Microsoft.Security assessmentMetadata
Bicep resource definition
The assessmentMetadata resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessmentMetadata resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/assessmentMetadata@2021-06-01' = {
name: 'string'
properties: {
assessmentType: 'string'
categories: [
'string'
]
description: 'string'
displayName: 'string'
implementationEffort: 'string'
partnerData: {
partnerName: 'string'
productName: 'string'
secret: 'string'
}
plannedDeprecationDate: 'string'
preview: bool
publishDates: {
GA: 'string'
public: 'string'
}
remediationDescription: 'string'
severity: 'string'
tactics: [
'string'
]
techniques: [
'string'
]
threats: [
'string'
]
userImpact: 'string'
}
}
Property values
Microsoft.Security/assessmentMetadata
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Describes properties of an assessment metadata response. | SecurityAssessmentMetadataPropertiesResponse |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataPropertiesResponse
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| plannedDeprecationDate | string Constraints: Pattern = ^[0-9]{2}/[0-9]{4}$ |
|
| preview | True if this assessment is in preview release status | bool |
| publishDates | SecurityAssessmentMetadataPropertiesResponsePublishDates | |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| tactics | String array containing any of: 'Collection' 'Command and Control' 'Credential Access' 'Defense Evasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'Initial Access' 'Lateral Movement' 'Persistence' 'Privilege Escalation' 'Reconnaissance' 'Resource Development' |
|
| techniques | String array containing any of: 'Abuse Elevation Control Mechanism' 'Access Token Manipulation' 'Account Discovery' 'Account Manipulation' 'Active Scanning' 'Application Layer Protocol' 'Audio Capture' 'Boot or Logon Autostart Execution' 'Boot or Logon Initialization Scripts' 'Brute Force' 'Cloud Infrastructure Discovery' 'Cloud Service Dashboard' 'Cloud Service Discovery' 'Command and Scripting Interpreter' 'Compromise Client Software Binary' 'Compromise Infrastructure' 'Container and Resource Discovery' 'Create Account' 'Create or Modify System Process' 'Credentials from Password Stores' 'Data Destruction' 'Data Encrypted for Impact' 'Data from Cloud Storage Object' 'Data from Configuration Repository' 'Data from Information Repositories' 'Data from Local System' 'Data Manipulation' 'Data Staged' 'Defacement' 'Deobfuscate/Decode Files or Information' 'Disk Wipe' 'Domain Trust Discovery' 'Drive-by Compromise' 'Dynamic Resolution' 'Endpoint Denial of Service' 'Event Triggered Execution' 'Exfiltration Over Alternative Protocol' 'Exploit Public-Facing Application' 'Exploitation for Client Execution' 'Exploitation for Credential Access' 'Exploitation for Defense Evasion' 'Exploitation for Privilege Escalation' 'Exploitation of Remote Services' 'External Remote Services' 'Fallback Channels' 'File and Directory Discovery' 'File and Directory Permissions Modification' 'Gather Victim Network Information' 'Hide Artifacts' 'Hijack Execution Flow' 'Impair Defenses' 'Implant Container Image' 'Indicator Removal on Host' 'Indirect Command Execution' 'Ingress Tool Transfer' 'Input Capture' 'Inter-Process Communication' 'Lateral Tool Transfer' 'Man-in-the-Middle' 'Masquerading' 'Modify Authentication Process' 'Modify Registry' 'Network Denial of Service' 'Network Service Scanning' 'Network Sniffing' 'Non-Application Layer Protocol' 'Non-Standard Port' 'Obfuscated Files or Information' 'Obtain Capabilities' 'Office Application Startup' 'OS Credential Dumping' 'Permission Groups Discovery' 'Phishing' 'Pre-OS Boot' 'Process Discovery' 'Process Injection' 'Protocol Tunneling' 'Proxy' 'Query Registry' 'Remote Access Software' 'Remote Service Session Hijacking' 'Remote Services' 'Remote System Discovery' 'Resource Hijacking' 'Scheduled Task/Job' 'Screen Capture' 'Search Victim-Owned Websites' 'Server Software Component' 'Service Stop' 'Signed Binary Proxy Execution' 'Software Deployment Tools' 'SQL Stored Procedures' 'Steal or Forge Kerberos Tickets' 'Subvert Trust Controls' 'Supply Chain Compromise' 'System Information Discovery' 'Taint Shared Content' 'Traffic Signaling' 'Transfer Data to Cloud Account' 'Trusted Relationship' 'Unsecured Credentials' 'User Execution' 'Valid Accounts' 'Windows Management Instrumentation' |
|
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentMetadataPropertiesResponsePublishDates
| Name | Description | Value |
|---|---|---|
| GA | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ |
|
| public | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ (required) |
ARM template resource definition
The assessmentMetadata resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessmentMetadata resource, add the following JSON to your template.
{
"type": "Microsoft.Security/assessmentMetadata",
"apiVersion": "2021-06-01",
"name": "string",
"properties": {
"assessmentType": "string",
"categories": [ "string" ],
"description": "string",
"displayName": "string",
"implementationEffort": "string",
"partnerData": {
"partnerName": "string",
"productName": "string",
"secret": "string"
},
"plannedDeprecationDate": "string",
"preview": "bool",
"publishDates": {
"GA": "string",
"public": "string"
},
"remediationDescription": "string",
"severity": "string",
"tactics": [ "string" ],
"techniques": [ "string" ],
"threats": [ "string" ],
"userImpact": "string"
}
}
Property values
Microsoft.Security/assessmentMetadata
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2021-06-01' |
| name | The resource name | string (required) |
| properties | Describes properties of an assessment metadata response. | SecurityAssessmentMetadataPropertiesResponse |
| type | The resource type | 'Microsoft.Security/assessmentMetadata' |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataPropertiesResponse
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| plannedDeprecationDate | string Constraints: Pattern = ^[0-9]{2}/[0-9]{4}$ |
|
| preview | True if this assessment is in preview release status | bool |
| publishDates | SecurityAssessmentMetadataPropertiesResponsePublishDates | |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| tactics | String array containing any of: 'Collection' 'Command and Control' 'Credential Access' 'Defense Evasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'Initial Access' 'Lateral Movement' 'Persistence' 'Privilege Escalation' 'Reconnaissance' 'Resource Development' |
|
| techniques | String array containing any of: 'Abuse Elevation Control Mechanism' 'Access Token Manipulation' 'Account Discovery' 'Account Manipulation' 'Active Scanning' 'Application Layer Protocol' 'Audio Capture' 'Boot or Logon Autostart Execution' 'Boot or Logon Initialization Scripts' 'Brute Force' 'Cloud Infrastructure Discovery' 'Cloud Service Dashboard' 'Cloud Service Discovery' 'Command and Scripting Interpreter' 'Compromise Client Software Binary' 'Compromise Infrastructure' 'Container and Resource Discovery' 'Create Account' 'Create or Modify System Process' 'Credentials from Password Stores' 'Data Destruction' 'Data Encrypted for Impact' 'Data from Cloud Storage Object' 'Data from Configuration Repository' 'Data from Information Repositories' 'Data from Local System' 'Data Manipulation' 'Data Staged' 'Defacement' 'Deobfuscate/Decode Files or Information' 'Disk Wipe' 'Domain Trust Discovery' 'Drive-by Compromise' 'Dynamic Resolution' 'Endpoint Denial of Service' 'Event Triggered Execution' 'Exfiltration Over Alternative Protocol' 'Exploit Public-Facing Application' 'Exploitation for Client Execution' 'Exploitation for Credential Access' 'Exploitation for Defense Evasion' 'Exploitation for Privilege Escalation' 'Exploitation of Remote Services' 'External Remote Services' 'Fallback Channels' 'File and Directory Discovery' 'File and Directory Permissions Modification' 'Gather Victim Network Information' 'Hide Artifacts' 'Hijack Execution Flow' 'Impair Defenses' 'Implant Container Image' 'Indicator Removal on Host' 'Indirect Command Execution' 'Ingress Tool Transfer' 'Input Capture' 'Inter-Process Communication' 'Lateral Tool Transfer' 'Man-in-the-Middle' 'Masquerading' 'Modify Authentication Process' 'Modify Registry' 'Network Denial of Service' 'Network Service Scanning' 'Network Sniffing' 'Non-Application Layer Protocol' 'Non-Standard Port' 'Obfuscated Files or Information' 'Obtain Capabilities' 'Office Application Startup' 'OS Credential Dumping' 'Permission Groups Discovery' 'Phishing' 'Pre-OS Boot' 'Process Discovery' 'Process Injection' 'Protocol Tunneling' 'Proxy' 'Query Registry' 'Remote Access Software' 'Remote Service Session Hijacking' 'Remote Services' 'Remote System Discovery' 'Resource Hijacking' 'Scheduled Task/Job' 'Screen Capture' 'Search Victim-Owned Websites' 'Server Software Component' 'Service Stop' 'Signed Binary Proxy Execution' 'Software Deployment Tools' 'SQL Stored Procedures' 'Steal or Forge Kerberos Tickets' 'Subvert Trust Controls' 'Supply Chain Compromise' 'System Information Discovery' 'Taint Shared Content' 'Traffic Signaling' 'Transfer Data to Cloud Account' 'Trusted Relationship' 'Unsecured Credentials' 'User Execution' 'Valid Accounts' 'Windows Management Instrumentation' |
|
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentMetadataPropertiesResponsePublishDates
| Name | Description | Value |
|---|---|---|
| GA | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ |
|
| public | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ (required) |
Terraform (AzAPI provider) resource definition
The assessmentMetadata resource type can be deployed with operations that target:
- Tenant* Subscription
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessmentMetadata resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/assessmentMetadata@2021-06-01"
name = "string"
body = jsonencode({
properties = {
assessmentType = "string"
categories = [
"string"
]
description = "string"
displayName = "string"
implementationEffort = "string"
partnerData = {
partnerName = "string"
productName = "string"
secret = "string"
}
plannedDeprecationDate = "string"
preview = bool
publishDates = {
GA = "string"
public = "string"
}
remediationDescription = "string"
severity = "string"
tactics = [
"string"
]
techniques = [
"string"
]
threats = [
"string"
]
userImpact = "string"
}
})
}
Property values
Microsoft.Security/assessmentMetadata
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Describes properties of an assessment metadata response. | SecurityAssessmentMetadataPropertiesResponse |
| type | The resource type | "Microsoft.Security/assessmentMetadata@2021-06-01" |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataPropertiesResponse
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| plannedDeprecationDate | string Constraints: Pattern = ^[0-9]{2}/[0-9]{4}$ |
|
| preview | True if this assessment is in preview release status | bool |
| publishDates | SecurityAssessmentMetadataPropertiesResponsePublishDates | |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| tactics | String array containing any of: 'Collection' 'Command and Control' 'Credential Access' 'Defense Evasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'Initial Access' 'Lateral Movement' 'Persistence' 'Privilege Escalation' 'Reconnaissance' 'Resource Development' |
|
| techniques | String array containing any of: 'Abuse Elevation Control Mechanism' 'Access Token Manipulation' 'Account Discovery' 'Account Manipulation' 'Active Scanning' 'Application Layer Protocol' 'Audio Capture' 'Boot or Logon Autostart Execution' 'Boot or Logon Initialization Scripts' 'Brute Force' 'Cloud Infrastructure Discovery' 'Cloud Service Dashboard' 'Cloud Service Discovery' 'Command and Scripting Interpreter' 'Compromise Client Software Binary' 'Compromise Infrastructure' 'Container and Resource Discovery' 'Create Account' 'Create or Modify System Process' 'Credentials from Password Stores' 'Data Destruction' 'Data Encrypted for Impact' 'Data from Cloud Storage Object' 'Data from Configuration Repository' 'Data from Information Repositories' 'Data from Local System' 'Data Manipulation' 'Data Staged' 'Defacement' 'Deobfuscate/Decode Files or Information' 'Disk Wipe' 'Domain Trust Discovery' 'Drive-by Compromise' 'Dynamic Resolution' 'Endpoint Denial of Service' 'Event Triggered Execution' 'Exfiltration Over Alternative Protocol' 'Exploit Public-Facing Application' 'Exploitation for Client Execution' 'Exploitation for Credential Access' 'Exploitation for Defense Evasion' 'Exploitation for Privilege Escalation' 'Exploitation of Remote Services' 'External Remote Services' 'Fallback Channels' 'File and Directory Discovery' 'File and Directory Permissions Modification' 'Gather Victim Network Information' 'Hide Artifacts' 'Hijack Execution Flow' 'Impair Defenses' 'Implant Container Image' 'Indicator Removal on Host' 'Indirect Command Execution' 'Ingress Tool Transfer' 'Input Capture' 'Inter-Process Communication' 'Lateral Tool Transfer' 'Man-in-the-Middle' 'Masquerading' 'Modify Authentication Process' 'Modify Registry' 'Network Denial of Service' 'Network Service Scanning' 'Network Sniffing' 'Non-Application Layer Protocol' 'Non-Standard Port' 'Obfuscated Files or Information' 'Obtain Capabilities' 'Office Application Startup' 'OS Credential Dumping' 'Permission Groups Discovery' 'Phishing' 'Pre-OS Boot' 'Process Discovery' 'Process Injection' 'Protocol Tunneling' 'Proxy' 'Query Registry' 'Remote Access Software' 'Remote Service Session Hijacking' 'Remote Services' 'Remote System Discovery' 'Resource Hijacking' 'Scheduled Task/Job' 'Screen Capture' 'Search Victim-Owned Websites' 'Server Software Component' 'Service Stop' 'Signed Binary Proxy Execution' 'Software Deployment Tools' 'SQL Stored Procedures' 'Steal or Forge Kerberos Tickets' 'Subvert Trust Controls' 'Supply Chain Compromise' 'System Information Discovery' 'Taint Shared Content' 'Traffic Signaling' 'Transfer Data to Cloud Account' 'Trusted Relationship' 'Unsecured Credentials' 'User Execution' 'Valid Accounts' 'Windows Management Instrumentation' |
|
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentMetadataPropertiesResponsePublishDates
| Name | Description | Value |
|---|---|---|
| GA | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ |
|
| public | string Constraints: Pattern = ^([0-9]{2}/){2}[0-9]{4}$ (required) |