diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json index 8226dc2c81a5..a29585ef10b1 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json @@ -1,59 +1,56 @@ { "parameters": { "api-version": "2019-01-01-preview", - "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry", - "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b", - "subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168" + "scope": "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", + "assessmentName": "1195afff-c881-495e-9bc5-1486211ae03f", + "subAssessmentName": "95f7da9c-a2a4-1322-0758-fcd24ef09b85" }, "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", - "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", "type": "Microsoft.Security/assessments/subAssessments", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85", + "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85", "properties": { - "displayName": "'Back Orifice' Backdoor", - "id": "1001", + "id": "370361", + "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", "status": { "code": "Unhealthy", - "cause": "", - "severity": "High", - "description": "The resource is unhealthy" + "severity": "Medium" }, + "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.", + "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.", + "category": "Local", + "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", + "timeGenerated": "2021-02-02T12:36:50.779Z", "resourceDetails": { "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2" }, - "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", - "impact": "3", - "category": "Backdoors and trojan horses", - "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", - "timeGenerated": "2019-06-23T12:20:08.7644808Z", "additionalData": { - "assessedResourceType": "ContainerRegistryVulnerability", - "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", - "repositoryName": "myRepo", - "type": "Vulnerability", + "assessedResourceType": "ServerVulnerability", + "type": "VirtualMachine", "cvss": { "2.0": { - "base": 10 + "base": 7.5 }, "3.0": { - "base": 10 + "base": 9.8 } }, "patchable": true, "cve": [ { - "title": "CVE-2019-12345", - "link": "http://contoso.com" + "title": "CVE-2017-6542", + "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542" } ], - "publishedTime": "2018-01-01T00:00:00.0000000Z", + "publishedTime": "2017-04-06T10:58:25", + "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols", "vendorReferences": [ { - "title": "Reference_1", - "link": "http://contoso.com" + "title": "CVE-2017-6542", + "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" } ] } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json index dd4ce9327a7e..1ff92037812e 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json @@ -2,61 +2,38 @@ "parameters": { "api-version": "2019-01-01-preview", "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b" + "assessmentName": "82e20e14-edc5-4373-bfc4-f13121257c37" }, "responses": { "200": { "body": { "value": [ { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", - "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", "type": "Microsoft.Security/assessments/subAssessments", "properties": { - "displayName": "'Back Orifice' Backdoor", - "id": "1001", + "id": "VA2064", + "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum", "status": { - "code": "Unhealthy", - "cause": "", + "code": "Healthy", "severity": "High", - "description": "The resource is unhealthy" + "cause": "Unknown" }, + "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category": "SurfaceAreaReduction", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", "resourceDetails": { "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" }, - "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", - "impact": "3", - "category": "Backdoors and trojan horses", - "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", - "timeGenerated": "2019-06-23T12:20:08.7644808Z", "additionalData": { - "assessedResourceType": "ContainerRegistryVulnerability", - "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", - "repositoryName": "myRepo", - "type": "Vulnerability", - "cvss": { - "2.0": { - "base": 10 - }, - "3.0": { - "base": 10 - } - }, - "patchable": true, - "cve": [ - { - "title": "CVE-2019-12345", - "link": "http://contoso.com" - } - ], - "publishedTime": "2018-01-01T00:00:00.0000000Z", - "vendorReferences": [ - { - "title": "Reference_1", - "link": "http://contoso.com" - } - ] + "assessedResourceType": "SqlServerVulnerability", + "type": "AzureDatabase", + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks": [] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json index 5a27a952c22e..b1e362eed498 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json @@ -8,7 +8,7 @@ "body": { "value": [ { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", "type": "Microsoft.Security/assessments/subAssessments", "properties": { @@ -22,7 +22,7 @@ }, "resourceDetails": { "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f" }, "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", "impact": "3", @@ -58,6 +58,35 @@ ] } } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "type": "Microsoft.Security/assessments/subAssessments", + "properties": { + "id": "VA2064", + "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum", + "status": { + "code": "Healthy", + "severity": "High", + "cause": "Unknown" + }, + "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category": "SurfaceAreaReduction", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" + }, + "additionalData": { + "assessedResourceType": "SqlServerVulnerability", + "type": "AzureDatabase", + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks": [] + } + } } ] }