Exporting Azure Container Registry Vulnerability Assessment in Azure Security Center

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Using Azure Security Center Standard tier with the Container Registries bundle enabled, you can monitor your ARM-based Azure Container Registry. When a new image is pushed, Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys.

For every vulnerability, Security Center provides actionable recommendations, along with guidance for how to remediate the issue. This assessment is available in the Azure Security Center dashboard as shown below:

 

ACR_Fig1.JPG

 

While this visualization is very helpful and dynamic, one question that comes up very often is: how can I export this assessment to a CSV file? The answer is: you can do that using Azure Resource Graph (ARG)! Follow the steps below to perform this task:

 

1. In the Azure Portal, go to Resource Graph Explorer as shown below:

 

Fig1_1.JPG

 

2. Type the query below:

 

securityresources
where type == "microsoft.security/assessments"
where properties.displayName contains "Vulnerabilities in Azure Container Registry images should be remediated"
summarize by assessmentKey=name //the ID of the assessment
join kind=inner (
    securityresources
     | where type == "microsoft.security/assessments/subassessments"
     | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)
 ) on assessmentKey
project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
extend description = properties.description,
         displayName = properties.displayName,
         resourceId = properties.resourceDetails.id,
         resourceSource = properties.resourceDetails.source,
         category = properties.category,
         severity = properties.status.severity,
         code = properties.status.code,
         timeGenerated = properties.timeGenerated,
         remediation = properties.remediation,
         impact = properties.impact,
         vulnId = properties.id,
         additionalData = properties.additionalData

 

3. Click Run Query button and you will see the result, similar to figure below:

ACR_Fig3.JPG

 

4. Click Download as CSV button.

Now that you download the CVS, you can open it and consume the data generated by the assessment.

 

Reviewers:

Maya Herskovic, Assaf Israel and Lana Salameh from the Azure Security Center Engineering Team

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.