With the new Azure Security Center's built-in vulnerability assessment solution (powered by Qualys), you can manage the deployment of the agent and the visualization of the results from a single dashboard. You can learn more about this integration and how it works by reading this article, and watch a quick demo available here.
The vulnerability assessment results that appear in the Azure Security Center dashboard, will look like this:
While this visualization is very helpful and dynamic, one question that comes up very often is: how can I export this assessment to a CSV file? The answer is: you can do that using Azure Resource Graph (ARG)! Follow the steps below to perform this task:
1. In the Azure Portal, go to Resource Graph Explorer as shown below:
2. Type the query below:
Note: this query below was changed on 8/28/2020 to reflect the changes made in the recommendation name. Thanks @DavidTex for calling this out in the comment section.
securityresources | where type == "microsoft.security/assessments" | where * contains"vulnerabilities in your virtual machines" | summarizeby assessmentKey=name //the ID of the assessment | join kind=inner ( securityresources | where type == "microsoft.security/assessments/subassessments" | extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id) ) on assessmentKey | project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId | extend description = properties.description, displayName = properties.displayName, resourceId = properties.resourceDetails.id, resourceSource = properties.resourceDetails.source, category = properties.category, severity = properties.status.severity, code = properties.status.code, timeGenerated = properties.timeGenerated, remediation = properties.remediation, impact = properties.impact, vulnId = properties.id, additionalData = properties.additionalData
3. Click Run Query button and you will see the result, similar to figure below:
4. Click Download as CSV button.
Now that you downloaded the CSV, you can open it and consume the data generated by the assessment.