As per the documentation here, this API only provides below information. I am looking for something that tells the exact configuration.
IsApplicable | bool | Indicates whether the configuration or policy is applicable | true |
IsCompliant | bool | Indicates whether the configuration or policy is properly configured | false |
This doesn't provide information on what are the settings especially the Attack Surface Rules.
Example Data below. This is a test environment so details below are fine to be exposed anywhere.
deviceName | osPlatform | timestamp | configurationCategory | configurationSubcategory | configurationImpact | isCompliant | isApplicable | configurationName |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | FALSE | TRUE | Block persistence through WMI event subscription |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | FALSE | TRUE | Block abuse of exploited vulnerable signed drivers |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block Office communication application from creating child processes |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block Adobe Reader from creating child processes |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block credential stealing from the Windows local security authority subsystem (lsass.exe) |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | FALSE | TRUE | Block process creations originating from PSExec and WMI commands |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block untrusted and unsigned processes that run from USB |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block JavaScript or VBScript from launching downloaded executable content |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block execution of potentially obfuscated scripts |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block executable content from email client and webmail |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block Office applications from injecting code into other processes |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block all Office applications from creating child processes |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block Office applications from creating executable content |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | TRUE | TRUE | Block Win32 API calls from Office macros |
desktop-tgjrkeb | Windows11 | 01/09/2023 19:39 | Security controls | Attack Surface Reduction | 9 | FALSE | TRUE | Block executable files from running unless they meet a prevalence, age, or trusted list criterion |
I feel like I am missing something here. Does anyone know where can i get an API that fetches the exact configuration e.g., Not Configured, Block Mode or Audit Mode for the entire environment. I appreciate any help from here.
