Forum Discussion

deb0093's avatar
deb0093
Copper Contributor
Jun 21, 2021
Solved

KQL query for vnet peering count and storage public Access

Hi Team,

 

I am looking to get the count of Vnet peering from specific subscriptions and storage container public access through KQL, Can someone please help me.

 

Regards

Dev

azure monitor
  • pazdedav's avatar
    pazdedav
    Jun 29, 2021

    deb0093 

     

    Are you trying to get peering names or IDs of VNets the virtual networks you have access to are peered with? Or both?

     

    Try this query, it should give you both properties and only list VNets that have some peering relationship:

     

    resources
    where type =~ 'microsoft.network/virtualNetworks'
    | mv-expand peering=properties.virtualNetworkPeerings
    where notempty(peering)
    project vnetId = id, vnetName = name, peeringName=tostring(peering.name), peeredVnetId=tostring(peering.properties.remoteVirtualNetwork.id)

10 Replies

  • pazdedav's avatar
    pazdedav
    MVP
    Jun 22, 2021

    Hi deb0093 ,

     

    For network peering you could try something like:

    resources
    where type =~ 'microsoft.network/virtualNetworks'
    | mv-expand peering=properties.virtualNetworkPeerings
    where peering.properties.remoteVirtualNetwork.id contains  "/subscriptions/xxx-xxx-xxxx-xxxx"
     
    For blobs with public access:
    Resources
    where type =~ 'microsoft.storage/storageaccounts'
    where properties.allowBlobPublicAccess == true 
     
    • deb0093's avatar
      deb0093
      Copper Contributor
      Jun 24, 2021

      pazdedav ,

       

      resources
      where type =~ 'microsoft.network/virtualNetworks'
      | mv-expand peering=properties.virtualNetworkPeerings
      where peering.properties.remoteVirtualNetwork.id contains  "/subscriptions/xxx-xxx-xxxx-xxxx", Hope the "xxx-xxx-xxxx-xxxx" meant here as tenant id?

      If I set my powershell to query 
      $subscription = Get-AzSubscription -TenantId "Teanant-id" | where-object{$_.Name -like '*-required subscriptionname-*'}
      $subscription | Set-AzContext

      And after that If I run the Search-AzGraph queries from powershell, will that work for specific subscriptions as a set above?
      • pazdedav's avatar
        pazdedav
        MVP
        Jun 24, 2021

        Hi deb0093,

         

        Actually, the xxx-xxx-xxx-xxx string is a placeholder for a subscription ID (not a tenant ID). You said you wanted to query all VNET peerings coming from a particular subscription. You simply provide a subscription ID directly in the KQL query (if it's static).

         

        The easiest way to test it is by using Azure Resource Graph Explorer directly in the Portal, where you select 1-n subscriptions from the drop-down as a scope for your query (i.e. subscriptions, where you want to look for peerings) and run the query (after you replace xxx-xxx... string with an actual subID you are interested in).

         

        When you see it's working, you can switch to PowerShell or CLI to get the data programmatically.

         

        I hope this answers your question.

Resources