Updating Microsoft.Security sub assessments API examples (Azure#12937)

* Updated sub assessments API examples * minor addition * minor validaiton * Prettier
AzureSDKAutomation · Feb 21, 2021 · c2ce9ba · c2ce9ba
1 parent c6322bc
commit c2ce9ba
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 69 deletions.
diff --git a/...Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/...Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
@@ -1,59 +1,56 @@
 {
   "parameters": {
     "api-version": "2019-01-01-preview",
-    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry",
-    "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b",
-    "subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168"
+    "scope": "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2",
+    "assessmentName": "1195afff-c881-495e-9bc5-1486211ae03f",
+    "subAssessmentName": "95f7da9c-a2a4-1322-0758-fcd24ef09b85"
   },
   "responses": {
     "200": {
       "body": {
-        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
-        "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
         "type": "Microsoft.Security/assessments/subAssessments",
+        "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85",
+        "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
         "properties": {
-          "displayName": "'Back Orifice' Backdoor",
-          "id": "1001",
+          "id": "370361",
+          "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
           "status": {
             "code": "Unhealthy",
-            "cause": "",
-            "severity": "High",
-            "description": "The resource is unhealthy"
+            "severity": "Medium"
           },
+          "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.",
+          "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.",
+          "category": "Local",
+          "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
+          "timeGenerated": "2021-02-02T12:36:50.779Z",
           "resourceDetails": {
             "source": "Azure",
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+            "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"
           },
-          "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
-          "impact": "3",
-          "category": "Backdoors and trojan horses",
-          "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
-          "timeGenerated": "2019-06-23T12:20:08.7644808Z",
           "additionalData": {
-            "assessedResourceType": "ContainerRegistryVulnerability",
-            "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
-            "repositoryName": "myRepo",
-            "type": "Vulnerability",
+            "assessedResourceType": "ServerVulnerability",
+            "type": "VirtualMachine",
             "cvss": {
               "2.0": {
-                "base": 10
+                "base": 7.5
               },
               "3.0": {
-                "base": 10
+                "base": 9.8
               }
             },
             "patchable": true,
             "cve": [
               {
-                "title": "CVE-2019-12345",
-                "link": "http://contoso.com"
+                "title": "CVE-2017-6542",
+                "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542"
               }
             ],
-            "publishedTime": "2018-01-01T00:00:00.0000000Z",
+            "publishedTime": "2017-04-06T10:58:25",
+            "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols",
             "vendorReferences": [
               {
-                "title": "Reference_1",
-                "link": "http://contoso.com"
+                "title": "CVE-2017-6542",
+                "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html"
               }
             ]
           }

diff --git a/...curity/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/...curity/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
@@ -2,61 +2,38 @@
   "parameters": {
     "api-version": "2019-01-01-preview",
     "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
-    "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b"
+    "assessmentName": "82e20e14-edc5-4373-bfc4-f13121257c37"
   },
   "responses": {
     "200": {
       "body": {
         "value": [
           {
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
-            "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
             "type": "Microsoft.Security/assessments/subAssessments",
             "properties": {
-              "displayName": "'Back Orifice' Backdoor",
-              "id": "1001",
+              "id": "VA2064",
+              "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
               "status": {
-                "code": "Unhealthy",
-                "cause": "",
+                "code": "Healthy",
                 "severity": "High",
-                "description": "The resource is unhealthy"
+                "cause": "Unknown"
               },
+              "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
+              "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
+              "category": "SurfaceAreaReduction",
+              "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
+              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
               "resourceDetails": {
                 "source": "Azure",
-                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+                "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
               },
-              "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
-              "impact": "3",
-              "category": "Backdoors and trojan horses",
-              "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
-              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
               "additionalData": {
-                "assessedResourceType": "ContainerRegistryVulnerability",
-                "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
-                "repositoryName": "myRepo",
-                "type": "Vulnerability",
-                "cvss": {
-                  "2.0": {
-                    "base": 10
-                  },
-                  "3.0": {
-                    "base": 10
-                  }
-                },
-                "patchable": true,
-                "cve": [
-                  {
-                    "title": "CVE-2019-12345",
-                    "link": "http://contoso.com"
-                  }
-                ],
-                "publishedTime": "2018-01-01T00:00:00.0000000Z",
-                "vendorReferences": [
-                  {
-                    "title": "Reference_1",
-                    "link": "http://contoso.com"
-                  }
-                ]
+                "assessedResourceType": "SqlServerVulnerability",
+                "type": "AzureDatabase",
+                "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
+                "benchmarks": []
               }
             }
           }

diff --git a/...ew/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/...ew/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
@@ -8,7 +8,7 @@
       "body": {
         "value": [
           {
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
             "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
             "type": "Microsoft.Security/assessments/subAssessments",
             "properties": {
@@ -22,7 +22,7 @@
               },
               "resourceDetails": {
                 "source": "Azure",
-                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+                "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
               },
               "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
               "impact": "3",
@@ -58,6 +58,35 @@
                 ]
               }
             }
+          },
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "type": "Microsoft.Security/assessments/subAssessments",
+            "properties": {
+              "id": "VA2064",
+              "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
+              "status": {
+                "code": "Healthy",
+                "severity": "High",
+                "cause": "Unknown"
+              },
+              "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
+              "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
+              "category": "SurfaceAreaReduction",
+              "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
+              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
+              "resourceDetails": {
+                "source": "Azure",
+                "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
+              },
+              "additionalData": {
+                "assessedResourceType": "SqlServerVulnerability",
+                "type": "AzureDatabase",
+                "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
+                "benchmarks": []
+              }
+            }
           }
         ]
       }