Kusto 查询 - 通过 Azure Graph Explorer 获取按资源组分组的所有安全建议的列表。
链接类型:type == 'microsoft.resources/subscriptions/resourcegroups' 和 type == 'microsoft.security/assessments'
获取报告:subscriptionName、resourceGroup、resource type、tags.owner、recommendationName、recommendationSeverity、description、remediationDescription、portalLink。
要获取资源的标签,您需要加入
resources
表。对于订阅名称,您需要 resourcecontainers
表。这应该有效:
securityresources
| where type == 'microsoft.security/assessments'
| join kind=leftouter (resourcecontainers
| where type == 'microsoft.resources/subscriptions'
| project subscriptionId, subscription=name)
on subscriptionId
| extend resourceId = tolower(tostring(properties.resourceDetails.ResourceId))
| join kind=leftouter (resources | project resourceId=tolower(id), rtags=tags, resourceName=name) on resourceId
| project
subscription,
resourceGroup,
resourceType=tostring(properties.resourceDetails.ResourceType),
recommendationName=properties.displayName,
description=properties.metadata.description,
remediationDescription=properties.metadata.remediationDescription,
recommendationSeverity=properties.metadata.severity,
portalLink=properties.links.azurePortal,
resourceId,
resourceName,
owner=rtags.owner