cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exporting Azure Container Registry Vulnerability Assessment in Microsoft Defender for Cloud
By
Yuri Diogenes
Published Mar 26 2020 04:45 AM 9,761 Views
Yuri Diogenes
Microsoft
‎Mar 26 2020 04:45 AM

Exporting Azure Container Registry Vulnerability Assessment in Microsoft Defender for Cloud

‎Mar 26 2020 04:45 AM

Using Microsoft Defender for Containers  plan, you can monitor your ARM-based Azure Container Registry. When a new image is pushed, Microsoft Defender for Cloud scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys.

For every vulnerability, Microsoft Defender for Cloud provides actionable recommendations, along with guidance for how to remediate the issue. This assessment is available in the Microsoft Defender for Cloud dashboard as shown below:

 

ACR_Fig1.JPG

 

While this visualization is very helpful and dynamic, one question that comes up very often is: how can I export this assessment to a CSV file? The answer is: you can do that using Azure Resource Graph (ARG)! Follow the steps below to perform this task:

 

1. In the Azure Portal, go to Resource Graph Explorer as shown below:

 

Fig1_1.JPG

 

2. Type the query below:

 

securityresources
where type == "microsoft.security/assessments"
where properties.displayName contains "Vulnerabilities in Azure Container Registry images should be remediated"
summarize by assessmentKey=name //the ID of the assessment
join kind=inner (
    securityresources
     | where type == "microsoft.security/assessments/subassessments"
     | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)
 ) on assessmentKey
project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
extend description = properties.description,
         displayName = properties.displayName,
         resourceId = properties.resourceDetails.id,
         resourceSource = properties.resourceDetails.source,
         category = properties.category,
         severity = properties.status.severity,
         code = properties.status.code,
         timeGenerated = properties.timeGenerated,
         remediation = properties.remediation,
         impact = properties.impact,
         vulnId = properties.id,
         additionalData = properties.additionalData

 

3. Click Run Query button and you will see the result, similar to figure below:

ACR_Fig3.JPG

 

4. Click Download as CSV button.

Now that you download the CVS, you can open it and consume the data generated by the assessment.

 

Reviewers:

Maya Herskovic, Assaf Israel and Lana Salameh from the Microsoft Defender for Cloud Engineering Team

5 Comments
Co-Authors
Version history
Last update:
‎Oct 28 2021 12:20 AM
Updated by: