Export Security Center recommendations to log analytics

Prasenna Kannan 436 Reputation points
2020-12-04T06:00:49.07+00:00

Hello,

Sentinel is connect to a log analytics workspace and through data connectors I have connected to Security Center. Security Alerts are getting synchronised in Sentinel and I'm able to query it in SecurityAlert table in LA.

I wanted to bring the Security Center recommendations as well. Using Security Center continuous export settings, I'm able to get the recommendations from Security Center to LA and able to query in SecurityRecommendation table.

However, I can only see the new recommendation in the SecurityRecommendation table not the existing recommendation in Security Center.

My requirement is to see all the recommendation in Security Center in SecurityRecommendation table.

I can see export to csv option in the recommendation blade in Security Center. Is there a chance to export and import to LA SecurityRecommendation table?

Or any other means, I can pull all the existing recommendation to LA table?

Thanks!

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,821 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,202 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
989 questions