Sub Assessments - List
Get security sub-assessments on all your scanned resources inside a scope
GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments?api-version=2019-01-01-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
assessment
|
path | True |
string |
The security assessment key - unique key for the assessment type |
|
scope
|
path | True |
string |
The scope of the sub-assessment. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Azure operation completed successfully. |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
List security sub-assessments
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subAssessments?api-version=2019-01-01-preview
Sample response
{
"value": [
{
"name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
"type": "Microsoft.Security/assessments/subAssessments",
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
"properties": {
"description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
"additionalData": {
"type": "AzureDatabase",
"assessedResourceType": "SqlServerVulnerability",
"benchmarks": [],
"query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules"
},
"category": "SurfaceAreaReduction",
"displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
"id": "VA2064",
"impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
"remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
"resourceDetails": {
"id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1",
"source": "Azure"
},
"status": {
"cause": "Unknown",
"code": "Healthy",
"severity": "High"
},
"timeGenerated": "2019-06-23T12:20:08.7644808Z"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Assessed |
Sub-assessment resource type |
|
Common. |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
|
Common. |
The error detail. |
|
Container |
Additional context fields for container registry Vulnerability assessment |
|
created |
The type of identity that created the resource. |
| CVE |
CVE details |
| CVSS |
CVSS details |
|
Error |
The resource management error additional info. |
|
Security |
Security sub-assessment on a resource |
|
Security |
List of security sub-assessments |
|
Server |
Additional context fields for server vulnerability assessment |
| Severity |
The sub-assessment severity level |
|
Sql |
Details of the resource that was assessed |
|
Sub |
Status of the sub-assessment |
|
Sub |
Programmatic code for the status of the assessment |
|
system |
Metadata pertaining to creation and last modification of the resource. |
|
Vendor |
Vendor reference |
AssessedResourceType
Sub-assessment resource type
| Value | Description |
|---|---|
| SqlServerVulnerability |
SqlServerVulnerability |
| ContainerRegistryVulnerability |
ContainerRegistryVulnerability |
| ServerVulnerability |
ServerVulnerability |
| ServerVulnerabilityAssessment |
ServerVulnerabilityAssessment |
Common.CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name | Type | Description |
|---|---|---|
| error.additionalInfo |
The error additional info. |
|
| error.code |
string |
The error code. |
| error.details |
The error details. |
|
| error.message |
string |
The error message. |
| error.target |
string |
The error target. |
Common.CloudErrorBody
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ContainerRegistryVulnerabilityProperties
Additional context fields for container registry Vulnerability assessment
| Name | Type | Description |
|---|---|---|
| assessedResourceType |
string:
Container |
Sub-assessment resource type |
| cve |
CVE[] |
List of CVEs |
| cvss |
<string, CVSS> |
Dictionary from cvss version to cvss details object |
| imageDigest |
string |
Digest of the vulnerable image |
| patchable |
boolean |
Indicates whether a patch is available or not |
| publishedTime |
string (date-time) |
Published time |
| repositoryName |
string |
Name of the repository which the vulnerable image belongs to |
| type |
string |
Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability |
| vendorReferences |
Vendor reference |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
CVE
CVE details
| Name | Type | Description |
|---|---|---|
| link |
string |
Link url |
| title |
string |
CVE title |
CVSS
CVSS details
| Name | Type | Description |
|---|---|---|
| base |
number (float) |
CVSS base |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
SecuritySubAssessment
Security sub-assessment on a resource
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.additionalData | AdditionalData: |
Details of the sub-assessment |
| properties.category |
string |
Category of the sub-assessment |
| properties.description |
string |
Human readable description of the assessment status |
| properties.displayName |
string |
User friendly display name of the sub-assessment |
| properties.id |
string |
Vulnerability ID |
| properties.impact |
string |
Description of the impact of this sub-assessment |
| properties.remediation |
string |
Information on how to remediate this sub-assessment |
| properties.resourceDetails |
Common. |
Details of the resource that was assessed |
| properties.status |
Status of the sub-assessment |
|
| properties.timeGenerated |
string (date-time) |
The date and time the sub-assessment was generated |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
SecuritySubAssessmentList
List of security sub-assessments
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
The URI to fetch the next page. |
| value |
List of security sub-assessments |
ServerVulnerabilityProperties
Additional context fields for server vulnerability assessment
| Name | Type | Description |
|---|---|---|
| assessedResourceType |
string:
Server |
Sub-assessment resource type |
| cve |
CVE[] |
List of CVEs |
| cvss |
<string, CVSS> |
Dictionary from cvss version to cvss details object |
| patchable |
boolean |
Indicates whether a patch is available or not |
| publishedTime |
string (date-time) |
Published time |
| threat |
string |
Threat name |
| type |
string |
Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered |
| vendorReferences |
Vendor reference |
Severity
The sub-assessment severity level
| Value | Description |
|---|---|
| Low |
Low |
| Medium |
Medium |
| High |
High |
| Critical |
Critical |
SqlServerVulnerabilityProperties
Details of the resource that was assessed
| Name | Type | Description |
|---|---|---|
| assessedResourceType |
string:
Sql |
Sub-assessment resource type |
| query |
string |
The T-SQL query that runs on your SQL database to perform the particular check |
| type |
string |
The resource type the sub assessment refers to in its resource details |
SubAssessmentStatus
Status of the sub-assessment
| Name | Type | Description |
|---|---|---|
| cause |
string |
Programmatic code for the cause of the assessment status |
| code |
Programmatic code for the status of the assessment |
|
| description |
string |
Human readable description of the assessment status |
| severity |
The sub-assessment severity level |
SubAssessmentStatusCode
Programmatic code for the status of the assessment
| Value | Description |
|---|---|
| Healthy |
The resource is healthy |
| Unhealthy |
The resource has a security issue that needs to be addressed |
| NotApplicable |
Assessment for this resource did not happen |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |
VendorReference
Vendor reference
| Name | Type | Description |
|---|---|---|
| link |
string |
Link url |
| title |
string |
Link title |