Sub Assessments - List All

Get security sub-assessments on all your scanned resources inside a subscription scope

GET https://management.azure.com/{scope}/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

URI Parameters

Name In Required Type Description
scope
path True

string

Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).

api-version
query True

string

API version for the operation

Responses

Name Type Description
200 OK

SecuritySubAssessmentList

OK

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List security sub-assessments

Sample request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/subAssessments?api-version=2019-01-01-preview

Sample response

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
      "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "displayName": "'Back Orifice' Backdoor",
        "id": "1001",
        "status": {
          "code": "Unhealthy",
          "cause": "",
          "severity": "High",
          "description": "The resource is unhealthy"
        },
        "resourceDetails": {
          "source": "Azure",
          "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
        },
        "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
        "impact": "3",
        "category": "Backdoors and trojan horses",
        "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "additionalData": {
          "assessedResourceType": "ContainerRegistryVulnerability",
          "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
          "repositoryName": "myRepo",
          "type": "Vulnerability",
          "cvss": {
            "2.0": {
              "base": 10
            },
            "3.0": {
              "base": 10
            }
          },
          "patchable": true,
          "cve": [
            {
              "title": "CVE-2019-12345",
              "link": "http://contoso.com"
            }
          ],
          "publishedTime": "2018-01-01T00:00:00.0000000Z",
          "vendorReferences": [
            {
              "title": "Reference_1",
              "link": "http://contoso.com"
            }
          ]
        }
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

Definitions

Name Description
AzureResourceDetails

Details of the Azure resource that was assessed

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

CVE

CVE details

CVSS

CVSS details

ErrorAdditionalInfo

The resource management error additional info.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

SecuritySubAssessment

Security sub-assessment on a resource

SecuritySubAssessmentList

List of security sub-assessments

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

severity

The sub-assessment severity level

SqlServerVulnerabilityProperties

Details of the resource that was assessed

SubAssessmentStatus

Status of the sub-assessment

SubAssessmentStatusCode

Programmatic code for the status of the assessment

VendorReference

Vendor reference

AzureResourceDetails

Details of the Azure resource that was assessed

Name Type Description
id

string

Azure resource Id of the assessed resource

source string:

Azure

The platform where the assessed resource resides

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

ErrorAdditionalInfo[]

The error additional info.

error.code

string

The error code.

error.details

CloudErrorBody[]

The error details.

error.message

string

The error message.

error.target

string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

CloudErrorBody[]

The error details.

message

string

The error message.

target

string

The error target.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

Name Type Description
assessedResourceType string:

ContainerRegistryVulnerability

Sub-assessment resource type

cve

CVE[]

List of CVEs

cvss

<string,  CVSS>

Dictionary from cvss version to cvss details object

imageDigest

string

Digest of the vulnerable image

patchable

boolean

Indicates whether a patch is available or not

publishedTime

string

Published time

repositoryName

string

Name of the repository which the vulnerable image belongs to

type

string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability

vendorReferences

VendorReference[]

Vendor reference

CVE

CVE details

Name Type Description
link

string

Link url

title

string

CVE title

CVSS

CVSS details

Name Type Description
base

number

CVSS base

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

Name Type Description
machineName

string

The name of the machine

source string:

OnPremise

The platform where the assessed resource resides

sourceComputerId

string

The oms agent Id installed on the machine

vmuuid

string

The unique Id of the machine

workspaceId

string

Azure resource Id of the workspace the machine is attached to

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

Name Type Description
databaseName

string

The Sql database name installed on the machine

machineName

string

The name of the machine

serverName

string

The Sql server name installed on the machine

source string:

OnPremiseSql

The platform where the assessed resource resides

sourceComputerId

string

The oms agent Id installed on the machine

vmuuid

string

The unique Id of the machine

workspaceId

string

Azure resource Id of the workspace the machine is attached to

SecuritySubAssessment

Security sub-assessment on a resource

Name Type Description
id

string

Resource Id

name

string

Resource name

properties.additionalData AdditionalData:

Details of the sub-assessment

properties.category

string

Category of the sub-assessment

properties.description

string

Human readable description of the assessment status

properties.displayName

string

User friendly display name of the sub-assessment

properties.id

string

Vulnerability ID

properties.impact

string

Description of the impact of this sub-assessment

properties.remediation

string

Information on how to remediate this sub-assessment

properties.resourceDetails ResourceDetails:

Details of the resource that was assessed

properties.status

SubAssessmentStatus

Status of the sub-assessment

properties.timeGenerated

string

The date and time the sub-assessment was generated

type

string

Resource type

SecuritySubAssessmentList

List of security sub-assessments

Name Type Description
nextLink

string

The URI to fetch the next page.

value

SecuritySubAssessment[]

Security sub-assessment on a resource

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

Name Type Description
assessedResourceType string:

ServerVulnerabilityAssessment

Sub-assessment resource type

cve

CVE[]

List of CVEs

cvss

<string,  CVSS>

Dictionary from cvss version to cvss details object

patchable

boolean

Indicates whether a patch is available or not

publishedTime

string

Published time

threat

string

Threat name

type

string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered

vendorReferences

VendorReference[]

Vendor reference

severity

The sub-assessment severity level

Name Type Description
High

string

Low

string

Medium

string

SqlServerVulnerabilityProperties

Details of the resource that was assessed

Name Type Description
assessedResourceType string:

SqlServerVulnerability

Sub-assessment resource type

query

string

The T-SQL query that runs on your SQL database to perform the particular check

type

string

The resource type the sub assessment refers to in its resource details

SubAssessmentStatus

Status of the sub-assessment

Name Type Description
cause

string

Programmatic code for the cause of the assessment status

code

SubAssessmentStatusCode

Programmatic code for the status of the assessment

description

string

Human readable description of the assessment status

severity

severity

The sub-assessment severity level

SubAssessmentStatusCode

Programmatic code for the status of the assessment

Name Type Description
Healthy

string

The resource is healthy

NotApplicable

string

Assessment for this resource did not happen

Unhealthy

string

The resource has a security issue that needs to be addressed

VendorReference

Vendor reference

Name Type Description
link

string

Link url

title

string

Link title