Azure · allenjzhang · Feb 21, 2021 · Feb 10, 2021 · Feb 10, 2021 · Feb 10, 2021
diff --git a/...Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/...Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json
@@ -1,59 +1,56 @@
 {
   "parameters": {
     "api-version": "2019-01-01-preview",
-    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry",
-    "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b",
-    "subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168"
+    "scope": "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2",
+    "assessmentName": "1195afff-c881-495e-9bc5-1486211ae03f",
+    "subAssessmentName": "95f7da9c-a2a4-1322-0758-fcd24ef09b85"
   },
   "responses": {
     "200": {
       "body": {
-        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
-        "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
         "type": "Microsoft.Security/assessments/subAssessments",
+        "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85",
+        "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85",
         "properties": {
-          "displayName": "'Back Orifice' Backdoor",
-          "id": "1001",
+          "id": "370361",
+          "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
           "status": {
             "code": "Unhealthy",
-            "cause": "",
-            "severity": "High",
-            "description": "The resource is unhealthy"
+            "severity": "Medium"
           },
+          "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.",
+          "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.",
+          "category": "Local",
+          "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability",
+          "timeGenerated": "2021-02-02T12:36:50.779Z",
           "resourceDetails": {
             "source": "Azure",
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+            "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2"
           },
-          "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
-          "impact": "3",
-          "category": "Backdoors and trojan horses",
-          "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
-          "timeGenerated": "2019-06-23T12:20:08.7644808Z",
           "additionalData": {
-            "assessedResourceType": "ContainerRegistryVulnerability",
-            "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
-            "repositoryName": "myRepo",
-            "type": "Vulnerability",
+            "assessedResourceType": "ServerVulnerability",
+            "type": "VirtualMachine",
             "cvss": {
               "2.0": {
-                "base": 10
+                "base": 7.5
               },
               "3.0": {
-                "base": 10
+                "base": 9.8
               }
             },
             "patchable": true,
             "cve": [
               {
-                "title": "CVE-2019-12345",
-                "link": "http://contoso.com"
+                "title": "CVE-2017-6542",
+                "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542"
               }
             ],
-            "publishedTime": "2018-01-01T00:00:00.0000000Z",
+            "publishedTime": "2017-04-06T10:58:25",
+            "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols",
             "vendorReferences": [
               {
-                "title": "Reference_1",
-                "link": "http://contoso.com"
+                "title": "CVE-2017-6542",
+                "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html"
               }
             ]
           }

diff --git a/...curity/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/...curity/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json
@@ -2,61 +2,38 @@
   "parameters": {
     "api-version": "2019-01-01-preview",
     "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
-    "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b"
+    "assessmentName": "82e20e14-edc5-4373-bfc4-f13121257c37"
   },
   "responses": {
     "200": {
       "body": {
         "value": [
           {
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
-            "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
             "type": "Microsoft.Security/assessments/subAssessments",
             "properties": {
-              "displayName": "'Back Orifice' Backdoor",
-              "id": "1001",
+              "id": "VA2064",
+              "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
               "status": {
-                "code": "Unhealthy",
-                "cause": "",
+                "code": "Healthy",
                 "severity": "High",
-                "description": "The resource is unhealthy"
+                "cause": "Unknown"
               },
+              "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
+              "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
+              "category": "SurfaceAreaReduction",
+              "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
+              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
               "resourceDetails": {
                 "source": "Azure",
-                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+                "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
               },
-              "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
-              "impact": "3",
-              "category": "Backdoors and trojan horses",
-              "description": "The backdoor 'Back Orifice' was detected on this system.  The presence of this backdoor indicates that your system has already been compromised.  Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data.  They can steal the data or even wipe out the host.",
-              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
               "additionalData": {
-                "assessedResourceType": "ContainerRegistryVulnerability",
-                "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
-                "repositoryName": "myRepo",
-                "type": "Vulnerability",
-                "cvss": {
-                  "2.0": {
-                    "base": 10
-                  },
-                  "3.0": {
-                    "base": 10
-                  }
-                },
-                "patchable": true,
-                "cve": [
-                  {
-                    "title": "CVE-2019-12345",
-                    "link": "http://contoso.com"
-                  }
-                ],
-                "publishedTime": "2018-01-01T00:00:00.0000000Z",
-                "vendorReferences": [
-                  {
-                    "title": "Reference_1",
-                    "link": "http://contoso.com"
-                  }
-                ]
+                "assessedResourceType": "SqlServerVulnerability",
+                "type": "AzureDatabase",
+                "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
+                "benchmarks": []
               }
             }
           }

diff --git a/...ew/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/...ew/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json
@@ -8,7 +8,7 @@
       "body": {
         "value": [
           {
-            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
             "name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
             "type": "Microsoft.Security/assessments/subAssessments",
             "properties": {
@@ -22,7 +22,7 @@
               },
               "resourceDetails": {
                 "source": "Azure",
-                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168"
+                "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f"
               },
               "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
               "impact": "3",
@@ -58,6 +58,35 @@
                 ]
               }
             }
+          },
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf",
+            "type": "Microsoft.Security/assessments/subAssessments",
+            "properties": {
+              "id": "VA2064",
+              "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum",
+              "status": {
+                "code": "Healthy",
+                "severity": "High",
+                "cause": "Unknown"
+              },
+              "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.",
+              "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.",
+              "category": "SurfaceAreaReduction",
+              "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master",
+              "timeGenerated": "2019-06-23T12:20:08.7644808Z",
+              "resourceDetails": {
+                "source": "Azure",
+                "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1"
+              },
+              "additionalData": {
+                "assessedResourceType": "SqlServerVulnerability",
+                "type": "AzureDatabase",
+                "query": "SELECT name\n    ,start_ip_address\n    ,end_ip_address\nFROM sys.database_firewall_rules",
+                "benchmarks": []
+              }
+            }
           }
         ]
       }