ASC using Azure Resource Graph Explorer

%3CLINGO-SUB%20id%3D%22lingo-sub-1771513%22%20slang%3D%22en-US%22%3EASC%20using%20Azure%20Resource%20Graph%20Explorer%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1771513%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20new%20to%20using%20ASC%20and%20looking%20around%20to%20get%20help%20using%20resource%20graph%20explorer.%26nbsp%3B%20I%20have%20reviewed%20this%20link%3A%26nbsp%3B%20(%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmaster%2FARG%2520queries%2FStarter%2520Kit%2520-%2520ASC%2520Recommendations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmaster%2FARG%2520queries%2FStarter%2520Kit%2520-%2520ASC%2520Recommendations%3C%2FA%3E)%20on%20getting%20some%20information%20setup%20on%20a%20dashboard%20for%20easier%20viewing.%26nbsp%3B%20As%20I%20said%2C%20still%20learning%20this%20and%20I%20am%20surely%20missing%20something%20simple%20I%20gather%20to%20build%20a%20dashboard%20to%20look%20like%20this%20(see%20image).%26nbsp%3B%20I%20know%20that%20I%20need%20to%20keep%20tweaking%20the%20query%20to%20display%20the%20right%20information%2C%20but%20what%20I%20have%20not%20been%20able%20to%20%22stumble%20across%22%20is%20a%20way%20to%20view%20the%20data%20from%20a%20dashboard%20that%20lists%20all%20the%20vulnerability%20findings%20to%20dig%20into%3F%26nbsp%3B%20The%20only%20way%20I%20have%20been%20able%20to%20gather%20this%20information%20is%20by%20going%20into%20each%20resource%20(ie.%20VMs)%20and%20viewing%20this%20under%20security%20checks%20or%20using%20the%20Recommendations%20section%20and%20navigating%20into%20the%20same%20information%2C%20using%20a%20different%20path.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20was%20hoping%20to%20do%20is%20find%20a%20way%20to%20list%20the%20vulnerabilities%20found%20and%20export%20those%20into%20CSV%2C%20as%20that%20is%20the%20only%20way%20to%20truly%20breakdown%20the%20findings%20in%20ASC%2C%20which%20is%20a%20lot%20of%20manual%20work.%26nbsp%3B%20Just%20making%20sure%20I%20am%20looking%20at%20this%20correctly%2C%20since%20I%20am%20still%20new%20to%20this%20and%20trying%20to%20find%20a%20few%20ways%20to%20get%20to%20the%20information%20a%20bit%20easier%2Ffaster.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3CP%3E-Bob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1771513%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EASC%20using%20A%20Resource%20Graph%20Explorer%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1783843%22%20slang%3D%22en-US%22%3ERe%3A%20ASC%20using%20Azure%20Resource%20Graph%20Explorer%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1783843%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F669306%22%20target%3D%22_blank%22%3E%40Bob_Toler%3C%2FA%3E%26nbsp%3BJust%20wanted%20to%20provide%20an%20update%20on%20this%20subject.%26nbsp%3B%20I%20was%20able%20to%20get%20at%20least%20one%20graph%20working%20to%20show%20the%20severity%20counts%2C%20which%20is%20a%20good%20start.%26nbsp%3B%20I%20am%20unable%20to%20get%20a%20list%20of%20the%20resources%20listed%20showing%20the%20count%20for%20that%2C%20which%20is%20a%20great%20next%20step.%26nbsp%3B%20The%20best%20option%20here%20is%20to%20show%20each%20resource%20with%20the%20severity%20counts%20associated%20to%20that%20single%20resource.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20I%20am%20still%20new%20to%20using%20ARG%20to%20help%20get%20that%20information%20and%20then%20posted%20as%20a%20Dashboard%20view%20is%20the%20goal%20for%20me%20right%20now.%26nbsp%3B%20Any%20help%20on%20achieving%20this%20would%20be%20greatly%20appreciated%2C%20if%20you%20have%20the%20time%20to%20review%20where%20I%20am%20at%20today.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3CP%3E-Bob%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am new to using ASC and looking around to get help using resource graph explorer.  I have reviewed this link:  (https://github.com/Azure/Azure-Security-Center/tree/master/ARG%20queries/Starter%20Kit%20-%20ASC%20R...) on getting some information setup on a dashboard for easier viewing.  As I said, still learning this and I am surely missing something simple I gather to build a dashboard to look like this (see image).  I know that I need to keep tweaking the query to display the right information, but what I have not been able to "stumble across" is a way to view the data from a dashboard that lists all the vulnerability findings to dig into?  The only way I have been able to gather this information is by going into each resource (ie. VMs) and viewing this under security checks or using the Recommendations section and navigating into the same information, using a different path.

 

What I was hoping to do is find a way to list the vulnerabilities found and export those into CSV, as that is the only way to truly breakdown the findings in ASC, which is a lot of manual work.  Just making sure I am looking at this correctly, since I am still new to this and trying to find a few ways to get to the information a bit easier/faster.

 

Thank you,

-Bob

1 Reply

@Bob_Toler Just wanted to provide an update on this subject.  I was able to get at least one graph working to show the severity counts, which is a good start.  I am unable to get a list of the resources listed showing the count for that, which is a great next step.  The best option here is to show each resource with the severity counts associated to that single resource.

 

Since I am still new to using ARG to help get that information and then posted as a Dashboard view is the goal for me right now.  Any help on achieving this would be greatly appreciated, if you have the time to review where I am at today.

 

Thank you,

-Bob