Sub Assessments - Get

Get a security sub-assessment on your scanned resource

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}?api-version=2019-01-01-preview

URI Parameters

Name In Required Type Description
assessmentName
path True

string

The Assessment Key - Unique key for the assessment type

scope
path True

string

Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).

subAssessmentName
path True

string

The Sub-Assessment Key - Unique key for the sub-assessment type

api-version
query True

string

API version for the operation

Responses

Name Type Description
200 OK

SecuritySubAssessment

OK

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Get security recommendation task from security data location

Sample request

GET https://management.azure.com/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subAssessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85?api-version=2019-01-01-preview

Sample response

{
  "type": "Microsoft.Security/assessments/subAssessments",
  "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
  "properties": {
    "id": "370361",
    "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "status": {
      "code": "Unhealthy",
      "severity": "Medium"
    },
    "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.",
    "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.",
    "category": "Local",
    "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
    "timeGenerated": "2021-02-02T12:36:50.779Z",
    "resourceDetails": {
      "source": "Azure",
      "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"
    },
    "additionalData": {
      "assessedResourceType": "ServerVulnerability",
      "type": "VirtualMachine",
      "cvss": {
        "2.0": {
          "base": 7.5
        },
        "3.0": {
          "base": 9.8
        }
      },
      "patchable": true,
      "cve": [
        {
          "title": "CVE-2017-6542",
          "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542"
        }
      ],
      "publishedTime": "2017-04-06T10:58:25",
      "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols",
      "vendorReferences": [
        {
          "title": "CVE-2017-6542",
          "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html"
        }
      ]
    }
  }
}

Definitions

Name Description
AzureResourceDetails

Details of the Azure resource that was assessed

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

CVE

CVE details

CVSS

CVSS details

ErrorAdditionalInfo

The resource management error additional info.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

SecuritySubAssessment

Security sub-assessment on a resource

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

severity

The sub-assessment severity level

SqlServerVulnerabilityProperties

Details of the resource that was assessed

SubAssessmentStatus

Status of the sub-assessment

SubAssessmentStatusCode

Programmatic code for the status of the assessment

VendorReference

Vendor reference

AzureResourceDetails

Details of the Azure resource that was assessed

Name Type Description
id

string

Azure resource Id of the assessed resource

source string:

Azure

The platform where the assessed resource resides

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

ErrorAdditionalInfo[]

The error additional info.

error.code

string

The error code.

error.details

CloudErrorBody[]

The error details.

error.message

string

The error message.

error.target

string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

CloudErrorBody[]

The error details.

message

string

The error message.

target

string

The error target.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

Name Type Description
assessedResourceType string:

ContainerRegistryVulnerability

Sub-assessment resource type

cve

CVE[]

List of CVEs

cvss

<string,  CVSS>

Dictionary from cvss version to cvss details object

imageDigest

string

Digest of the vulnerable image

patchable

boolean

Indicates whether a patch is available or not

publishedTime

string

Published time

repositoryName

string

Name of the repository which the vulnerable image belongs to

type

string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability

vendorReferences

VendorReference[]

Vendor reference

CVE

CVE details

Name Type Description
link

string

Link url

title

string

CVE title

CVSS

CVSS details

Name Type Description
base

number

CVSS base

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

Name Type Description
machineName

string

The name of the machine

source string:

OnPremise

The platform where the assessed resource resides

sourceComputerId

string

The oms agent Id installed on the machine

vmuuid

string

The unique Id of the machine

workspaceId

string

Azure resource Id of the workspace the machine is attached to

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

Name Type Description
databaseName

string

The Sql database name installed on the machine

machineName

string

The name of the machine

serverName

string

The Sql server name installed on the machine

source string:

OnPremiseSql

The platform where the assessed resource resides

sourceComputerId

string

The oms agent Id installed on the machine

vmuuid

string

The unique Id of the machine

workspaceId

string

Azure resource Id of the workspace the machine is attached to

SecuritySubAssessment

Security sub-assessment on a resource

Name Type Description
id

string

Resource Id

name

string

Resource name

properties.additionalData AdditionalData:

Details of the sub-assessment

properties.category

string

Category of the sub-assessment

properties.description

string

Human readable description of the assessment status

properties.displayName

string

User friendly display name of the sub-assessment

properties.id

string

Vulnerability ID

properties.impact

string

Description of the impact of this sub-assessment

properties.remediation

string

Information on how to remediate this sub-assessment

properties.resourceDetails ResourceDetails:

Details of the resource that was assessed

properties.status

SubAssessmentStatus

Status of the sub-assessment

properties.timeGenerated

string

The date and time the sub-assessment was generated

type

string

Resource type

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

Name Type Description
assessedResourceType string:

ServerVulnerabilityAssessment

Sub-assessment resource type

cve

CVE[]

List of CVEs

cvss

<string,  CVSS>

Dictionary from cvss version to cvss details object

patchable

boolean

Indicates whether a patch is available or not

publishedTime

string

Published time

threat

string

Threat name

type

string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered

vendorReferences

VendorReference[]

Vendor reference

severity

The sub-assessment severity level

Name Type Description
High

string

Low

string

Medium

string

SqlServerVulnerabilityProperties

Details of the resource that was assessed

Name Type Description
assessedResourceType string:

SqlServerVulnerability

Sub-assessment resource type

query

string

The T-SQL query that runs on your SQL database to perform the particular check

type

string

The resource type the sub assessment refers to in its resource details

SubAssessmentStatus

Status of the sub-assessment

Name Type Description
cause

string

Programmatic code for the cause of the assessment status

code

SubAssessmentStatusCode

Programmatic code for the status of the assessment

description

string

Human readable description of the assessment status

severity

severity

The sub-assessment severity level

SubAssessmentStatusCode

Programmatic code for the status of the assessment

Name Type Description
Healthy

string

The resource is healthy

NotApplicable

string

Assessment for this resource did not happen

Unhealthy

string

The resource has a security issue that needs to be addressed

VendorReference

Vendor reference

Name Type Description
link

string

Link url

title

string

Link title