Forum Discussion
snteran
Feb 05, 2022Copper Contributor
Defender for cloud - Recommendations > Remediate Security configurations > Machines should...
I have implemented Continuous export in order to utilize the Secure Score over time workbook. Which shows some great information. there is a section for Top recommendations and the first one on our ...
SergioT1228
May 03, 2022Brass Contributor
I'm still unable to find a great way to export all the items listed under the "Remediate security configurations".
Hopefully there is someone who has figured out a query to help export them all so we can break them out by OS and then prioritize. The next question is to find a way to exempt/suppress the findings moving forward.
For example, one of the findings to to "Enable" windows firewall but this is not needed, so we need to exempt or disable this finding.
Appreciate any assistance,
Serge
snteran
Jun 09, 2022Copper Contributor
Think I found what I was looking for:
SecurityBaseline
| where (BaselineType =~ 'WindowsOS' or BaselineType =~ 'Windows OS' or BaselineType =~ 'Linux' or BaselineType =~ 'Oms.Linux' or BaselineType =~ 'Web' or (isempty(BaselineType) and isnotempty(TimeGenerated)))
| where AnalyzeResult == "Failed"
| summarize arg_max(TimeGenerated, *) by SourceComputerId, Computer, BaselineRuleId, RuleSeverity, BaselineRuleType
SecurityBaseline
| where (BaselineType =~ 'WindowsOS' or BaselineType =~ 'Windows OS' or BaselineType =~ 'Linux' or BaselineType =~ 'Oms.Linux' or BaselineType =~ 'Web' or (isempty(BaselineType) and isnotempty(TimeGenerated)))
| where AnalyzeResult == "Failed"
| summarize arg_max(TimeGenerated, *) by SourceComputerId, Computer, BaselineRuleId, RuleSeverity, BaselineRuleType