Blog Post

Microsoft Defender for Cloud Blog

2 MIN READ

Exporting Vulnerability Assessment Results in Microsoft Defender for Cloud

Icon for Microsoft rank

Microsoft

Mar 05, 2020

With the new Microsoft Defender for Cloud built-in vulnerability assessment solution, you can manage the deployment of the agent and the visualization of the results from a single dashboard. You can ...

Updated Oct 24, 2021

Version 7.0

Icon for Microsoft rank

Microsoft

Joined March 01, 2018

Microsoft Defender for Cloud Blog

Microsoft Defender for Cloud is a cloud-native application platform (CNAPP) that offers security and compliance from code to runtime, enhanced by AI, for hybrid and multicloud environments.

Copper Contributor

Aug 28, 2020

Hi YuriDiogenes.
1st of all, thank you for your contribution, it was highly appreciated.
Regarding the script, in my case, i think Microsoft updated recently the display name, so searching on the strings will return nothing.
Here is the script updated for less watchful people

securityresources

| where type == "microsoft.security/assessments"

| where * contains "Vulnerabilities in your virtual machines"

| summarize by assessmentKey=name //the ID of the assessment

| join kind=inner (

securityresources

| where type == "microsoft.security/assessments/subassessments"

| extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id)

) on assessmentKey

| project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId

| extend description = properties.description,

displayName = properties.displayName,

resourceId = properties.resourceDetails.id,

resourceSource = properties.resourceDetails.source,

category = properties.category,

severity = properties.status.severity,

code = properties.status.code,

timeGenerated = properties.timeGenerated,

remediation = properties.remediation,

impact = properties.impact,

vulnId = properties.id,

additionalData = properties.additionalData