kerentanan, Potensi Kerentanan, Informasi yang Dikumpulkan, Kerentanan
vendorReferences	VendorReference[]	Referensi vendor

CVE

Detail CVE

Nama	Jenis	Deskripsi
link	string	Url tautan
title	string	Judul CVE

CVSS

Detail CVSS

Nama	Jenis	Deskripsi
base	number	Basis CVSS

ErrorAdditionalInfo

Info tambahan kesalahan manajemen sumber daya.

Nama	Jenis	Deskripsi
info	object	Info tambahan.
type	string	Jenis info tambahan.

OnPremiseResourceDetails

Detail sumber daya Lokal yang dinilai

Nama	Jenis	Deskripsi
machineName	string	Nama komputer
source	string: OnPremise	Platform tempat sumber daya yang dinilai berada
sourceComputerId	string	Id agen oms yang diinstal pada komputer
vmuuid	string	Id unik komputer
workspaceId	string	Id sumber daya Azure dari ruang kerja yang dilampirkan komputer

OnPremiseSqlResourceDetails

Detail sumber daya Sql Lokal yang dinilai

Nama	Jenis	Deskripsi
databaseName	string	Nama database Sql terinstal pada komputer
machineName	string	Nama komputer
serverName	string	Nama server Sql yang diinstal pada komputer
source	string: OnPremiseSql	Platform tempat sumber daya yang dinilai berada
sourceComputerId	string	Id agen oms yang diinstal pada komputer
vmuuid	string	Id unik komputer
workspaceId	string	Id sumber daya Azure dari ruang kerja yang dilampirkan komputer

SecuritySubAssessment

Sub-penilaian keamanan pada sumber daya

Nama	Jenis	Deskripsi
id	string	ID sumber daya
name	string	Nama sumber daya
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	Detail sub-penilaian
properties.category	string	Kategori sub-penilaian
properties.description	string	Deskripsi status penilaian yang dapat dibaca manusia
properties.displayName	string	Nama tampilan sub-penilaian yang mudah digunakan
properties.id	string	ID Kerentanan
properties.impact	string	Deskripsi dampak sub-penilaian ini
properties.remediation	string	Informasi tentang cara memulihkan sub-penilaian ini
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	Detail sumber daya yang dinilai
properties.status	SubAssessmentStatus	Status sub-penilaian
properties.timeGenerated	string	Tanggal dan waktu sub-penilaian dibuat
type	string	Jenis Sumber Daya

SecuritySubAssessmentList

Daftar sub-penilaian keamanan

Nama	Jenis	Deskripsi
nextLink	string	URI untuk mengambil halaman berikutnya.
value	SecuritySubAssessment[]	Sub-penilaian keamanan pada sumber daya

ServerVulnerabilityProperties

Bidang konteks tambahan untuk penilaian kerentanan server

Nama	Jenis	Deskripsi
assessedResourceType	string: ServerVulnerabilityAssessment	Jenis sumber daya sub-penilaian
cve	CVE[]	Daftar CVE
cvss	<string,  CVSS>	Kamus dari versi cvss ke objek detail cvss
patchable	boolean	Menunjukkan apakah patch tersedia atau tidak
publishedTime	string	Waktu yang diterbitkan
threat	string	Nama ancaman
type	string	Jenis Kerentanan. misalnya: Kerentanan, Potensi Kerentanan, Informasi yang Dikumpulkan
vendorReferences	VendorReference[]	Referensi vendor

severity

Tingkat keparahan sub-penilaian

Nama	Jenis	Deskripsi
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

Detail sumber daya yang dinilai

Nama	Jenis	Deskripsi
assessedResourceType	string: SqlServerVulnerability	Jenis sumber daya sub-penilaian
query	string	Kueri T-SQL yang berjalan pada database SQL Anda untuk melakukan pemeriksaan tertentu
type	string	Jenis sumber daya yang dirujuk sub penilaian dalam detail sumber dayanya

SubAssessmentStatus

Status sub-penilaian

Nama	Jenis	Deskripsi
cause	string	Kode terprogram untuk penyebab status penilaian
code	SubAssessmentStatusCode	Kode terprogram untuk status penilaian
description	string	Deskripsi status penilaian yang dapat dibaca manusia
severity	severity	Tingkat keparahan sub-penilaian

SubAssessmentStatusCode

Kode terprogram untuk status penilaian

Nama	Jenis	Deskripsi
Healthy	string	Sumber daya sehat
NotApplicable	string	Penilaian untuk sumber daya ini tidak terjadi
Unhealthy	string	Sumber daya memiliki masalah keamanan yang perlu ditangani

VendorReference

Referensi vendor

Nama	Jenis	Deskripsi
link	string	Url tautan
title	string	Judul tautan