Latest integration between ASC and ARG enables new very cool features like:
- Custom dashboards
- Saved queries
- KQL query to explore the data on *any* scope
- Export to CSV
- API
You can see bellow custom dashboard I created in 5 min
Search for “arg” in Azure Portal
On the left pane, you can see ASC data in ARG
Few KQL queries examples on what can be extracted from data, more about KQL & ARG - here
Assessments (recommendations)
SecurityResources
| where type == 'microsoft.security/assessments'
| extend assessmentKey = name, resourceId = tolower(trim(' ',tostring(properties.resourceDetails.Id))), healthStatus = properties.status.code, displayName = properties.displayName
| summarize count() by tostring(displayName)
| order by count_
Regulatory Compliance status
securityresources
| where type == "microsoft.security/regulatorycompliancestandards"
| extend passedControls = trim(' ',tostring(properties.passedControls)), failedControls = trim(' ',tostring(properties.failedControls))
| project name,passedControls,failedControls
Pricing tiers
securityresources
| where type == "microsoft.security/pricings"
| extend tier = trim(' ',tostring(properties.pricingTier))
| project name,tier,subscriptionId
Run the query:
To create dashboard, just go to “charts” tab and select chart type
Now, you can pin this custom dashboard to your main Azure landing page
Microsoft