From 5e0737a107e53e1c1100326379446f964ef54698 Mon Sep 17 00:00:00 2001 From: himarkov <47382544+himarkov@users.noreply.github.com> Date: Wed, 10 Feb 2021 18:04:10 +0200 Subject: [PATCH 1/4] Updated sub assessments API examples --- .../GetSubAssessment_example.json | 101 +++++++++--------- .../ListSubAssessments_example.json | 6 +- ...istSubscriptionSubAssessments_example.json | 36 ++++++- 3 files changed, 85 insertions(+), 58 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json index 8226dc2c81a5..5f946f40543d 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json @@ -1,63 +1,60 @@ { "parameters": { "api-version": "2019-01-01-preview", - "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry", - "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b", - "subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168" + "scope": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", + "assessmentName": "1195afff-c881-495e-9bc5-1486211ae03f", + "subAssessmentName": "95f7da9c-a2a4-1322-0758-fcd24ef09b85" }, "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", - "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", - "type": "Microsoft.Security/assessments/subAssessments", - "properties": { - "displayName": "'Back Orifice' Backdoor", - "id": "1001", - "status": { - "code": "Unhealthy", - "cause": "", - "severity": "High", - "description": "The resource is unhealthy" - }, - "resourceDetails": { - "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" - }, - "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", - "impact": "3", - "category": "Backdoors and trojan horses", - "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", - "timeGenerated": "2019-06-23T12:20:08.7644808Z", - "additionalData": { - "assessedResourceType": "ContainerRegistryVulnerability", - "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", - "repositoryName": "myRepo", - "type": "Vulnerability", - "cvss": { - "2.0": { - "base": 10 - }, - "3.0": { - "base": 10 - } + "type":"Microsoft.Security/assessments/subAssessments", + "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85", + "name":"95f7da9c-a2a4-1322-0758-fcd24ef09b85", + "properties":{ + "id":"370361", + "displayName":"PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", + "status":{ + "code":"Unhealthy", + "severity":"Medium" }, - "patchable": true, - "cve": [ - { - "title": "CVE-2019-12345", - "link": "http://contoso.com" - } - ], - "publishedTime": "2018-01-01T00:00:00.0000000Z", - "vendorReferences": [ - { - "title": "Reference_1", - "link": "http://contoso.com" - } - ] - } - } + "remediation":"Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.", + "impact":"Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.", + "category":"Local", + "description":"PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", + "timeGenerated":"2021-02-02T12:36:50.779Z", + "resourceDetails":{ + "source":"Azure", + "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2" + }, + "additionalData":{ + "assessedResourceType":"ServerVulnerability", + "type":"VirtualMachine", + "cvss":{ + "2.0":{ + "base":7.5 + }, + "3.0":{ + "base":9.8 + } + }, + "patchable":true, + "cve":[ + { + "title":"CVE-2017-6542", + "link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542" + } + ], + "publishedTime":"2017-04-06T10:58:25", + "threat":"PuTTY is a client program for the SSH, Telnet and Rlogin network protocols", + "vendorReferences":[ + { + "title":"CVE-2017-6542", + "link":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" + } + ] + } + } } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json index dd4ce9327a7e..84a6d7430496 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json @@ -2,14 +2,14 @@ "parameters": { "api-version": "2019-01-01-preview", "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b" + "assessmentName": "dbd0cb49-b563-45e7-9724-889e799fa648" }, "responses": { "200": { "body": { "value": [ { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", + "id": "/subscriptions/8c98f353-8b41-4e77-979b-6adeecd5d168/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", "type": "Microsoft.Security/assessments/subAssessments", "properties": { @@ -23,7 +23,7 @@ }, "resourceDetails": { "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f" }, "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", "impact": "3", diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json index 5a27a952c22e..e306f7eb8c23 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json @@ -8,7 +8,7 @@ "body": { "value": [ { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", "type": "Microsoft.Security/assessments/subAssessments", "properties": { @@ -22,7 +22,7 @@ }, "resourceDetails": { "source": "Azure", - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f" }, "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", "impact": "3", @@ -58,7 +58,37 @@ ] } } - } + }, + { + "id":"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name":"8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "type":"Microsoft.Security/assessments/subAssessments", + "properties":{ + "id":"VA2064", + "displayName":"Database-level firewall rules should be tracked and maintained at a strict minimum", + "status":{ + "code":"Healthy", + "severity":"High", + "cause":"Unknown" + }, + "remediation":"Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact":"Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category":"SurfaceAreaReduction", + "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master + "timeGenerated":"2019-06-23T12:20:08.7644808Z", + "resourceDetails":{ + "source":"Azure", + "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" + }, + "additionalData":{ + "assessedResourceType":"SqlServerVulnerability", + "type":"AzureDatabase", + "query":"SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks":[ + ] + } + } + } ] } } From c8c63d0e72c2126209d5c77fa46c39c658cf3857 Mon Sep 17 00:00:00 2001 From: himarkov <47382544+himarkov@users.noreply.github.com> Date: Wed, 10 Feb 2021 18:05:42 +0200 Subject: [PATCH 2/4] minor addition --- .../examples/SubAssessments/GetSubAssessment_example.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json index 5f946f40543d..24e24fdb896e 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json @@ -1,7 +1,7 @@ { "parameters": { "api-version": "2019-01-01-preview", - "scope": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", + "scope": "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2", "assessmentName": "1195afff-c881-495e-9bc5-1486211ae03f", "subAssessmentName": "95f7da9c-a2a4-1322-0758-fcd24ef09b85" }, From 268373528e8d1a9cb4003dce22f6430c17f3c80f Mon Sep 17 00:00:00 2001 From: himarkov <47382544+himarkov@users.noreply.github.com> Date: Wed, 10 Feb 2021 18:08:31 +0200 Subject: [PATCH 3/4] minor validaiton --- .../ListSubAssessments_example.json | 84 +++++++------------ ...istSubscriptionSubAssessments_example.json | 2 +- 2 files changed, 32 insertions(+), 54 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json index 84a6d7430496..849b12ad8b63 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json @@ -2,64 +2,42 @@ "parameters": { "api-version": "2019-01-01-preview", "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "assessmentName": "dbd0cb49-b563-45e7-9724-889e799fa648" + "assessmentName": "82e20e14-edc5-4373-bfc4-f13121257c37" }, "responses": { "200": { "body": { "value": [ - { - "id": "/subscriptions/8c98f353-8b41-4e77-979b-6adeecd5d168/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/dbd0cb49-b563-45e7-9724-889e799fa648/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", - "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", - "type": "Microsoft.Security/assessments/subAssessments", - "properties": { - "displayName": "'Back Orifice' Backdoor", - "id": "1001", - "status": { - "code": "Unhealthy", - "cause": "", - "severity": "High", - "description": "The resource is unhealthy" - }, - "resourceDetails": { - "source": "Azure", - "id": "repositories/asc/msi-connector/images/sha256:877a6f2a212c44021281f80cb1f4c73a09dce4e99a8cb8efcc03f7ce3c877a6f" - }, - "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", - "impact": "3", - "category": "Backdoors and trojan horses", - "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", - "timeGenerated": "2019-06-23T12:20:08.7644808Z", - "additionalData": { - "assessedResourceType": "ContainerRegistryVulnerability", - "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", - "repositoryName": "myRepo", - "type": "Vulnerability", - "cvss": { - "2.0": { - "base": 10 - }, - "3.0": { - "base": 10 - } - }, - "patchable": true, - "cve": [ - { - "title": "CVE-2019-12345", - "link": "http://contoso.com" - } - ], - "publishedTime": "2018-01-01T00:00:00.0000000Z", - "vendorReferences": [ - { - "title": "Reference_1", - "link": "http://contoso.com" - } - ] - } - } - } + { + "id":"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name":"8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "type":"Microsoft.Security/assessments/subAssessments", + "properties":{ + "id":"VA2064", + "displayName":"Database-level firewall rules should be tracked and maintained at a strict minimum", + "status":{ + "code":"Healthy", + "severity":"High", + "cause":"Unknown" + }, + "remediation":"Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact":"Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category":"SurfaceAreaReduction", + "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", + "timeGenerated":"2019-06-23T12:20:08.7644808Z", + "resourceDetails":{ + "source":"Azure", + "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" + }, + "additionalData":{ + "assessedResourceType":"SqlServerVulnerability", + "type":"AzureDatabase", + "query":"SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks":[ + ] + } + } + } ] } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json index e306f7eb8c23..f0af9d025b24 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json @@ -74,7 +74,7 @@ "remediation":"Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", "impact":"Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", "category":"SurfaceAreaReduction", - "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master + "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", "timeGenerated":"2019-06-23T12:20:08.7644808Z", "resourceDetails":{ "source":"Azure", From 6a25ade3761b127283554c0ff046a50ecd7fabf9 Mon Sep 17 00:00:00 2001 From: himarkov <47382544+himarkov@users.noreply.github.com> Date: Wed, 10 Feb 2021 18:56:36 +0200 Subject: [PATCH 4/4] Prettier --- .../GetSubAssessment_example.json | 92 +++++++++---------- .../ListSubAssessments_example.json | 59 ++++++------ ...istSubscriptionSubAssessments_example.json | 59 ++++++------ 3 files changed, 104 insertions(+), 106 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json index 24e24fdb896e..a29585ef10b1 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json @@ -8,53 +8,53 @@ "responses": { "200": { "body": { - "type":"Microsoft.Security/assessments/subAssessments", - "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85", - "name":"95f7da9c-a2a4-1322-0758-fcd24ef09b85", - "properties":{ - "id":"370361", - "displayName":"PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", - "status":{ - "code":"Unhealthy", - "severity":"Medium" + "type": "Microsoft.Security/assessments/subAssessments", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2/providers/Microsoft.Security/assessments/1195afff-c881-495e-9bc5-1486211ae03f/subassessments/95f7da9c-a2a4-1322-0758-fcd24ef09b85", + "name": "95f7da9c-a2a4-1322-0758-fcd24ef09b85", + "properties": { + "id": "370361", + "displayName": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", + "status": { + "code": "Unhealthy", + "severity": "Medium" + }, + "remediation": "Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.", + "impact": "Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.", + "category": "Local", + "description": "PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", + "timeGenerated": "2021-02-02T12:36:50.779Z", + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2" + }, + "additionalData": { + "assessedResourceType": "ServerVulnerability", + "type": "VirtualMachine", + "cvss": { + "2.0": { + "base": 7.5 + }, + "3.0": { + "base": 9.8 + } }, - "remediation":"Customers are advised to upgrade toPuTTY 0.68 or later version in order to remediate this vulnerability.", - "impact":"Successful exploitation could allow remote attackers to have unspecified impact via a large length value in an agent protocol message.", - "category":"Local", - "description":"PuTTY ssh_agent_channel_data Function Integer Overflow Vulnerability", - "timeGenerated":"2021-02-02T12:36:50.779Z", - "resourceDetails":{ - "source":"Azure", - "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/DEMORG/providers/Microsoft.Compute/virtualMachines/vm2" - }, - "additionalData":{ - "assessedResourceType":"ServerVulnerability", - "type":"VirtualMachine", - "cvss":{ - "2.0":{ - "base":7.5 - }, - "3.0":{ - "base":9.8 - } - }, - "patchable":true, - "cve":[ - { - "title":"CVE-2017-6542", - "link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542" - } - ], - "publishedTime":"2017-04-06T10:58:25", - "threat":"PuTTY is a client program for the SSH, Telnet and Rlogin network protocols", - "vendorReferences":[ - { - "title":"CVE-2017-6542", - "link":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" - } - ] - } - } + "patchable": true, + "cve": [ + { + "title": "CVE-2017-6542", + "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542" + } + ], + "publishedTime": "2017-04-06T10:58:25", + "threat": "PuTTY is a client program for the SSH, Telnet and Rlogin network protocols", + "vendorReferences": [ + { + "title": "CVE-2017-6542", + "link": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" + } + ] + } + } } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json index 849b12ad8b63..1ff92037812e 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json @@ -8,36 +8,35 @@ "200": { "body": { "value": [ - { - "id":"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", - "name":"8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", - "type":"Microsoft.Security/assessments/subAssessments", - "properties":{ - "id":"VA2064", - "displayName":"Database-level firewall rules should be tracked and maintained at a strict minimum", - "status":{ - "code":"Healthy", - "severity":"High", - "cause":"Unknown" - }, - "remediation":"Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", - "impact":"Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", - "category":"SurfaceAreaReduction", - "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", - "timeGenerated":"2019-06-23T12:20:08.7644808Z", - "resourceDetails":{ - "source":"Azure", - "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" - }, - "additionalData":{ - "assessedResourceType":"SqlServerVulnerability", - "type":"AzureDatabase", - "query":"SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", - "benchmarks":[ - ] - } - } - } + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "type": "Microsoft.Security/assessments/subAssessments", + "properties": { + "id": "VA2064", + "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum", + "status": { + "code": "Healthy", + "severity": "High", + "cause": "Unknown" + }, + "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category": "SurfaceAreaReduction", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" + }, + "additionalData": { + "assessedResourceType": "SqlServerVulnerability", + "type": "AzureDatabase", + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks": [] + } + } + } ] } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json index f0af9d025b24..b1e362eed498 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubscriptionSubAssessments_example.json @@ -59,36 +59,35 @@ } } }, - { - "id":"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", - "name":"8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", - "type":"Microsoft.Security/assessments/subAssessments", - "properties":{ - "id":"VA2064", - "displayName":"Database-level firewall rules should be tracked and maintained at a strict minimum", - "status":{ - "code":"Healthy", - "severity":"High", - "cause":"Unknown" - }, - "remediation":"Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", - "impact":"Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", - "category":"SurfaceAreaReduction", - "description":"The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", - "timeGenerated":"2019-06-23T12:20:08.7644808Z", - "resourceDetails":{ - "source":"Azure", - "id":"/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" - }, - "additionalData":{ - "assessedResourceType":"SqlServerVulnerability", - "type":"AzureDatabase", - "query":"SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", - "benchmarks":[ - ] - } - } - } + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/providers/Microsoft.Security/assessments/82e20e14-edc5-4373-bfc4-f13121257c37/subassessments/8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "name": "8fbe5054-e97c-3a7a-fda7-c8308ca8d3cf", + "type": "Microsoft.Security/assessments/subAssessments", + "properties": { + "id": "VA2064", + "displayName": "Database-level firewall rules should be tracked and maintained at a strict minimum", + "status": { + "code": "Healthy", + "severity": "High", + "cause": "Unknown" + }, + "remediation": "Evaluate each of the database-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline. Deviations from the baseline will be identified and brought to your attention in subsequent scans.", + "impact": "Firewall rules should be strictly configured to allow access only to client computers that have a valid need to connect to the database. Any superfluous entries in the firewall may pose a threat by allowing an unauthorized source access to your database.", + "category": "SurfaceAreaReduction", + "description": "The Azure SQL Database-level firewall helps protect your data by preventing all access to your database until you specify which IP addresses have permission. Database-level firewall rules grant access to the specific database based on the originating IP address of each request.\n\nDatabase-level firewall rules for master", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ascdemoRG/providers/Microsoft.Sql/servers/sqlserver1demo/databases/database1" + }, + "additionalData": { + "assessedResourceType": "SqlServerVulnerability", + "type": "AzureDatabase", + "query": "SELECT name\n ,start_ip_address\n ,end_ip_address\nFROM sys.database_firewall_rules", + "benchmarks": [] + } + } + } ] } }