ASC Powered by ARG (Azure Resource Graph)

Published 10-30-2019 07:26 AM 4,840 Views
Microsoft

Latest integration between ASC and ARG enables new very cool features like:

  • Custom dashboards
  • Saved queries
  • KQL query to explore the data on *any* scope
  • Export to CSV
  • API

 

You can see bellow custom dashboard I created in 5 min

 

Search for “arg” in Azure Portal

 

clipboard_image_0.png

 

 

On the left pane, you can see ASC data in ARG

 

 

clipboard_image_1.png

 

 

Few KQL queries examples on what can be extracted from data, more about KQL & ARG - here

 

Assessments (recommendations)

SecurityResources 

| where type == 'microsoft.security/assessments' 

| extend assessmentKey = name, resourceId = tolower(trim(' ',tostring(properties.resourceDetails.Id))), healthStatus = properties.status.code, displayName = properties.displayName

| summarize count() by tostring(displayName)

| order by count_ 

 

Regulatory Compliance status 

securityresources

 | where type == "microsoft.security/regulatorycompliancestandards"

 | extend passedControls = trim(' ',tostring(properties.passedControls)), failedControls = trim(' ',tostring(properties.failedControls))

 | project name,passedControls,failedControls

 

Pricing tiers

securityresources 

| where type == "microsoft.security/pricings"

| extend tier = trim(' ',tostring(properties.pricingTier))

| project name,tier,subscriptionId

 

 

 

Run the query:

 

clipboard_image_2.png

 

 

To create dashboard, just go to “charts” tab and select chart type

 

clipboard_image_3.png

 

Now, you can pin this custom dashboard to your main Azure landing page

 

clipboard_image_4.png

 

 

 

 

 

 

 

1 Comment
Occasional Contributor

Thanks for sharing this commands and it is very useful. Could you help to pull report specifically for Azure CIS controls with pass and fail controls in a chart view. Appreciate your support

Version history
Last update:
‎Oct 30 2019 07:51 AM
Updated by: