Exporting Vulnerability Assessment Results in Azure Security Center

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

With the new Azure Security Center's built-in vulnerability assessment solution (powered by Qualys), you can manage the deployment of the agent and the visualization of the results from a single dashboard. You can learn more about this integration and how it works by reading this article, and watch a quick demo available here.

The vulnerability assessment results that appear in the Azure Security Center dashboard, will look like this:

 

Fig1.JPG

 

While this visualization is very helpful and dynamic, one question that comes up very often is: how can I export this assessment to a CSV file? The answer is: you can do that using Azure Resource Graph (ARG)! Follow the steps below to perform this task:

 

1. In the Azure Portal, go to Resource Graph Explorer as shown below:

 

Fig1_1.JPG

 

2. Type the query below:

 

securityresources

 | where type == "microsoft.security/assessments"

 | where * contains "Remediate vulnerabilities found on your virtual machines (powered by Qualys)"

 | summarize by assessmentKey=name //the ID of the assessment

 | join kind=inner (

    securityresources

     | where type == "microsoft.security/assessments/subassessments"

     | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)

 ) on assessmentKey

| project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId

| extend description = properties.description,

         displayName = properties.displayName,

         resourceId = properties.resourceDetails.id,

         resourceSource = properties.resourceDetails.source,

         category = properties.category,

         severity = properties.status.severity,

         code = properties.status.code,

         timeGenerated = properties.timeGenerated,

         remediation = properties.remediation,

         impact = properties.impact,

         vulnId = properties.id,

         additionalData = properties.additionalData

 

3. Click Run Query button and you will see the result, similar to figure below:

 

Fig2.JPG

 

4. Click Download as CSV button.

 

Now that you downloaded the CSV, you can open it and consume the data generated by the assessment.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.