Assessments Metadata - List By Subscription

サービス:

Defender for Cloud

API バージョン:

2021-06-01

特定のサブスクリプションのすべての評価の種類に関するメタデータ情報を取得する

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

URI パラメーター

名前	/	必須	型	説明
subscriptionId	path	True	string pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$	Azure サブスクリプション ID
api-version	query	True	string	操作の API バージョン

応答

名前	型	説明
200 OK	SecurityAssessmentMetadataResponseList	わかりました
Other Status Codes	CloudError	操作が失敗した理由を説明するエラー応答。

セキュリティ

azure_auth

Azure Active Directory OAuth2 フロー

型: oauth2
フロー: implicit
Authorization URL (承認 URL): https://login.microsoftonline.com/common/oauth2/authorize

スコープ

名前	説明
user_impersonation	ユーザー アカウントを偽装する

例

List security assessment metadata for subscription

要求のサンプル

HTTP

GET https://management.azure.com/subscriptions/0980887d-03d6-408c-9566-532f3456804e/providers/Microsoft.Security/assessmentMetadata?api-version=2021-06-01

Java

/**
 * Samples for AssessmentsMetadata ListBySubscription.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/
     * ListAssessmentsMetadata_subscription_example.json
     */
    /**
     * Sample code: List security assessment metadata for subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        listSecurityAssessmentMetadataForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.assessmentsMetadatas().listBySubscription(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
func ExampleAssessmentsMetadataClient_NewListBySubscriptionPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssessmentsMetadataClient().NewListBySubscriptionPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssessmentMetadataResponseList = armsecurity.AssessmentMetadataResponseList{
		// 	Value: []*armsecurity.AssessmentMetadataResponse{
		// 		{
		// 			Name: to.Ptr("21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 			ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b"),
		// 			Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 				Description: to.Ptr("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
		// 				AssessmentType: to.Ptr(armsecurity.AssessmentTypeBuiltIn),
		// 				Categories: []*armsecurity.Categories{
		// 					to.Ptr(armsecurity.CategoriesCompute)},
		// 					DisplayName: to.Ptr("Install endpoint protection solution on virtual machine scale sets"),
		// 					ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 					PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de"),
		// 					RemediationDescription: to.Ptr("To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
		// 					Severity: to.Ptr(armsecurity.SeverityMedium),
		// 					Threats: []*armsecurity.Threats{
		// 						to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 						to.Ptr(armsecurity.ThreatsDataSpillage),
		// 						to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 						UserImpact: to.Ptr(armsecurity.UserImpactLow),
		// 						PlannedDeprecationDate: to.Ptr("03/2022"),
		// 						PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 							GA: to.Ptr("06/01/2021"),
		// 							Public: to.Ptr("06/01/2021"),
		// 						},
		// 						Tactics: []*armsecurity.Tactics{
		// 							to.Ptr(armsecurity.TacticsCredentialAccess),
		// 							to.Ptr(armsecurity.TacticsPersistence),
		// 							to.Ptr(armsecurity.TacticsExecution),
		// 							to.Ptr(armsecurity.TacticsDefenseEvasion),
		// 							to.Ptr(armsecurity.TacticsCollection),
		// 							to.Ptr(armsecurity.TacticsDiscovery),
		// 							to.Ptr(armsecurity.TacticsPrivilegeEscalation)},
		// 							Techniques: []*armsecurity.Techniques{
		// 								to.Ptr(armsecurity.TechniquesObfuscatedFilesOrInformation),
		// 								to.Ptr(armsecurity.TechniquesIngressToolTransfer),
		// 								to.Ptr(armsecurity.TechniquesPhishing),
		// 								to.Ptr(armsecurity.TechniquesUserExecution)},
		// 							},
		// 						},
		// 						{
		// 							Name: to.Ptr("bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Type: to.Ptr("Microsoft.Security/assessmentMetadata"),
		// 							ID: to.Ptr("/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe"),
		// 							Properties: &armsecurity.AssessmentMetadataPropertiesResponse{
		// 								Description: to.Ptr("Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine."),
		// 								AssessmentType: to.Ptr(armsecurity.AssessmentTypeCustomPolicy),
		// 								Categories: []*armsecurity.Categories{
		// 									to.Ptr(armsecurity.CategoriesNetworking)},
		// 									DisplayName: to.Ptr("Close management ports on your virtual machines"),
		// 									ImplementationEffort: to.Ptr(armsecurity.ImplementationEffortLow),
		// 									PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917"),
		// 									Preview: to.Ptr(true),
		// 									RemediationDescription: to.Ptr("We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'"),
		// 									Severity: to.Ptr(armsecurity.SeverityMedium),
		// 									Threats: []*armsecurity.Threats{
		// 										to.Ptr(armsecurity.ThreatsDataExfiltration),
		// 										to.Ptr(armsecurity.ThreatsDataSpillage),
		// 										to.Ptr(armsecurity.ThreatsMaliciousInsider)},
		// 										UserImpact: to.Ptr(armsecurity.UserImpactHigh),
		// 										PublishDates: &armsecurity.AssessmentMetadataPropertiesResponsePublishDates{
		// 											GA: to.Ptr("06/01/2021"),
		// 											Public: to.Ptr("06/01/2021"),
		// 										},
		// 									},
		// 							}},
		// 						}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get metadata information on all assessment types in a specific subscription
 *
 * @summary Get metadata information on all assessment types in a specific subscription
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
 */
async function listSecurityAssessmentMetadataForSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "0980887d-03d6-408c-9566-532f3456804e";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.assessmentsMetadata.listBySubscription()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
// this example is just showing the usage of "AssessmentsMetadata_ListBySubscription" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "0980887d-03d6-408c-9566-532f3456804e";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// get the collection of this SubscriptionAssessmentMetadataResource
SubscriptionAssessmentMetadataCollection collection = subscriptionResource.GetAllSubscriptionAssessmentMetadata();

// invoke the operation and iterate over the result
await foreach (SubscriptionAssessmentMetadataResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecurityAssessmentMetadataData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
      "name": "21300918-b2e3-0346-785f-c77ff57d243b",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Install endpoint protection solution on virtual machine scale sets",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
        "remediationDescription": "To install an endpoint protection solution: 1.  <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
        "categories": [
          "Compute"
        ],
        "severity": "Medium",
        "userImpact": "Low",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "plannedDeprecationDate": "03/2022",
        "tactics": [
          "Credential Access",
          "Persistence",
          "Execution",
          "Defense Evasion",
          "Collection",
          "Discovery",
          "Privilege Escalation"
        ],
        "techniques": [
          "Obfuscated Files or Information",
          "Ingress Tool Transfer",
          "Phishing",
          "User Execution"
        ],
        "assessmentType": "BuiltIn"
      }
    },
    {
      "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
      "type": "Microsoft.Security/assessmentMetadata",
      "properties": {
        "displayName": "Close management ports on your virtual machines",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
        "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
        "categories": [
          "Networking"
        ],
        "severity": "Medium",
        "userImpact": "High",
        "implementationEffort": "Low",
        "threats": [
          "dataExfiltration",
          "dataSpillage",
          "maliciousInsider"
        ],
        "publishDates": {
          "GA": "06/01/2021",
          "public": "06/01/2021"
        },
        "preview": true,
        "assessmentType": "CustomPolicy"
      }
    }
  ]
}

定義

名前	説明
assessmentType	組み込みの Azure Policy 定義に基づく評価の場合は BuiltIn、カスタム Azure Policy 定義に基づく評価の場合は Custom
categories
CloudError	失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。
CloudErrorBody	エラーの詳細。
ErrorAdditionalInfo	リソース管理エラーの追加情報。
implementationEffort	この評価を修復するために必要な実装作業
PublishDates
SecurityAssessmentMetadataPartnerData	評価を作成したパートナーについて説明します
SecurityAssessmentMetadataResponse	セキュリティ評価メタデータの応答
SecurityAssessmentMetadataResponseList	セキュリティ評価メタデータの一覧
severity	評価の重大度レベル
tactics
techniques
threats
userImpact	評価のユーザーへの影響

assessmentType

列挙

組み込みの Azure Policy 定義に基づく評価の場合は BuiltIn、カスタム Azure Policy 定義に基づく評価の場合は Custom

値	説明
BuiltIn	Microsoft Defender for Cloud マネージド評価
CustomPolicy	Azure Policy から Microsoft Defender for Cloud に自動的に取り込まれるユーザー定義ポリシー
CustomerManaged	ユーザーまたは他のサード パーティによって Microsoft Defender for Cloud に直接プッシュされたユーザー評価
VerifiedPartner	ユーザーが ASC に接続した場合に、検証済みのサード パーティによって作成された評価

categories

列挙

値	説明
Compute
Data
IdentityAndAccess
IoT
Networking

CloudError

Object

失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。

名前	型	説明
error.additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
error.code	string	エラー コード。
error.details	CloudErrorBody[]	エラーの詳細。
error.message	string	エラー メッセージ。
error.target	string	エラーターゲット。

CloudErrorBody

Object

エラーの詳細。

名前	型	説明
additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
code	string	エラー コード。
details	CloudErrorBody[]	エラーの詳細。
message	string	エラー メッセージ。
target	string	エラーターゲット。

ErrorAdditionalInfo

Object

リソース管理エラーの追加情報。

名前	型	説明
info	object	追加情報。
type	string	追加情報の種類。

implementationEffort

列挙

この評価を修復するために必要な実装作業

値	説明
High
Low
Moderate

PublishDates

Object

名前	型	説明
GA	string pattern: ^([0-9]{2}/){2}[0-9]{4}$
public	string pattern: ^([0-9]{2}/){2}[0-9]{4}$

SecurityAssessmentMetadataPartnerData

Object

評価を作成したパートナーについて説明します

名前	型	説明
partnerName	string	パートナーの会社の名前
productName	string	評価を作成したパートナーの製品の名前
secret	string	パートナーを認証し、評価が作成されたことを確認するためのシークレット - 書き込み専用

SecurityAssessmentMetadataResponse

Object

セキュリティ評価メタデータの応答

名前	型	説明
id	string	リソース ID
name	string	リソース名
properties.assessmentType	assessmentType	組み込みの Azure Policy 定義に基づく評価の場合は BuiltIn、カスタム Azure Policy 定義に基づく評価の場合は Custom
properties.categories	categories[]	評価が異常な場合に危険にさらされるリソースのカテゴリ
properties.description	string	評価の人間が判読できる説明
properties.displayName	string	評価のわかりやすい表示名
properties.implementationEffort	implementationEffort	この評価を修復するために必要な実装作業
properties.partnerData	SecurityAssessmentMetadataPartnerData	評価を作成したパートナーについて説明します
properties.plannedDeprecationDate	string pattern: ^[0-9]{2}/[0-9]{4}$
properties.policyDefinitionId	string	この評価の計算をオンにするポリシー定義の Azure リソース ID
properties.preview	boolean	True の 場合、この評価は、プレビュー リリースの状態です。
properties.publishDates	PublishDates
properties.remediationDescription	string	このセキュリティの問題を軽減するために行う必要がある操作の人間が判読できる説明
properties.severity	severity	評価の重大度レベル
properties.tactics	tactics[]	評価の戦術
properties.techniques	techniques[]	評価の手法
properties.threats	threats[]	評価の脅威への影響
properties.userImpact	userImpact	評価のユーザーへの影響
type	string	リソースの種類

SecurityAssessmentMetadataResponseList

Object

セキュリティ評価メタデータの一覧

名前	型	説明
nextLink	string	次のページをフェッチする URI。
value	SecurityAssessmentMetadataResponse[]	セキュリティ評価メタデータの応答

severity

列挙

評価の重大度レベル

値	説明
High
Low
Medium

tactics

列挙

値	説明
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Reconnaissance
Resource Development

techniques

列挙

値	説明
Abuse Elevation Control Mechanism
Access Token Manipulation
Account Discovery
Account Manipulation
Active Scanning
Application Layer Protocol
Audio Capture
Boot or Logon Autostart Execution
Boot or Logon Initialization Scripts
Brute Force
Cloud Infrastructure Discovery
Cloud Service Dashboard
Cloud Service Discovery
Command and Scripting Interpreter
Compromise Client Software Binary
Compromise Infrastructure
Container and Resource Discovery
Create Account
Create or Modify System Process
Credentials from Password Stores
Data Destruction
Data Encrypted for Impact
Data Manipulation
Data Staged
Data from Cloud Storage Object
Data from Configuration Repository
Data from Information Repositories
Data from Local System
Defacement
Deobfuscate/Decode Files or Information
Disk Wipe
Domain Trust Discovery
Drive-by Compromise
Dynamic Resolution
Endpoint Denial of Service
Event Triggered Execution
Exfiltration Over Alternative Protocol
Exploit Public-Facing Application
Exploitation for Client Execution
Exploitation for Credential Access
Exploitation for Defense Evasion
Exploitation for Privilege Escalation
Exploitation of Remote Services
External Remote Services
Fallback Channels
File and Directory Discovery
File and Directory Permissions Modification
Gather Victim Network Information
Hide Artifacts
Hijack Execution Flow
Impair Defenses
Implant Container Image
Indicator Removal on Host
Indirect Command Execution
Ingress Tool Transfer
Input Capture
Inter-Process Communication
Lateral Tool Transfer
Man-in-the-Middle
Masquerading
Modify Authentication Process
Modify Registry
Network Denial of Service
Network Service Scanning
Network Sniffing
Non-Application Layer Protocol
Non-Standard Port
OS Credential Dumping
Obfuscated Files or Information
Obtain Capabilities
Office Application Startup
Permission Groups Discovery
Phishing
Pre-OS Boot
Process Discovery
Process Injection
Protocol Tunneling
Proxy
Query Registry
Remote Access Software
Remote Service Session Hijacking
Remote Services
Remote System Discovery
Resource Hijacking
SQL Stored Procedures
Scheduled Task/Job
Screen Capture
Search Victim-Owned Websites
Server Software Component
Service Stop
Signed Binary Proxy Execution
Software Deployment Tools
Steal or Forge Kerberos Tickets
Subvert Trust Controls
Supply Chain Compromise
System Information Discovery
Taint Shared Content
Traffic Signaling
Transfer Data to Cloud Account
Trusted Relationship
Unsecured Credentials
User Execution
Valid Accounts
Windows Management Instrumentation

threats

列挙

値	説明
accountBreach
dataExfiltration
dataSpillage
denialOfService
elevationOfPrivilege
maliciousInsider
missingCoverage
threatResistance

userImpact

列挙

評価のユーザーへの影響

値	説明
High
Low
Moderate