Sub Assessments - List

Get security sub-assessments on all your scanned resources inside a scope

GET https://management.azure.com/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments?api-version=2019-01-01-preview

URI Parameters

Name In Required Type Description
assessmentName
path True
  • string

The Assessment Key - Unique key for the assessment type

scope
path True
  • string

Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).

api-version
query True
  • string

API version for the operation

Responses

Name Type Description
200 OK

OK

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List security sub-assessments

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subAssessments?api-version=2019-01-01-preview

Sample Response

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
      "type": "Microsoft.Security/assessments/subAssessments",
      "properties": {
        "id": "VA2064",
        "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
        "status": {
          "code": "Healthy",
          "severity": "High",
          "cause": "Unknown"
        },
        "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
        "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
        "category": "SurfaceAreaReduction",
        "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
        "timeGenerated": "2019-06-23T12:20:08.7644808Z",
        "resourceDetails": {
          "source": "Azure",
          "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
        },
        "additionalData": {
          "assessedResourceType": "SqlServerVulnerability",
          "type": "AzureDatabase",
          "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
          "benchmarks": []
        }
      }
    }
  ]
}

Definitions

AzureResourceDetails

Details of the Azure resource that was assessed

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

CVE

CVE details

CVSS

CVSS details

ErrorAdditionalInfo

The resource management error additional info.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

SecuritySubAssessment

Security sub-assessment on a resource

SecuritySubAssessmentList

List of security sub-assessments

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

severity

The sub-assessment severity level

SqlServerVulnerabilityProperties

Details of the resource that was assessed

SubAssessmentStatus

Status of the sub-assessment

SubAssessmentStatusCode

Programmatic code for the status of the assessment

VendorReference

Vendor reference

AzureResourceDetails

Details of the Azure resource that was assessed

Name Type Description
id
  • string

Azure resource Id of the assessed resource

source string:
  • Azure

The platform where the assessed resource resides

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

The error additional info.

error.code
  • string

The error code.

error.details

The error details.

error.message
  • string

The error message.

error.target
  • string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

The error additional info.

code
  • string

The error code.

details

The error details.

message
  • string

The error message.

target
  • string

The error target.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment

Name Type Description
assessedResourceType string:
  • ContainerRegistryVulnerability

Sub-assessment resource type

cve

List of CVEs

cvss

Dictionary from cvss version to cvss details object

imageDigest
  • string

Digest of the vulnerable image

patchable
  • boolean

Indicates whether a patch is available or not

publishedTime
  • string

Published time

repositoryName
  • string

Name of the repository which the vulnerable image belongs to

type
  • string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability

vendorReferences

Vendor reference

CVE

CVE details

Name Type Description
link
  • string

Link url

title
  • string

CVE title

CVSS

CVSS details

Name Type Description
base
  • number

CVSS base

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info
  • object

The additional info.

type
  • string

The additional info type.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed

Name Type Description
machineName
  • string

The name of the machine

source string:
  • OnPremise

The platform where the assessed resource resides

sourceComputerId
  • string

The oms agent Id installed on the machine

vmuuid
  • string

The unique Id of the machine

workspaceId
  • string

Azure resource Id of the workspace the machine is attached to

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed

Name Type Description
databaseName
  • string

The Sql database name installed on the machine

machineName
  • string

The name of the machine

serverName
  • string

The Sql server name installed on the machine

source string:
  • OnPremiseSql

The platform where the assessed resource resides

sourceComputerId
  • string

The oms agent Id installed on the machine

vmuuid
  • string

The unique Id of the machine

workspaceId
  • string

Azure resource Id of the workspace the machine is attached to

SecuritySubAssessment

Security sub-assessment on a resource

Name Type Description
id
  • string

Resource Id

name
  • string

Resource name

properties.additionalData AdditionalData:

Details of the sub-assessment

properties.category
  • string

Category of the sub-assessment

properties.description
  • string

Human readable description of the assessment status

properties.displayName
  • string

User friendly display name of the sub-assessment

properties.id
  • string

Vulnerability ID

properties.impact
  • string

Description of the impact of this sub-assessment

properties.remediation
  • string

Information on how to remediate this sub-assessment

properties.resourceDetails ResourceDetails:

Details of the resource that was assessed

properties.status

Status of the sub-assessment

properties.timeGenerated
  • string

The date and time the sub-assessment was generated

type
  • string

Resource type

SecuritySubAssessmentList

List of security sub-assessments

Name Type Description
nextLink
  • string

The URI to fetch the next page.

value

Security sub-assessment on a resource

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment

Name Type Description
assessedResourceType string:
  • ServerVulnerabilityAssessment

Sub-assessment resource type

cve

List of CVEs

cvss

Dictionary from cvss version to cvss details object

patchable
  • boolean

Indicates whether a patch is available or not

publishedTime
  • string

Published time

threat
  • string

Threat name

type
  • string

Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered

vendorReferences

Vendor reference

severity

The sub-assessment severity level

Name Type Description
High
  • string
Low
  • string
Medium
  • string

SqlServerVulnerabilityProperties

Details of the resource that was assessed

Name Type Description
assessedResourceType string:
  • SqlServerVulnerability

Sub-assessment resource type

query
  • string

The T-SQL query that runs on your SQL database to perform the particular check

type
  • string

The resource type the sub assessment refers to in its resource details

SubAssessmentStatus

Status of the sub-assessment

Name Type Description
cause
  • string

Programmatic code for the cause of the assessment status

code

Programmatic code for the status of the assessment

description
  • string

Human readable description of the assessment status

severity

The sub-assessment severity level

SubAssessmentStatusCode

Programmatic code for the status of the assessment

Name Type Description
Healthy
  • string

The resource is healthy

NotApplicable
  • string

Assessment for this resource did not happen

Unhealthy
  • string

The resource has a security issue that needs to be addressed

VendorReference

Vendor reference

Name Type Description
link
  • string

Link url

title
  • string

Link title