Forum Discussion
KQL that shows an Exemptions description and Created by within Exemption policy
We have several exemptions that were initiated by a former employee that we need to evaluate. We have over 4K and some are implemented at the subscription level and others at the resource. I have b...
| extend description = trim(" ", tostring(properties.metadata.description))
The "createdby" isn't listed in the api, so it probably comes from another place https://learn.microsoft.com/en-us/rest/api/defenderforcloud/assessments/list?tabs=HTTP
The "createdby" isn't listed in the api, so it probably comes from another place https://learn.microsoft.com/en-us/rest/api/defenderforcloud/assessments/list?tabs=HTTP
Unfortunately the metadata.description does not provide me with the Exemption description.
from the kql: metadata":{"description":"Enable FTPS enforcement for enhanced security".
This is not what we have for the description. I'll keep digging and hopefully find the right field for both.
Cheers
from the kql: metadata":{"description":"Enable FTPS enforcement for enhanced security".
This is not what we have for the description. I'll keep digging and hopefully find the right field for both.
Cheers
- Lior Arviv
Microsoft
There is still no way to access exemptions data in Azure Resource Graph, only via API, because exemptions are written on Azure Policy, and it currently misses the exemptions part. However, there is a community artifact that generates exemptions reports based on API: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-to-generate-a-microsoft-defender-for-cloud-exemption-and/ba-p/2302899
Hope it helps.
