Security Center
API spec for Microsoft
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
"title": "Security Center",
"version": "2019-01-01-preview",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json",
"version": "2.0"
}
],
"x-providerName": "azure.com",
"x-serviceName": "security-subAssessments",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"AssessmentName": {
"description": "The Assessment Key - Unique key for the assessment type",
"in": "path",
"name": "assessmentName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"SubAssessmentName": {
"description": "The Sub-Assessment Key - Unique key for the sub-assessment type",
"in": "path",
"name": "subAssessmentName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
}
},
"paths": {
"/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments": {
"get": {
"description": "Get security sub-assessments on all your scanned resources inside a scope",
"operationId": "SubAssessments_List",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).",
"in": "path",
"name": "scope",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/AssessmentName"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecuritySubAssessmentList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"SubAssessments"
],
"x-ms-examples": {
"List security sub-assessments": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b",
"scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
"properties": {
"additionalData": {
"assessedResourceType": "ContainerRegistryVulnerability",
"cve": [
{
"link": "http://contoso.com",
"title": "CVE-2019-12345"
}
],
"cvss": {
"2.0": {
"base": 10
},
"3.0": {
"base": 10
}
},
"imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
"patchable": true,
"publishedTime": "2018-01-01T00:00:00.0000000Z",
"repositoryName": "myRepo",
"type": "Vulnerability",
"vendorReferences": [
{
"link": "http://contoso.com",
"title": "Reference_1"
}
]
},
"category": "Backdoors and trojan horses",
"description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.",
"displayName": "'Back Orifice' Backdoor",
"id": "1001",
"impact": "3",
"remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
"resourceDetails": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"source": "Azure"
},
"status": {
"cause": "",
"code": "Unhealthy",
"description": "The resource is unhealthy",
"severity": "High"
},
"timeGenerated": "2019-06-23T12:20:08.7644808Z"
},
"type": "Microsoft.Security/assessments/subAssessments"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}": {
"get": {
"description": "Get a security sub-assessment on your scanned resource",
"operationId": "SubAssessments_Get",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).",
"in": "path",
"name": "scope",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/AssessmentName"
},
{
"$ref": "#/parameters/SubAssessmentName"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecuritySubAssessment"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"SubAssessments"
],
"x-ms-examples": {
"Get security recommendation task from security data location": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b",
"scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry",
"subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
"properties": {
"additionalData": {
"assessedResourceType": "ContainerRegistryVulnerability",
"cve": [
{
"link": "http://contoso.com",
"title": "CVE-2019-12345"
}
],
"cvss": {
"2.0": {
"base": 10
},
"3.0": {
"base": 10
}
},
"imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
"patchable": true,
"publishedTime": "2018-01-01T00:00:00.0000000Z",
"repositoryName": "myRepo",
"type": "Vulnerability",
"vendorReferences": [
{
"link": "http://contoso.com",
"title": "Reference_1"
}
]
},
"category": "Backdoors and trojan horses",
"description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.",
"displayName": "'Back Orifice' Backdoor",
"id": "1001",
"impact": "3",
"remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
"resourceDetails": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"source": "Azure"
},
"status": {
"cause": "",
"code": "Unhealthy",
"description": "The resource is unhealthy",
"severity": "High"
},
"timeGenerated": "2019-06-23T12:20:08.7644808Z"
},
"type": "Microsoft.Security/assessments/subAssessments"
}
}
}
}
}
}
},
"/{scope}/providers/Microsoft.Security/subAssessments": {
"get": {
"description": "Get security sub-assessments on all your scanned resources inside a subscription scope",
"operationId": "SubAssessments_ListAll",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).",
"in": "path",
"name": "scope",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecuritySubAssessmentList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"SubAssessments"
],
"x-ms-examples": {
"List security sub-assessments": {
"parameters": {
"api-version": "2019-01-01-preview",
"scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"name": "8c98f353-8b41-4e77-979b-6adeecd5d168",
"properties": {
"additionalData": {
"assessedResourceType": "ContainerRegistryVulnerability",
"cve": [
{
"link": "http://contoso.com",
"title": "CVE-2019-12345"
}
],
"cvss": {
"2.0": {
"base": 10
},
"3.0": {
"base": 10
}
},
"imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0",
"patchable": true,
"publishedTime": "2018-01-01T00:00:00.0000000Z",
"repositoryName": "myRepo",
"type": "Vulnerability",
"vendorReferences": [
{
"link": "http://contoso.com",
"title": "Reference_1"
}
]
},
"category": "Backdoors and trojan horses",
"description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.",
"displayName": "'Back Orifice' Backdoor",
"id": "1001",
"impact": "3",
"remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.",
"resourceDetails": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168",
"source": "Azure"
},
"status": {
"cause": "",
"code": "Unhealthy",
"description": "The resource is unhealthy",
"severity": "High"
},
"timeGenerated": "2019-06-23T12:20:08.7644808Z"
},
"type": "Microsoft.Security/assessments/subAssessments"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
}
},
"definitions": {
"AdditionalData": {
"description": "Details of the sub-assessment",
"discriminator": "assessedResourceType",
"properties": {
"assessedResourceType": {
"description": "Sub-assessment resource type",
"enum": [
"SqlServerVulnerability",
"ContainerRegistryVulnerability",
"ServerVulnerability"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AssessedResourceType",
"values": [
{
"value": "SqlServerVulnerability"
},
{
"value": "ContainerRegistryVulnerability"
},
{
"value": "ServerVulnerability"
}
]
}
}
},
"required": [
"assessedResourceType"
],
"type": "object"
},
"CVE": {
"description": "CVE details",
"properties": {
"link": {
"description": "Link url",
"readOnly": true,
"type": "string"
},
"title": {
"description": "CVE title",
"readOnly": true,
"type": "string"
}
},
"type": "object"
},
"CVSS": {
"description": "CVSS details",
"properties": {
"base": {
"description": "CVSS base",
"readOnly": true,
"type": "number"
}
},
"type": "object"
},
"ContainerRegistryVulnerabilityProperties": {
"allOf": [
{
"$ref": "#/definitions/AdditionalData"
}
],
"description": "Additional context fields for container registry Vulnerability assessment",
"properties": {
"cve": {
"description": "List of CVEs",
"items": {
"$ref": "#/definitions/CVE"
},
"readOnly": true,
"type": "array"
},
"cvss": {
"additionalProperties": {
"$ref": "#/definitions/CVSS"
},
"description": "Dictionary from cvss version to cvss details object",
"readOnly": true,
"type": "object"
},
"imageDigest": {
"description": "Digest of the vulnerable image",
"readOnly": true,
"type": "string"
},
"patchable": {
"description": "Indicates whether a patch is available or not",
"readOnly": true,
"type": "boolean"
},
"publishedTime": {
"description": "Published time",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"repositoryName": {
"description": "Name of the repository which the vulnerable image belongs to",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability",
"readOnly": true,
"type": "string"
},
"vendorReferences": {
"items": {
"$ref": "#/definitions/VendorReference"
},
"readOnly": true,
"type": "array"
}
},
"type": "object",
"x-ms-discriminator-value": "ContainerRegistryVulnerability"
},
"SecuritySubAssessment": {
"allOf": [
{
"description": "Describes an Azure resource.",
"properties": {
"id": {
"description": "Resource Id",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-azure-resource": true
}
],
"description": "Security sub-assessment on a resource",
"properties": {
"properties": {
"$ref": "#/definitions/SecuritySubAssessmentProperties",
"x-ms-client-flatten": true
}
},
"type": "object"
},
"SecuritySubAssessmentList": {
"description": "List of security sub-assessments",
"properties": {
"nextLink": {
"description": "The URI to fetch the next page.",
"readOnly": true,
"type": "string"
},
"value": {
"items": {
"$ref": "#/definitions/SecuritySubAssessment"
},
"readOnly": true,
"type": "array"
}
},
"type": "object"
},
"SecuritySubAssessmentProperties": {
"description": "Describes properties of an sub-assessment.",
"properties": {
"additionalData": {
"$ref": "#/definitions/AdditionalData"
},
"category": {
"description": "Category of the sub-assessment",
"readOnly": true,
"type": "string"
},
"description": {
"description": "Human readable description of the assessment status",
"readOnly": true,
"type": "string"
},
"displayName": {
"description": "User friendly display name of the sub-assessment",
"readOnly": true,
"type": "string"
},
"id": {
"description": "Vulnerability ID",
"readOnly": true,
"type": "string"
},
"impact": {
"description": "Description of the impact of this sub-assessment",
"readOnly": true,
"type": "string"
},
"remediation": {
"description": "Information on how to remediate this sub-assessment",
"readOnly": true,
"type": "string"
},
"resourceDetails": {
"description": "Details of the resource that was assessed",
"discriminator": "source",
"properties": {
"source": {
"description": "The platform where the assessed resource resides",
"enum": [
"Azure",
"OnPremise"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "source",
"values": [
{
"description": "Resource is in Azure",
"value": "Azure"
},
{
"description": "Resource in an on premise machine connected to Azure cloud",
"value": "OnPremise"
}
]
}
}
},
"required": [
"source"
],
"type": "object"
},
"status": {
"$ref": "#/definitions/SubAssessmentStatus"
},
"timeGenerated": {
"description": "The date and time the sub-assessment was generated",
"format": "date-time",
"readOnly": true,
"type": "string"
}
},
"type": "object"
},
"ServerVulnerabilityProperties": {
"allOf": [
{
"$ref": "#/definitions/AdditionalData"
}
],
"description": "Additional context fields for server vulnerability assessment",
"properties": {
"cve": {
"description": "List of CVEs",
"items": {
"$ref": "#/definitions/CVE"
},
"readOnly": true,
"type": "array"
},
"cvss": {
"additionalProperties": {
"$ref": "#/definitions/CVSS"
},
"description": "Dictionary from cvss version to cvss details object",
"readOnly": true,
"type": "object"
},
"patchable": {
"description": "Indicates whether a patch is available or not",
"readOnly": true,
"type": "boolean"
},
"publishedTime": {
"description": "Published time",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"threat": {
"description": "Threat name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered",
"readOnly": true,
"type": "string"
},
"vendorReferences": {
"items": {
"$ref": "#/definitions/VendorReference"
},
"readOnly": true,
"type": "array"
}
},
"type": "object",
"x-ms-discriminator-value": "ServerVulnerabilityAssessment"
},
"SqlServerVulnerabilityProperties": {
"allOf": [
{
"$ref": "#/definitions/AdditionalData"
}
],
"description": "Details of the resource that was assessed",
"properties": {
"query": {
"description": "The T-SQL query that runs on your SQL database to perform the particular check",
"readOnly": true,
"type": "string"
},
"type": {
"description": "The resource type the sub assessment refers to in its resource details",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-discriminator-value": "SqlServerVulnerability"
},
"SubAssessmentStatus": {
"description": "Status of the sub-assessment",
"properties": {
"cause": {
"description": "Programmatic code for the cause of the assessment status",
"readOnly": true,
"type": "string"
},
"code": {
"description": "Programmatic code for the status of the assessment",
"enum": [
"Healthy",
"Unhealthy",
"NotApplicable"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "SubAssessmentStatusCode",
"values": [
{
"description": "The resource is healthy",
"value": "Healthy"
},
{
"description": "The resource has a security issue that needs to be addressed",
"value": "Unhealthy"
},
{
"description": "Assessment for this resource did not happen",
"value": "NotApplicable"
}
]
}
},
"description": {
"description": "Human readable description of the assessment status",
"readOnly": true,
"type": "string"
},
"severity": {
"description": "The sub-assessment severity level",
"enum": [
"Low",
"Medium",
"High"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "severity",
"values": [
{
"value": "Low"
},
{
"value": "Medium"
},
{
"value": "High"
}
]
}
}
},
"type": "object"
},
"VendorReference": {
"description": "Vendor reference",
"properties": {
"link": {
"description": "Link url",
"readOnly": true,
"type": "string"
},
"title": {
"description": "Link title",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
}