Exporting Vulnerability Assessment Results in Microsoft Defender for Cloud

Published Mar 05 2020 11:25 AM 22K Views
Microsoft

With the new Microsoft Defender for Cloud built-in vulnerability assessment solution, you can manage the deployment of the agent and the visualization of the results from a single dashboard. You can learn more about this integration and how it works by reading this article, and watch a quick demo available here.

The vulnerability assessment results that appear in the Microsoft Defender for Cloud dashboard, will look like this:

 

Fig1.JPG

 

While this visualization is very helpful and dynamic, one question that comes up very often is: how can I export this assessment to a CSV file? The answer is: you can do that using Azure Resource Graph (ARG)! Follow the steps below to perform this task:

 

1. In the Azure Portal, go to Resource Graph Explorer as shown below:

 

Fig1_1.JPG

 

2. Type the query below:

Note: this query below was changed on 8/28/2020 to reflect the changes made in the recommendation name. Thanks @DavidTex for calling this out in the comment section.

 

securityresources
 | where type == "microsoft.security/assessments"
 | where * contains "vulnerabilities in your virtual machines"
 | summarize by assessmentKey=name //the ID of the assessment
 | join kind=inner (
    securityresources
     | where type == "microsoft.security/assessments/subassessments"
     | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)
 ) on assessmentKey
project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
extend description = properties.description,
         displayName = properties.displayName,
         resourceId = properties.resourceDetails.id,
         resourceSource = properties.resourceDetails.source,
         category = properties.category,
         severity = properties.status.severity,
         code = properties.status.code,
         timeGenerated = properties.timeGenerated,
         remediation = properties.remediation,
         impact = properties.impact,
         vulnId = properties.id,
         additionalData = properties.additionalData

3. Click Run Query button and you will see the result, similar to figure below:

 

Fig2.JPG

 

4. Click Download as CSV button.

 

Now that you downloaded the CSV, you can open it and consume the data generated by the assessment.

 

39 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-1212091%22%20slang%3D%22en-US%22%3EExporting%20Vulnerability%20Assessment%20Results%20in%20Microsoft%20Defender%20for%20Cloud%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1212091%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20the%20new%20Microsoft%20Defender%20for%20Cloud%20built-in%20vulnerability%20assessment%20solution%2C%20you%20can%20manage%20the%20deployment%20of%20the%20agent%20and%20the%20visualization%20of%20the%20results%20from%20a%20single%20dashboard.%20You%20can%20learn%20more%20about%20this%20integration%20and%20how%20it%20works%20by%20reading%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fbuilt-in-vulnerability-assessment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%2C%20and%20watch%20a%20quick%20demo%20available%20%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fposts%2Fyuridiogenes_azure-security-cspm-activity-6597975404743585792-cWj7%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EThe%20vulnerability%20assessment%20results%20that%20appear%20in%20the%20Microsoft%20Defender%20for%20Cloud%20dashboard%2C%20will%20look%20like%20this%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Fig1.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F175538i94B6A0D8F3627F4A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fig1.JPG%22%20alt%3D%22Fig1.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhile%20this%20visualization%20is%20very%20helpful%20and%20dynamic%2C%20one%20question%20that%20comes%20up%20very%20often%20is%3A%20%3CEM%3Ehow%20can%20I%20export%20this%20assessment%20to%20a%20CSV%20file%3F%3C%2FEM%3E%20The%20answer%20is%3A%20you%20can%20do%20that%20using%20Azure%20Resource%20Graph%20(ARG)!%20Follow%20the%20steps%20below%20to%20perform%20this%20task%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20In%20the%20Azure%20Portal%2C%20go%20to%20Resource%20Graph%20Explorer%20as%20shown%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Fig1_1.JPG%22%20style%3D%22width%3A%20633px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F175539iC3A7D0B2D16BE994%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fig1_1.JPG%22%20alt%3D%22Fig1_1.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20Type%20the%20query%20below%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3ENote%3A%3C%2FSTRONG%3E%20this%20query%20below%20was%20changed%20on%208%2F28%2F2020%20to%20reflect%20the%20changes%20made%20in%20the%20recommendation%20name.%20Thanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F774521%22%20target%3D%22_blank%22%3E%40DavidTex%3C%2FA%3E%26nbsp%3Bfor%20calling%20this%20out%20in%20the%20comment%20section.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20style%3D%22color%3A%20%23000000%3B%20background-color%3A%20%23fffffe%3B%20font-family%3A%20Consolas%2C%20'Courier%20New'%2C%20monospace%3B%20font-weight%3A%20normal%3B%20font-size%3A%2014px%3B%20line-height%3A%2019px%3B%20white-space%3A%20pre%3B%22%3E%0A%3CDIV%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3Esecurityresources%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ewhere%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22microsoft.security%2Fassessments%22%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ewhere%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B*%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Econtains%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22vulnerabilities%26nbsp%3Bin%20your%26nbsp%3Bvirtual%26nbsp%3Bmachines%22%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Esummarize%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eby%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3BassessmentKey%3Dname%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23008000%3B%22%3E%2F%2Fthe%26nbsp%3BID%26nbsp%3Bof%26nbsp%3Bthe%26nbsp%3Bassessment%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ejoin%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3Bkind%3Dinner%26nbsp%3B(%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bsecurityresources%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ewhere%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22microsoft.security%2Fassessments%2Fsubassessments%22%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eextend%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3BassessmentKey%26nbsp%3B%3D%26nbsp%3Bextract(%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22.*assessments%2F(.%2B%3F)%2F.*%22%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%2C%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%2309885a%3B%22%3E1%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%2C%26nbsp%3B%26nbsp%3Bid)%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eon%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3BassessmentKey%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eproject%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3BassessmentKey%2C%26nbsp%3BsubassessmentKey%3Dname%2C%26nbsp%3Bid%2C%26nbsp%3Bparse_json(properties)%2C%26nbsp%3BresourceGroup%2C%26nbsp%3BsubscriptionId%2C%26nbsp%3BtenantId%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eextend%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3Bdescription%26nbsp%3B%3D%26nbsp%3Bproperties.description%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BdisplayName%26nbsp%3B%3D%26nbsp%3Bproperties.displayName%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceId%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.id%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceSource%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.source%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcategory%26nbsp%3B%3D%26nbsp%3Bproperties.category%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bseverity%26nbsp%3B%3D%26nbsp%3Bproperties.status.severity%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcode%26nbsp%3B%3D%26nbsp%3Bproperties.status.code%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BtimeGenerated%26nbsp%3B%3D%26nbsp%3Bproperties.timeGenerated%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bremediation%26nbsp%3B%3D%26nbsp%3Bproperties.remediation%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bimpact%26nbsp%3B%3D%26nbsp%3Bproperties.impact%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BvulnId%26nbsp%3B%3D%26nbsp%3Bproperties.id%2C%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BadditionalData%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CP%3E3.%20Click%20%3CI%3ERun%20Query%3C%2FI%3E%20button%20and%20you%20will%20see%20the%20result%2C%20similar%20to%20figure%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Fig2.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F175540i99CDACFAD6D38B3F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fig2.JPG%22%20alt%3D%22Fig2.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E4.%20Click%20%3CI%3EDownload%20as%20CSV%3C%2FI%3E%20button.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20that%20you%20downloaded%20the%20CSV%2C%20you%20can%20open%20it%20and%20consume%20the%20data%20generated%20by%20the%20assessment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3254758%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Microsoft%20Defender%20for%20Cloud%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3254758%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3E%26nbsp%3Bfor%20sharing%20this%20information.%20Updated%20script%20with%20a%20minor%20change%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3Esecurityresources%0A%20%7C%20where%20type%20%3D%3D%20%22microsoft.security%2Fassessments%22%0A%20%7C%20where%20*%20contains%20%22Machines%20should%20have%20vulnerability%20findings%20resolved%22%0A%20%7C%20summarize%20by%20assessmentKey%3Dname%20%2F%2Fthe%20ID%20of%20the%20assessment%0A%20%7C%20join%20kind%3Dinner%20(%0A%20%20%20%20securityresources%0A%20%20%20%20%20%7C%20where%20type%20%3D%3D%20%22microsoft.security%2Fassessments%2Fsubassessments%22%0A%20%20%20%20%20%7C%20extend%20assessmentKey%20%3D%20extract(%22.*assessments%2F(.%2B%3F)%2F.*%22%2C1%2C%20%20id)%0A%20)%20on%20assessmentKey%0A%7C%20project%20assessmentKey%2C%20subassessmentKey%3Dname%2C%20id%2C%20parse_json(properties)%2C%20resourceGroup%2C%20subscriptionId%2C%20tenantId%0A%7C%20extend%20description%20%3D%20properties.description%2C%0A%20%20%20%20%20%20%20%20%20displayName%20%3D%20properties.displayName%2C%0A%20%20%20%20%20%20%20%20%20resourceId%20%3D%20properties.resourceDetails.id%2C%0A%20%20%20%20%20%20%20%20%20resourceSource%20%3D%20properties.resourceDetails.source%2C%0A%20%20%20%20%20%20%20%20%20category%20%3D%20properties.category%2C%0A%20%20%20%20%20%20%20%20%20severity%20%3D%20properties.status.severity%2C%0A%20%20%20%20%20%20%20%20%20code%20%3D%20properties.status.code%2C%0A%20%20%20%20%20%20%20%20%20timeGenerated%20%3D%20properties.timeGenerated%2C%0A%20%20%20%20%20%20%20%20%20remediation%20%3D%20properties.remediation%2C%0A%20%20%20%20%20%20%20%20%20impact%20%3D%20properties.impact%2C%0A%20%20%20%20%20%20%20%20%20vulnId%20%3D%20properties.id%2C%0A%20%20%20%20%20%20%20%20%20additionalData%20%3D%20properties.additionalData%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3222042%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Microsoft%20Defender%20for%20Cloud%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3222042%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F914341%22%20target%3D%22_blank%22%3E%40rkelly141%3C%2FA%3E%26nbsp%3B%26nbsp%3B%20I%20have%20implemented%20the%20solution%20to%20pull%20the%20results%20of%20this%20query%20via%20function%20app%20into%20a%20SQL%20server%20and%20then%20pulled%20the%20same%20into%20Power%20BI.%20In%20that%20way%20I%20can%20assign%20vulnerabilities%20to%20image%20onwers%20by%20further%20adding%20the%20correlation%20in%20my%20SQL%20Server%20by%20creatin%20views.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3092033%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Microsoft%20Defender%20for%20Cloud%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3092033%22%20slang%3D%22en-US%22%3E%3CP%3EBased%20on%20our%20observation%2C%20the%20integrated%20Qualys%20Scanner%20is%20also%20detecting%20vulnerabilities%20of%20nonRunning%20Kernels%20on%20Linux.%20With%20the%20standalone%20license%20of%20Qualys%20such%20vulnerabilities%20can%20be%20easily%20filtered%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2Farticle%2F000001878%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EExclude%20or%20display%20vulnerabilities%20for%20non-running%20Linux%20kernels%20(qualys.com)%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20if%20this%20detail%20(a%20specific%20vulnerability%20was%20found%20on%20the%20running%20or%20nonRunning%20kernel)%20is%20also%20exposed%20via%20resource%20graph%3F%20Or%20any%20other%20API%20of%20Defender%20for%20Cloud%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2917276%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Microsoft%20Defender%20for%20Cloud%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2917276%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20evening%20all%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20been%20thinking%20about%20this%20a%20lot%20as%20the%20scan%20and%20results%20are%20only%20current%20and%20no%20history.%3CBR%20%2F%3E%3CBR%20%2F%3Ei%20was%20thinking%202%20solutions%20the%20first%20is%20a%20runbook%20running%20PowerShell%20to%20query%20the%20azure%20resource%20explorer%20and%20save%20this%20to%20a%20CSV%20once%20a%20week%20to%20a%20storage%20account%20(more%20or%20less%20frequent%20depending%20on%20your%20compliance%20levels)%3CBR%20%2F%3E%3CBR%20%2F%3Ethe%20other%20way%20is%20very%20similar%20but%20the%20output%20is%20streamed%20to%20log%20analytics%20this%20way%20you%20can%20create%20alerts%2C%20dashboards%20and%20some%20history%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2910159%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2910159%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20day%2C%3C%2FP%3E%3CP%3EThanks%20for%20the%20great%20post.%20Got%20a%20quick%20question%2Frequest%3C%2FP%3E%3CP%3Ehow%20can%20we%20find%20where%20the%20vulnerability%20was%20detected%3F%20there%20are%20times%20where%20although%20a%20fix%20has%20been%20applied%2C%20Qualys%20still%20report%20the%20asset%20as%20vulnerable.%20In%20these%20scenarios%20you%20have%20to%20see%20where%20the%20vulnerability%20was%20detected%20%22registry%2C%20user%20profile%2C%20file%20path%20to%20a%20vulnerable%20installer%2C....%22%20this%20information%20is%20missing%20both%20in%20the%20portal%20and%20in%20the%20KQL%20query%20here.%3C%2FP%3E%3CP%3EThanks%20a%20lot%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2897306%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2897306%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20evening%20all%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20playing%20with%20this%20at%20the%20moment%20in%20preparation%20for%20my%20AZ-500%20exam%2C%20but%20thinking%20of%20real%20world%20scenario%20for%20work%2C%20after%20remediating%20initial%20findings%20is%20there%20a%20way%20to%20create%20an%20alert%20for%20when%20a%20new%20vulnerability%20is%20found%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eor%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20weekly%20report%20that%20is%20emailed%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2826732%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2826732%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anyone%20know%20if%20(produced%20but%20not%20supported%20by%20Microsoft)%20free%20AzTS%20toolset%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fazsk%2FAzTS-docs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fazsk%2FAzTS-docs%3C%2FA%3E%20supports%20Vulnerability%20data%20extraction%3F%20It%20is%20not%20clear%20from%20the%20PowerBI%20reports%20document%20-%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fazsk%2FAzTS-docs%2Ftree%2Fmain%2F02-Monitoring%2520security%2520using%2520AzTS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fazsk%2FAzTS-docs%2Ftree%2Fmain%2F02-Monitoring%2520security%2520using%2520AzTS%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2826618%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2826618%22%20slang%3D%22en-US%22%3E%3CP%3EI%20tried%26nbsp%3B%20to%20use%20logic%20app%20but%20the%20JSON%20parser%20could%20not%20work%20as%20data%20has%20multiple%20array%20and%20size%20limit.%20Then%20I%20used%20azure%20function%20to%20pull%20the%20KQL%20and%20add%20into%20SQL%20server.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20running%20automation%20via%20using%20the%20logic%20app%20and%20calling%26nbsp%3B%20my%20Function%20APP%20but%20the%20same%26nbsp%3B%20is%20failing%20with%20exception%20Have%20you%20tried%20automating%20this%20via%20any%20means%3F%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3EYuri%20Diogenes%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2618921%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2618921%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1085641%22%20target%3D%22_blank%22%3E%40hnakada%3C%2FA%3E%26nbsp%3B%20just%20use%20a%20Logic%20App%20to%20schedule%20by%20time%20trigger%20and%20connect%20it%20for%20example%20with%20O365%20to%20send%20email%20(or%20if%20you%20have%20any%20SMTP)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2618261%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2618261%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20all%2C%3C%2FP%3E%0A%3CP%3EThis%20report%20is%20excellent%20and%20really%20I%20love%20it.%20Is%20it%20possible%20to%20schedule%20and%20notify%20external%20via%20email%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2528776%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2528776%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F906670%22%20target%3D%22_blank%22%3E%40dgaribaldi%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20don%E2%80%99t%20keep%20old%20values%20unfortunately.%20The%20data%20we%20present%20is%20always%20up%20to%20date%20per%20machine-%20And%20the%20TimeGenerated%20field%20present%20the%20scan%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2523809%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2523809%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20trying%20to%20create%20a%20csv%20report%20for%20Vulnerability%20Assessment%20Results%20in%20Security%20Center%20using%20Qualys.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20noticed%20that%20there%20is%20a%20%22TIMEGENERATED%22%20property%20which%20I%20mapped%20to%20a%20corresponding%20column%20called%20%22lastDetected%22.%3C%2FP%3E%3CP%3EIs%20there%20a%20mapping%20available%20that%20I%20can%20use%20to%20populate%20a%20%22firstDetected%22%20dated%20on%20a%20VM%20with%20the%20vulnerability%3F%3C%2FP%3E%3CP%3EThe%20goal%20is%20to%20capture%20the%20aging%20of%20a%20vulnerability%20for%20risk%20prioritization.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2279075%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2279075%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F879232%22%20target%3D%22_blank%22%3E%40scarabeetle%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%40%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F883261%22%20target%3D%22_blank%22%3E%40Ravindiran_Prabakaran%3C%2FA%3E%26nbsp%3BThis%20works%20for%20me%3A%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EPublishedTime%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData.publishedTime%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2252992%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252992%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20use%20%22%3CSTRONG%3EVulnerabilities%20in%20security%20configuration%20on%20your%20machines%20should%20be%20remediated%22%20with%20kusto%20query%20give%20in%20this%20page%20not%20getting%20result.Could%20someone%20help%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIn%20addition%20is%20it%20possible%20to%20generate%20report%20no%20of%20vulnerabilities%20count%20for%20each%20vm%3F%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2033656%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2033656%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20how%20can%20we%20properly%20alert%20on%20these%20events%20%2F%20vulnerabilities%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUse%20case%3A%20we%20want%20to%20be%20notified%20when%20a%20high%20severity%20or%20a%20vulnerability%20is%20patchable%20and%20with%20a%20high%20score.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1935338%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1935338%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-message-body-wrapper%20lia-component-message-view-widget-body%22%3E%3CDIV%20class%3D%22lia-message-body%22%3E%3CDIV%20class%3D%22lia-message-body-content%22%3E%3CP%3EHi%2C%20Does%20anyone%20have%20an%20updated%20query%20which%20includes%20the%20Published%20Time%3F%26nbsp%3B%20If%20so%2C%20can%20you%20please%20share%20the%20same.%3C%2FP%3E%3CP%3EThank%20You.%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1924995%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1924995%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20query%20is%20fantastic%2C%20but%20when%20I%20try%20to%20add%20another%20json%20parse%20line%20for%20%22Published%20%3D%20properties.publishedTime%22%2C%20it%20comes%20back%20NULL.%26nbsp%3B%20Anyone%20know%20why%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1893952%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1893952%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20first%20time%20I've%20come%20across%26nbsp%3B%3CSPAN%3EAzure%20Resource%20Graph%20so%20not%20familiar%20with%20it%20at%20all%20yet.%20Just%20wondered%20if%20someone%20could%20advise%20on%20what%20script%20would%20enable%20me%20to%20export%20as%20a%20CSV%20all%20vulnerabilities%20reported%20in%20this%20section%20of%20Security%20Center%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ERemediate%20Security%20Configurations%20%26gt%3B%20Vulnerabilities%20in%20security%20configuration%20on%20your%20machines%20should%20be%20remediated%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIdeally%2C%20by%20the%20list%20being%20ordered%20first%20by%20CCeId%20and%20all%20VMs%20pertaining%20to%20that%20being%20listed%20underneath%20that%20CCeId.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22security%20center.png%22%20style%3D%22width%3A%20359px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F234045iBDE6346D42ADC429%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22security%20center.png%22%20alt%3D%22security%20center.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1737731%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1737731%22%20slang%3D%22en-US%22%3E%3CP%3EAll%20sorted...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3Esecurityresources%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22microsoft.security%2Fassessments%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B*%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Econtains%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22Vulnerabilities%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Esummarize%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eby%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%3Dname%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%2F%2Fthe%26nbsp%3BID%26nbsp%3Bof%26nbsp%3Bthe%26nbsp%3Bassessment%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ejoin%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bkind%3Dinner%26nbsp%3B(%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bsecurityresources%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22microsoft.security%2Fassessments%2Fsubassessments%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%26nbsp%3B%3D%26nbsp%3Bextract(%3C%2FSPAN%3E%3CSPAN%3E%22.*assessments%2F(.%2B%3F)%2F.*%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E1%3C%2FSPAN%3E%3CSPAN%3E%2C%26nbsp%3B%26nbsp%3Bid)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eon%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bsplit(id%2C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22%2F%22%3C%2FSPAN%3E%3CSPAN%3E)%5B%3C%2FSPAN%3E%3CSPAN%3E7%3C%2FSPAN%3E%3CSPAN%3E%5D%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22virtualMachines%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eproject%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%2C%26nbsp%3Bvmname%26nbsp%3B%3D%26nbsp%3Bsplit(id%2C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22%2F%22%3C%2FSPAN%3E%3CSPAN%3E)%5B%3C%2FSPAN%3E%3CSPAN%3E8%3C%2FSPAN%3E%3CSPAN%3E%5D%2C%26nbsp%3BsubassessmentKey%3Dname%2C%26nbsp%3Bid%2C%26nbsp%3Bparse_json(properties)%2C%26nbsp%3BresourceGroup%2C%26nbsp%3BsubscriptionId%2C%26nbsp%3BtenantId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bdescription%26nbsp%3B%3D%26nbsp%3Bproperties.description%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BdisplayName%26nbsp%3B%3D%26nbsp%3Bproperties.displayName%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceId%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.id%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceSource%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.source%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcategory%26nbsp%3B%3D%26nbsp%3Bproperties.category%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bseverity%26nbsp%3B%3D%26nbsp%3Bproperties.status.severity%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcode%26nbsp%3B%3D%26nbsp%3Bproperties.status.code%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BtimeGenerated%26nbsp%3B%3D%26nbsp%3Bproperties.timeGenerated%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bremediation%26nbsp%3B%3D%26nbsp%3Bproperties.remediation%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bimpact%26nbsp%3B%3D%26nbsp%3Bproperties.impact%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BvulnId%26nbsp%3B%3D%26nbsp%3Bproperties.id%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BadditionalData%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1737620%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1737620%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%20folks%2C%3C%2FP%3E%3CP%3Ehope%20everyone%20is%20keeping%20safe%20n'%20well!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20new%20to%20Kusto%2C%20so%20jumping%20in%20deep%20end%20and%20trying%20to%20merge%20the%20Virtual%20Machine%20hostname%20in%20as%20an%20additional%20column.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20I%20need%20to%20call%20on%20microsoft.compute%2Fvirtualmachines%2C%20but%20not%20having%20much%20luck.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20ya'll.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1720656%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1720656%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F811276%22%20target%3D%22_blank%22%3E%40ChrisSommers%3C%2FA%3E%26nbsp%3B%20you%20need%20to%20run%20this%20at%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EAzure%26nbsp%3BResource%20Graph%20query%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Elevel%20and%20not%20at%20the%20Azure%20Log%20Analytics%20Level.%3CBR%20%2F%3EThere%20is%20no%20schema%20for%20this%20at%20the%20Azure%20Log%20Analytics%2C%20I%20understand%20that%20they%20both%20use%20KQL%20and%20might%20be%20a%20bit%20confusing%26nbsp%3B%E2%80%8C%E2%80%8C%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22DavidTex_0-1601304816056.gif%22%20style%3D%22width%3A%2021px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F222583i124D4C287F670BF0%2Fimage-dimensions%2F21x21%3Fv%3Dv2%22%20width%3D%2221%22%20height%3D%2221%22%20role%3D%22button%22%20title%3D%22DavidTex_0-1601304816056.gif%22%20alt%3D%22DavidTex_0-1601304816056.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20go%20to%26nbsp%3B%3CSTRONG%3EAzure%20Resource%20Graph%20Explorer%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eyou%20will%20see%20on%20your%20left%20side%20the%20schema%2C%20and%20you%20will%20find%20the%26nbsp%3B%3CSTRONG%3Esecurityresources%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Etable.%3C%2FP%3E%3CP%3EMore%20info%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fresource-graph%2Ffirst-query-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fresource-graph%2Ffirst-query-portal%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1719819%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1719819%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F811276%22%20target%3D%22_blank%22%3E%40ChrisSommers%3C%2FA%3E%26nbsp%3B%26nbsp%3Byou%20need%20to%20run%20this%20at%20the%20%3CSTRONG%3EAzure%26nbsp%3BResource%20Graph%20query%3C%2FSTRONG%3E%20level%20and%20not%20at%20the%20Azure%20Log%20Analytics%20Level.%3CBR%20%2F%3EThere%20is%20no%20schema%20for%20this%20at%20the%20Azure%20Log%20Analytics%2C%20I%20understand%20that%20they%20both%20use%20KQL%20and%20might%20be%20a%20bit%20confusing%26nbsp%3B%E2%80%8C%E2%80%8C%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20go%20to%26nbsp%3B%3CSTRONG%3EAzure%20Resource%20Graph%20Explorer%3C%2FSTRONG%3E%20you%20will%20see%20on%20your%20left%20side%20the%20schema%2C%20and%20you%20will%20find%20the%26nbsp%3B%3CSTRONG%3Esecurityresources%3C%2FSTRONG%3E%20table.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1718679%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1718679%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20enabled%20Qualys%20on%20a%20VM%20and%20the%20extension%20is%20showing%20as%20good.%20I've%20waited%20a%20few%20days%20but%20note%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-The%20blade%20mentioned%20here%20does%20not%20show%20anything%20for%20the%20VM%20(or%20anything%20at%20all%20because%20I've%20only%20enabled%201%20VM%20so%20far)%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fremediate-vulnerability-findings-vm%23view-findings-from-the-scans-of-your-virtual-machines%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fremediate-vulnerability-findings-vm%23view-findings-from-the-scans-of-your-virtual-machines%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-When%20trying%20to%20use%20the%20code%20above%2C%20it%20turns%20out%20that%20the%20Workspace%20does%20not%20have%20a%20table%20called%20'securityresources'.%20I've%20verified%20that%20the%20VM%20is%20connected%20to%20the%20Workspace.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1689838%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1689838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3E%26nbsp%3BThanks%20will%20do%20!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1678205%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1678205%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F454776%22%20target%3D%22_blank%22%3E%40fergo747%3C%2FA%3E%26nbsp%3Bthis%20feature%20is%20not%20available%2C%20make%20sure%20to%20add%20your%20feedback%20here.%20According%20to%20the%20status%20of%20this%20request%2C%20this%20integration%20is%20planned%2C%20but%20not%20available%20yet%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F915958-azure-governance%2Fsuggestions%2F36072472-visualize-resource-graph-in-powerbi%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ffeedback.azure.com%2Fforums%2F915958-azure-governance%2Fsuggestions%2F36072472-visualize-resource-graph-in-powerbi%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1676258%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1676258%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20resource%20graph%20be%20integrated%20directly%20into%20PowerBI%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20you%20can%20do%20this%20directly%20from%20Azure%20Monitor.%20But%20would%20be%20awesome%20to%20do%20this%20directly%20from%20resource%20graph%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1618484%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1618484%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F774521%22%20target%3D%22_blank%22%3E%40DavidTex%3C%2FA%3E%26nbsp%3B-%20that's%20absolutely%20correct.%20The%20recommendation%20was%20updated%20recently%20and%20your%20change%20reflects%20the%20latest%20name%20for%20the%20recommendation.%20Thanks%20for%20contributing%2C%20I%20will%20make%20sure%20to%20add%20a%20note%20and%20give%20you%20credits%20to%20call%20this%20out.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1618473%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1618473%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3E.%3CBR%20%2F%3E1st%20of%20all%2C%20thank%20you%20for%20your%20contribution%2C%20it%20was%20highly%20appreciated.%3CBR%20%2F%3ERegarding%20the%20script%2C%20in%20my%20case%2C%20i%20think%20Microsoft%20updated%20recently%20the%20display%20name%2C%20so%20searching%20on%20the%20strings%20will%20return%20nothing.%3CBR%20%2F%3EHere%20is%20the%20script%20updated%20for%20less%20watchful%20people%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3Esecurityresources%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22microsoft.security%2Fassessments%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B*%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Econtains%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%22Vulnerabilities%26nbsp%3Bin%26nbsp%3Byour%26nbsp%3Bvirtual%26nbsp%3Bmachines%22%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Esummarize%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eby%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%3Dname%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%2F%2Fthe%26nbsp%3BID%26nbsp%3Bof%26nbsp%3Bthe%26nbsp%3Bassessment%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ejoin%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bkind%3Dinner%26nbsp%3B(%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bsecurityresources%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Btype%26nbsp%3B%3D%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22microsoft.security%2Fassessments%2Fsubassessments%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%26nbsp%3B%3D%26nbsp%3Bextract(%3C%2FSPAN%3E%3CSPAN%3E%22.*assessments%2F(.%2B%3F)%2F.*%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E1%3C%2FSPAN%3E%3CSPAN%3E%2C%26nbsp%3B%26nbsp%3Bid)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eon%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eproject%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BassessmentKey%2C%26nbsp%3BsubassessmentKey%3Dname%2C%26nbsp%3Bid%2C%26nbsp%3Bparse_json(properties)%2C%26nbsp%3BresourceGroup%2C%26nbsp%3BsubscriptionId%2C%26nbsp%3BtenantId%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bdescription%26nbsp%3B%3D%26nbsp%3Bproperties.description%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BdisplayName%26nbsp%3B%3D%26nbsp%3Bproperties.displayName%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceId%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.id%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BresourceSource%26nbsp%3B%3D%26nbsp%3Bproperties.resourceDetails.source%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcategory%26nbsp%3B%3D%26nbsp%3Bproperties.category%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bseverity%26nbsp%3B%3D%26nbsp%3Bproperties.status.severity%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bcode%26nbsp%3B%3D%26nbsp%3Bproperties.status.code%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BtimeGenerated%26nbsp%3B%3D%26nbsp%3Bproperties.timeGenerated%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bremediation%26nbsp%3B%3D%26nbsp%3Bproperties.remediation%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bimpact%26nbsp%3B%3D%26nbsp%3Bproperties.impact%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BvulnId%26nbsp%3B%3D%26nbsp%3Bproperties.id%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BadditionalData%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1551265%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1551265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3E%26nbsp%3Bcan%20you%20write%20a%20query%20that%20can%20pull%20the%20private%20IP%2C%20hostname%2C%20CVE%20number%2C%20CVSS%20score%2C%20and%20date%20identified%20that%20I%20can%20paste%20into%20ARG%3F%26nbsp%3B%20My%20Kusto%20skills%20are%20very%20elementary%20and%20I'm%20struggling%20to%20write%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1539616%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1539616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F283216%22%20target%3D%22_blank%22%3E%40Sergg%3C%2FA%3E%26nbsp%3Bfor%20the%20example%20I%20gave%2C%20you%20just%20need%20to%20copy%20the%20statements%20from%20my%20previous%20reply%2C%20and%20paste%20in%20the%20%3CEM%3Eextend%3C%2FEM%3E%20section%20of%20the%20original%20query%20(can%20be%20under%26nbsp%3B%3CSPAN%3E%3CEM%3EadditionalData%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData%3C%2FEM%3E).%20Regarding%20the%20link%20you%20send%2C%20it%20should%20work%20too.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1538858%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538858%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3Emy%20Kusto%20skills%20are%20not%20enough%20to%20create%20query%20wit%20Join%20statements.%20Do%20you%20think%20it%20is%20possible%20to%20expand%20the%20query%20with%20machine%20IP%20(internal%20and%20external)%20I%20can%20see%20an%20example%20query%20to%20pull%20all%20machines%20with%20external%20IP%20addresses%20here%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fresource-graph%2Fsamples%2Fadvanced%3Ftabs%3Dazure-cli%23join-vmpip%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fresource-graph%2Fsamples%2Fadvanced%3Ftabs%3Dazure-cli%23join-vmpip%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1512212%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1512212%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F723657%22%20target%3D%22_blank%22%3E%40cdeeter%3C%2FA%3E%26nbsp%3Byou%20can%20add%20these%20to%20the%20extended%20section%20of%20the%20query%20to%20see%20the%20cvss%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3BcvssList%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData.cvss%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3BcveArray%26nbsp%3B%3D%26nbsp%3Bproperties.additionalData.cve%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1511835%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1511835%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anyone%20have%20an%20updated%20query%20which%20includes%20the%20CVE%20numbers%20and%20the%20CVSS%20score%3F%26nbsp%3B%20If%20so%2C%20would%20you%20mind%20sharing%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353086%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353086%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F163928%22%20target%3D%22_blank%22%3E%40Paul%20Johnson%3C%2FA%3E%20-%20appreciate%20the%20feedback%20and%20I'm%20glad%20you%20liked.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353071%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353071%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20much%20Yuri!%26nbsp%3B%3CBR%20%2F%3EI%20enjoyed%20your%20presentation%20yesterday...%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353063%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353063%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F163928%22%20target%3D%22_blank%22%3E%40Paul%20Johnson%3C%2FA%3E%20%2C%20please%20read%20the%20section%20%22working%20with%20large%20dataset%22%20in%20the%20article%20below%20and%20see%20if%20it%20helps%20you%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.codeisahighway.com%2Fhow-azure-resource-graph-is-gonna-change-the-way-you-search-and-script%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Fwww.codeisahighway.com%2Fhow-azure-resource-graph-is-gonna-change-the-way-you-search-and-script%2F%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353043%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353043%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20run%20the%20query%2C%20I%20only%20see%20the%20first%201000%20results%20out%20of%20%26gt%3B3500.%3CBR%20%2F%3EDo%20you%20have%20suggestions%20for%20the%20most%20effective%20way%20to%20partition%20the%20query%20so%20I%20can%20download%20all%20of%20the%20results%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1344366%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1344366%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F640037%22%20target%3D%22_blank%22%3E%40KamalDhingra%3C%2FA%3E%26nbsp%3B%2C%20no%20there%20is%20nothing%20to%20modify.%20Maybe%20when%20you%20copy%20and%20paste%20there%20are%20some%20extra%20spaces%3F%20I%20tested%20in%20many%20environments%20and%20it%20works%20as%20is.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1344306%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Vulnerability%20Assessment%20Results%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1344306%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20run%20this%20script%20in%20Azure%20Resource%20Graph%20but%20not%20getting%20any%20results.%20Is%20this%20to%20be%20modified%20anywhere%20before%20using%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Oct 24 2021 04:09 AM
Updated by: