In our last article, we tried to understand Azure Resource Graph queries and use them for particular example scenarios. This part of our article series will cover Secure Score information on subscription levels. There are many different ways to accomplish this aim, but the easiest way to do this is by creating queries with Resource Graph.
Secure Secure information on Subscription level
You can find Secure Score details under the microsoft.security/securescores. Later on, you can get the information that you wanted as a table with every property.
securityresources
| where type == 'microsoft.security/securescores'
| extend percentageScore=properties.score.percentage,
currentScore=properties.score.current,
maxScore=properties.score.max,
weight=properties.weight
| project tenantId, subscriptionId, percentageScore, currentScore, maxScore, weight
Defender for Cloud services on subscription level
You might want to use, or you might be already using the services on Azure Defender for Cloud. Defender for Cloud provides security to your resources in Azure or other cloud platforms with advanced security features and services. It provides services according to the resource model. By using the query below, you can easily earn which services are activated in your subscription level or get the inventory report of your environment.
securityresources
| where type =~ "microsoft.security/pricings"
| join kind=inner (
resourcecontainers
| where type == 'microsoft.resources/subscriptions'
| project subscriptionId, subscriptionName = name)
on subscriptionId
| extend planSet = pack(name, pricingTier = properties.pricingTier)
| summarize defenderPlans = make_bag(planSet) by subscriptionId, subscriptionName
| project subscriptionId, subscriptionName,
AppServices = defenderPlans.AppServices,
Arm = defenderPlans.Arm,
ContainerRegistry = defenderPlans.ContainerRegistry,
Containers = defenderPlans.Containers,
DNS = defenderPlans.Dns,
KeyVaults = defenderPlans.KeyVaults,
KubernetesService = defenderPlans.KubernetesService,
OpenSourceRelationalDatabases = defenderPlans.OpenSourceRelationalDatabases,
StorageAccounts = defenderPlans.StorageAccounts,
SqlServerVirtualMachines = defenderPlans.SqlServerVirtualMachines,
SqlServers = defenderPlans.SqlServers,
VirtualMachines = defenderPlans.VirtualMachines
As you can see from the result above, we got the result of our complex query that we created with KQL very quickly. To improve this example, we can create an Azure Workbook and keep these queries on Azure Workbook to create a Dashboard for our organization.