Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Exporting Vulnerability Assessment Results in Microsoft Defender for Cloud

YuriDiogenes's avatar
YuriDiogenes
Icon for Microsoft rankMicrosoft
Mar 05, 2020
With the new Microsoft Defender for Cloud built-in vulnerability assessment solution, you can manage the deployment of the agent and the visualization of the results from a single dashboard. You can ...
Updated Oct 24, 2021
Version 7.0
SarathKScloudsecguy's avatar
SarathKScloudsecguy
Copper Contributor
Mar 11, 2022

Thanks YuriDiogenes for sharing this information. Updated script with a minor change 

securityresources
 | where type == "microsoft.security/assessments"
 | where * contains "Machines should have vulnerability findings resolved"
 | summarize by assessmentKey=name //the ID of the assessment
 | join kind=inner (
    securityresources
     | where type == "microsoft.security/assessments/subassessments"
     | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)
 ) on assessmentKey
| project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
| extend description = properties.description,
         displayName = properties.displayName,
         resourceId = properties.resourceDetails.id,
         resourceSource = properties.resourceDetails.source,
         category = properties.category,
         severity = properties.status.severity,
         code = properties.status.code,
         timeGenerated = properties.timeGenerated,
         remediation = properties.remediation,
         impact = properties.impact,
         vulnId = properties.id,
         additionalData = properties.additionalData