Kusto 查询 - 获取按资源组分组的所有安全建议列表

问题描述 投票:0回答:1

Kusto 查询 - 通过 Azure Graph Explorer 获取按资源组分组的所有安全建议的列表。

链接类型:type == 'microsoft.resources/subscriptions/resourcegroups' 和 type == 'microsoft.security/assessments'

获取报告:subscriptionName、resourceGroup、resource type、tags.owner、recommendationName、recommendationSeverity、description、remediationDescription、portalLink。

azure azure-ad-graph-api kql azure-defender
1个回答
0
投票

要获取资源的标签,您需要加入

resources
表。对于订阅名称,您需要 
resourcecontainers
表。这应该有效:

securityresources 
| where type == 'microsoft.security/assessments' 
| join kind=leftouter  (resourcecontainers 
            | where type == 'microsoft.resources/subscriptions'
            | project subscriptionId, subscription=name)
        on subscriptionId
| extend resourceId = tolower(tostring(properties.resourceDetails.ResourceId))
| join kind=leftouter  (resources | project resourceId=tolower(id), rtags=tags, resourceName=name) on resourceId
| project 
    subscription,
    resourceGroup,
    resourceType=tostring(properties.resourceDetails.ResourceType), 
    recommendationName=properties.displayName, 
    description=properties.metadata.description, 
    remediationDescription=properties.metadata.remediationDescription, 
    recommendationSeverity=properties.metadata.severity, 
    portalLink=properties.links.azurePortal,
    resourceId,
    resourceName,
    owner=rtags.owner
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.