Security Assessments

15min
Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
OverviewYou can currently query the following attributes and connections on an Azure Security Assessment
GraphQL
|
query {
  queryazureSecurityAssesment {
    id
    name
    type
    subscriptionId
    region
    resourceGroupId
    resourceDetails {
      id
      source
      serverName
      databaseName
      workspaceId
      vmuuid
      sourceComputerId
      machineName
    }
    displayName
    additionalData{
      id
      key
      value
    }
    link
    status {
      code
      cause
      description
      firstEvaluationDate
      statusChangeDate
    }
    partnerName
    metadata {
      partnerName
      displayName
      policyDefinitionId
      description
      remediationDescription
      categories
      severity
      userImpact
      implementationEffort
      threats
      preview
      assessmentType
    }
  }
}
query {
  queryazureSecurityAssesment {
    id
    name
    type
    subscriptionId
    region
    resourceGroupId
    resourceDetails {
      id
      source
      serverName
      databaseName
      workspaceId
      vmuuid
      sourceComputerId
      machineName
    }
    displayName
    additionalData{
      id
      key
      value
    }
    link
    status {
      code
      cause
      description
      firstEvaluationDate
      statusChangeDate
    }
    partnerName
    metadata {
      partnerName
      displayName
      policyDefinitionId
      description
      remediationDescription
      categories
      severity
      userImpact
      implementationEffort
      threats
      preview
      assessmentType
    }
  }
}
﻿
FilteringGet data for a single Azure Security Assessment key that you know the ID for:
GraphQL
|
query {
  getazureSecurityAssessment(id: "12345") {
    id
    # Other fields and connections here...
  }
}
query {
  getazureSecurityAssessment(id: "12345") {
    id
    # Other fields and connections here...
  }
}
﻿
Get data for all of the Security Assessments in a certain Azure subscription:
GraphQL
|
query {
  queryazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "subscriptionId" you can
# Filter based on any of the following attributes:

# id
# name
# type
# kind
# subscriptionId
# region
# resourceGroupId
# resourceDetails 
# displayName
# additionalData
# link
# status
# partnerName
# metadata

# And the following Dgraph filters can also be applied:

# has
# and
# or
# not
# regexp (regular expressions)

# fulltext filters

# alloftext
# anyoftext
query {
  queryazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "subscriptionId" you can
# Filter based on any of the following attributes:

# id
# name
# type
# kind
# subscriptionId
# region
# resourceGroupId
# resourceDetails 
# displayName
# additionalData
# link
# status
# partnerName
# metadata

# And the following Dgraph filters can also be applied:

# has
# and
# or
# not
# regexp (regular expressions)

# fulltext filters

# alloftext
# anyoftext
﻿
Get data for all of the Security Assessments that are NOT in a certain Azure subscription:
GraphQL
|
query {
  queryazureSecurityAssessment(filter: { not: { subscriptionId: { eq: "12345" } } }) {
    id
    # Other fields and connections here...
  }
}
query {
  queryazureSecurityAssessment(filter: { not: { subscriptionId: { eq: "12345" } } }) {
    id
    # Other fields and connections here...
  }
}
﻿
Advanced FilteringGet data for all of the Security Assessments that have additionalData:
GraphQL
|
query {
  queryazureSecurityAssessment(filter: { has: additionalData }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "additionalData" you can filter
# Using "has" based on any of the following attributes:

# resourceDetails 
# displayName
# additionalData
# link
# status
# partnerName
# metadata
query {
  queryazureSecurityAssessment(filter: { has: additionalData }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "additionalData" you can filter
# Using "has" based on any of the following attributes:

# resourceDetails 
# displayName
# additionalData
# link
# status
# partnerName
# metadata
﻿
OrderingYou can order the results you get back either asc or desc depending on your preference:
GraphQL
|
query {
  queryazureSecurityAssessment(order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "name" you can filter
# Using "asc" or "desc" based on any of the following attributes:

# id
# type
# kind
# subscriptionId
# region
# resourceGroupId
# displayName
# partnerName
query {
  queryazureSecurityAssessment(order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "name" you can filter
# Using "asc" or "desc" based on any of the following attributes:

# id
# type
# kind
# subscriptionId
# region
# resourceGroupId
# displayName
# partnerName
﻿
Only select and return the first two Security Assessments that are found:
GraphQL
|
query {
  queryazureSecurityAssessment(first: 2, order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}
query {
  queryazureSecurityAssessment(first: 2, order: { desc: name }) {
    id
    # Other fields and connections here...
  }
}
﻿
Only select and return the first two Security Assessments that are found, but offset by one so keys two & three are returned:
GraphQL
|
query {
  queryazureSecurityAssessment(first: 2, order: { desc: name }, offset: 1) {
    id
    # Other fields and connections here...
  }
}
query {
  queryazureSecurityAssessment(first: 2, order: { desc: name }, offset: 1) {
    id
    # Other fields and connections here...
  }
}
﻿
AggregationCount the number of Security Assessments across all scanned Azure subscriptions:
GraphQL
|
query {
  aggregateazureSecurityAssessment {
    count
    # Other fields and connections here...
  }
}

# Note that in addition to "count" you can request the
# Following min and max values based on attributes of your Security Assessments:

# idMin
# idMax
# nameMin
# nameMax
# typeMin
# typeMax
# subscriptionIdMin
# subscriptionIdMax
# regionMin
# regionMax
# resourceGroupIdMin
# resourceGroupIdMax
# displayNameMin
# displayNameMax
# linkMin
# linkMax
# partnerNameMin
# partnerNameMax
query {
  aggregateazureSecurityAssessment {
    count
    # Other fields and connections here...
  }
}

# Note that in addition to "count" you can request the
# Following min and max values based on attributes of your Security Assessments:

# idMin
# idMax
# nameMin
# nameMax
# typeMin
# typeMax
# subscriptionIdMin
# subscriptionIdMax
# regionMin
# regionMax
# resourceGroupIdMin
# resourceGroupIdMax
# displayNameMin
# displayNameMax
# linkMin
# linkMax
# partnerNameMin
# partnerNameMax
﻿
Count the number of Security Assessments in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
GraphQL
|
query {
  aggregateazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
    count
    # Other fields and connections here...
  }
}
query {
  aggregateazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
    count
    # Other fields and connections here...
  }
}
﻿
ExamplesFind all of the Security Assessments that are in the eastus region across all your accounts:
GraphQL
|
query {
  queryazureSecurityAssessment(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
}
query {
  queryazureSecurityAssessment(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
}
﻿
Kitchen SinkPutting it all together; get all data for all Security Assessments across all regions for all scanned Azure subscriptions in a single query. For the purposes of this example, we will only get direct children of the keys but if you want to it's easy to go to other resources as well
GraphQL
|
query {
  queryazureSecurityAssesment {
    id
    name
    type
    subscriptionId
    region
    resourceGroupId
    resourceDetails {
      id
      source
      serverName
      databaseName
      workspaceId
      vmuuid
      sourceComputerId
      machineName
    }
    displayName
    additionalData{
      id
      key
      value
    }
    link
    status {
      code
      cause
      description
      firstEvaluationDate
      statusChangeDate
    }
    partnerName
    metadata {
      partnerName
      displayName
      policyDefinitionId
      description
      remediationDescription
      categories
      severity
      userImpact
      implementationEffort
      threats
      preview
      assessmentType
    }
  }
}
query {
  queryazureSecurityAssesment {
    id
    name
    type
    subscriptionId
    region
    resourceGroupId
    resourceDetails {
      id
      source
      serverName
      databaseName
      workspaceId
      vmuuid
      sourceComputerId
      machineName
    }
    displayName
    additionalData{
      id
      key
      value
    }
    link
    status {
      code
      cause
      description
      firstEvaluationDate
      statusChangeDate
    }
    partnerName
    metadata {
      partnerName
      displayName
      policyDefinitionId
      description
      remediationDescription
      categories
      severity
      userImpact
      implementationEffort
      threats
      preview
      assessmentType
    }
  }
}
﻿
References﻿Dgraph documentation on querying﻿