cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to get maximum scores by control Category?

lvillara
Copper Contributor

‎Jan 26 2020 11:59 AM - last edited on ‎Dec 23 2021 11:13 AM by

‎Jan 26 2020 11:59 AM - last edited on ‎Dec 23 2021 11:13 AM by

How to get maximum scores by control Category?

Hi everyone,

I am starting to use the MS Graph connector from power by and I am trying to reproduce a very simple graph, I can get almost all the data except the maximum score per control category

In the next picture I can obtent 24/502 but for each category I'm able to obtain the score but not the maximum,  for example -> identity (18/223)  I can obten the score 18 but not the maximum 223

 

clipboard_image_0.png

Thanks in advance

Luis

 

 

836 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Deleted
Nayna Sheth (MUTHA)

‎Feb 01 2020 09:39 AM

‎Feb 01 2020 09:39 AM

Solution

Re: How to get maximum scores by control Category?

@lvillara 

Below should help to get the aggregated score per control category
 
 

 The customer should be using:

https://graph.microsoft.com/v1.0/security/secureScores

To get their score

                {

                    "controlCategory": "Data",

                    "controlName": "Enable mailbox auditing for all users",

                    "description": "You should enable mailbox auditing for at least ninety percent of all users that have mailboxes in your tenancy. By default all non-owner access is audited, but you must enable auditing on the mailbox for owner access to also be audited. This will allow you to discover illicit access of Exchange Online activity if a user's account has been breached.",

                    "score": 10,

                    "total": "69",

                    "count": "50"

                },

 

And then they can call:

https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles

To get the max scores per control and group by control category an it should give max socre for that category

        {

            "id": "MailboxAuditingEnabled",

            "azureTenantId": "00000001-0001-0001-0001-000000000001",

            "actionType": "Config",

            "actionUrl": "https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/EnableMailboxAuditing.ps1",

            "controlCategory": "Data",

            "title": "Enable mailbox auditing for all users",

            "deprecated": false,

            "implementationCost": "Low",

            "lastModifiedDateTime": "2019-12-30T15:36:00Z",

            "maxScore": 15,

            "rank": 6,

            "remediation": "Running the PowerShell script linked below will turn on owner activity mailbox auditing for all mailboxes in your service. By default all non-owner access and administrative actions are recorded, but owner actions are not. Enabling mailbox auditing will include owner activity in the audit records, which will in turn enable you to investigate and scope a compromise of that user's account.",

            "remediationImpact": "This change will have no effect on your users.",

            "service": "EXO",

            "threats": [

                "Account Breach"

            ],

0 Likes
Reply
lvillara

‎Feb 06 2020 01:17 PM

‎Feb 06 2020 01:17 PM

Re: How to get maximum scores by control Category?

Thank you very much Nayna Sheth

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Deleted
Nayna Sheth (MUTHA)

‎Feb 01 2020 09:39 AM

‎Feb 01 2020 09:39 AM

Solution

Re: How to get maximum scores by control Category?

@lvillara 

Below should help to get the aggregated score per control category
 
 

 The customer should be using:

https://graph.microsoft.com/v1.0/security/secureScores

To get their score

                {

                    "controlCategory": "Data",

                    "controlName": "Enable mailbox auditing for all users",

                    "description": "You should enable mailbox auditing for at least ninety percent of all users that have mailboxes in your tenancy. By default all non-owner access is audited, but you must enable auditing on the mailbox for owner access to also be audited. This will allow you to discover illicit access of Exchange Online activity if a user's account has been breached.",

                    "score": 10,

                    "total": "69",

                    "count": "50"

                },

 

And then they can call:

https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles

To get the max scores per control and group by control category an it should give max socre for that category

        {

            "id": "MailboxAuditingEnabled",

            "azureTenantId": "00000001-0001-0001-0001-000000000001",

            "actionType": "Config",

            "actionUrl": "https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/EnableMailboxAuditing.ps1",

            "controlCategory": "Data",

            "title": "Enable mailbox auditing for all users",

            "deprecated": false,

            "implementationCost": "Low",

            "lastModifiedDateTime": "2019-12-30T15:36:00Z",

            "maxScore": 15,

            "rank": 6,

            "remediation": "Running the PowerShell script linked below will turn on owner activity mailbox auditing for all mailboxes in your service. By default all non-owner access and administrative actions are recorded, but owner actions are not. Enabling mailbox auditing will include owner activity in the audit records, which will in turn enable you to investigate and scope a compromise of that user's account.",

            "remediationImpact": "This change will have no effect on your users.",

            "service": "EXO",

            "threats": [

                "Account Breach"

            ],

View solution in original post

0 Likes
Reply