你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Sub Assessments - List

Service:

Defender for Cloud

API Version:

2019-01-01-preview

获取范围内所有已扫描资源的安全子评估

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments?api-version=2019-01-01-preview

URI 参数

名称	在	必需	类型	说明
assessmentName	path	True	string	评估键 - 评估类型的唯一键
scope	path	True	string	查询范围可以是订阅 (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) 或管理组 (/providers/Microsoft.Management/managementGroups/mgName) 。
api-version	query	True	string	操作的 API 版本

响应

名称	类型	说明
200 OK	SecuritySubAssessmentList	确定
Other Status Codes	CloudError	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名称	说明
user_impersonation	模拟用户帐户

示例

List security sub-assessments

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subAssessments?api-version=2019-01-01-preview

Java

/**
 * Samples for SubAssessments List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/
     * ListSubAssessments_example.json
     */
    /**
     * Sample code: List security sub-assessments.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void listSecuritySubAssessments(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.subAssessments().list("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            "82e20e14-edc5-4373-bfc4-f13121257c37", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
func ExampleSubAssessmentsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSubAssessmentsClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "82e20e14-edc5-4373-bfc4-f13121257c37", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SubAssessmentList = armsecurity.SubAssessmentList{
		// 	Value: []*armsecurity.SubAssessment{
		// 		{
		// 			Name: to.Ptr("8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Type: to.Ptr("Microsoft.Security/assessments/subAssessments"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf"),
		// 			Properties: &armsecurity.SubAssessmentProperties{
		// 				Description: to.Ptr("The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master"),
		// 				AdditionalData: &armsecurity.SQLServerVulnerabilityProperties{
		// 					AssessedResourceType: to.Ptr(armsecurity.AssessedResourceTypeSQLServerVulnerability),
		// 					Type: to.Ptr("AzureDatabase"),
		// 					Query: to.Ptr("SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules"),
		// 				},
		// 				Category: to.Ptr("SurfaceAreaReduction"),
		// 				DisplayName: to.Ptr("Database-level firewall rules should be tracked and maintained at a strict minimum"),
		// 				ID: to.Ptr("VA2064"),
		// 				Impact: to.Ptr("Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database."),
		// 				Remediation: to.Ptr("Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans."),
		// 				ResourceDetails: &armsecurity.AzureResourceDetails{
		// 					Source: to.Ptr(armsecurity.SourceAzure),
		// 					ID: to.Ptr("/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"),
		// 				},
		// 				Status: &armsecurity.SubAssessmentStatus{
		// 					Cause: to.Ptr("Unknown"),
		// 					Code: to.Ptr(armsecurity.SubAssessmentStatusCodeHealthy),
		// 					Severity: to.Ptr(armsecurity.SeverityHigh),
		// 				},
		// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-06-23T12:20:08.764Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get security sub-assessments on all your scanned resources inside a scope
 *
 * @summary Get security sub-assessments on all your scanned resources inside a scope
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
 */
async function listSecuritySubAssessments() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const assessmentName = "82e20e14-edc5-4373-bfc4-f13121257c37";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const resArray = new Array();
  for await (let item of client.subAssessments.list(scope, assessmentName)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
// this example is just showing the usage of "SubAssessments_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityAssessmentResource created on azure
// for more information of creating SecurityAssessmentResource, please refer to the document of SecurityAssessmentResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string assessmentName = "82e20e14-edc5-4373-bfc4-f13121257c37";
ResourceIdentifier securityAssessmentResourceId = SecurityAssessmentResource.CreateResourceIdentifier(scope, assessmentName);
SecurityAssessmentResource securityAssessment = client.GetSecurityAssessmentResource(securityAssessmentResourceId);

// get the collection of this SecuritySubAssessmentResource
SecuritySubAssessmentCollection collection = securityAssessment.GetSecuritySubAssessments();

// invoke the operation and iterate over the result
await foreach (SecuritySubAssessmentResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecuritySubAssessmentData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

定义

名称	说明
AzureResourceDetails	被评估的 Azure 资源的详细信息
CloudError	对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。
CloudErrorBody	错误详细信息。
ContainerRegistryVulnerabilityProperties	容器注册表漏洞评估的其他上下文字段
CVE	CVE 详细信息
CVSS	CVSS 详细信息
ErrorAdditionalInfo	资源管理错误附加信息。
OnPremiseResourceDetails	已评估的本地资源的详细信息
OnPremiseSqlResourceDetails	已评估的本地 Sql 资源的详细信息
SecuritySubAssessment	对资源进行安全子评估
SecuritySubAssessmentList	安全子评估列表
ServerVulnerabilityProperties	服务器漏洞评估的其他上下文字段
severity	子评估严重性级别
SqlServerVulnerabilityProperties	已评估的资源的详细信息
SubAssessmentStatus	子评估的状态
SubAssessmentStatusCode	评估状态的编程代码
VendorReference	供应商参考

AzureResourceDetails

被评估的 Azure 资源的详细信息

名称	类型	说明
id	string	已评估资源的 Azure 资源 ID
source	string: Azure	被评估资源所在的平台

CloudError

对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ContainerRegistryVulnerabilityProperties

容器注册表漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ContainerRegistryVulnerability	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
imageDigest	string	易受攻击图像的摘要
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
repositoryName	string	易受攻击的映像所属的存储库的名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息、漏洞
vendorReferences	VendorReference[]	供应商参考

CVE

CVE 详细信息

名称	类型	说明
link	string	链接 URL
title	string	CVE 标题

CVSS

CVSS 详细信息

名称	类型	说明
base	number	CVSS 基础

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

OnPremiseResourceDetails

已评估的本地资源的详细信息

名称	类型	说明
machineName	string	计算机的名称
source	string: OnPremise	被评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

OnPremiseSqlResourceDetails

已评估的本地 Sql 资源的详细信息

名称	类型	说明
databaseName	string	计算机上安装的 Sql 数据库名称
machineName	string	计算机的名称
serverName	string	计算机上安装的 Sql Server 名称
source	string: OnPremiseSql	被评估资源所在的平台
sourceComputerId	string	计算机上安装的 oms 代理 ID
vmuuid	string	计算机的唯一 ID
workspaceId	string	计算机附加到的工作区的 Azure 资源 ID

SecuritySubAssessment

对资源进行安全子评估

名称	类型	说明
id	string	资源 ID
name	string	资源名称
properties.additionalData	AdditionalData: ContainerRegistryVulnerabilityProperties ServerVulnerabilityProperties SqlServerVulnerabilityProperties	子评估的详细信息
properties.category	string	子评估的类别
properties.description	string	评估状态的人工可读说明
properties.displayName	string	子评估的用户友好显示名称
properties.id	string	漏洞 ID
properties.impact	string	此子评估的影响说明
properties.remediation	string	有关如何修正此子评估的信息
properties.resourceDetails	ResourceDetails: AzureResourceDetails OnPremiseResourceDetails OnPremiseSqlResourceDetails	已评估的资源的详细信息
properties.status	SubAssessmentStatus	子评估的状态
properties.timeGenerated	string	生成子评估的日期和时间
type	string	资源类型

SecuritySubAssessmentList

安全子评估列表

名称	类型	说明
nextLink	string	用于提取下一页的 URI。
value	SecuritySubAssessment[]	对资源进行安全子评估

ServerVulnerabilityProperties

服务器漏洞评估的其他上下文字段

名称	类型	说明
assessedResourceType	string: ServerVulnerabilityAssessment	子评估资源类型
cve	CVE[]	CVE 列表
cvss	<string,  CVSS>	从 cvss 版本到 cvss 详细信息对象的字典
patchable	boolean	指示修补程序是否可用
publishedTime	string	发布时间
threat	string	威胁名称
type	string	漏洞类型。 例如：漏洞、潜在漏洞、收集的信息
vendorReferences	VendorReference[]	供应商参考

severity

子评估严重性级别

名称	类型	说明
High	string
Low	string
Medium	string

SqlServerVulnerabilityProperties

已评估的资源的详细信息

名称	类型	说明
assessedResourceType	string: SqlServerVulnerability	子评估资源类型
query	string	在 SQL 数据库上运行以执行特定检查
type	string	子评估在其资源详细信息中引用的资源类型

SubAssessmentStatus

子评估的状态

名称	类型	说明
cause	string	评估状态原因的编程代码
code	SubAssessmentStatusCode	评估状态的编程代码
description	string	评估状态的人工可读说明
severity	severity	子评估严重性级别

SubAssessmentStatusCode

评估状态的编程代码

名称	类型	说明
Healthy	string	资源正常
NotApplicable	string	未对此资源进行评估
Unhealthy	string	资源存在需要解决的安全问题

VendorReference

供应商参考

名称	类型	说明
link	string	链接 URL
title	string	链接标题