Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Exporting Azure Container Registry Vulnerability Assessment in Microsoft Defender for Cloud

YuriDiogenes's avatar
YuriDiogenes
Icon for Microsoft rankMicrosoft
Mar 26, 2020
Using Microsoft Defender for Containers  plan, you can monitor your ARM-based Azure Container Registry. When a new image is pushed, Microsoft Defender for Cloud scans the image using a scanner from t...
Updated Oct 28, 2021
Version 6.0
gadinaor's avatar
gadinaor
Copper Contributor
Oct 17, 2020

YuriDiogenes is there a way to retrieve the package information as a typed field in the query ?

Also, what the query should look like if one would want to have 1 CVE per line?

 

{
    "description": "Debian has released security update for systemd to fix the vulnerabilities.<P>",
    "displayName": "Debian Security Update for systemd",
    "resourceDetails": {
        "source": "Azure",
        "id": "/repositories/myrepo/manyvuln/images/sha256:4343f035d365cc3968f4276e712dbb42908de6f5538611668b03b7b69c142593"
    },
    "additionalData": {
        "assessedResourceType": "ContainerRegistryVulnerability",
        "vendorReferences": [
            {
                "title": "CVE-2018-1049",
                "link": "https://security-tracker.debian.org/tracker/CVE-2018-1049"
            },
            {
                "title": "CVE-2018-15686",
                "link": "https://security-tracker.debian.org/tracker/CVE-2018-15686"
            }
        ],
        "publishedTime": "2019-05-06T10:54:00.0000000Z",
        "patchable": true,
        "type": "Vulnerability",
        "cvss": {
            "2.0": {
                "base": 10
            },
            "3.0": {
                "base": 9.8
            }
        },
        "cve": [
            {
                "title": "CVE-2018-1049",
                "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1049"
            },
            {
                "title": "CVE-2018-15686",
                "link": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686"
            }
        ],
        "repositoryName": "myrepo/manyvuln",
        "registryHost": "myregistry.azurecr.io",
        "imageDigest": "sha256:4343f035d365cc3968f4276e712dbb42908de6f5538611668b03b7b69c142593"
    },
    "status": {
        "severity": "High",
        "code": "Unhealthy"
    },
    "timeGenerated": "2020-10-17T07:35:03.4900000Z",
    "remediation": "Refer to <A HREF=\"https://security-tracker.debian.org/tracker/CVE-2018-15686\" TARGET=\"_blank\">Debian 9 - CVE-2018-15686</A> and <A HREF=\"https://security-tracker.debian.org/tracker/CVE-2018-1049\" TARGET=\"_blank\">Debian 9 - CVE-2018-1049</A> to address this issue and obtain further details.\n<P>Patch:<BR>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://security-tracker.debian.org/tracker/CVE-2018-15686\" TARGET=\"_blank\">CVE-2018-15686: Debian</A><P> <A HREF=\"https://security-tracker.debian.org/tracker/https://security-tracker.debian.org/tracker/CVE-2018-15686\" TARGET=\"_blank\">CVE-2018-1049: Debian</A>",
    "category": "Debian",
    "id": "176875",
    "impact": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability."
}