Share via

Can somebody point me to the correct API to view and export Defender for Servers usage?

Andrew Gattsek 26 Reputation points
2022-10-10T14:19:22.273+00:00

I am looking for a method to view and export Defender for Servers usage information. I understand this based per hour, however, I am looking for a way to automate the export of current usage at a given time.

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,271 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,249 questions
0 comments
Accepted answer
  1. Carlos Villagomez 1,106 Reputation points Microsoft Employee
    2022-10-13T16:45:53.167+00:00

    Hello @Andrew Gattsek ,

    Thank you for the update. I consulted with one of my colleagues that shared the following KQL query using the Log Analytics API that should be able to return the information you need per your request: 

    let start_time=startofday(datetime("2022-10-12"));  
let end_time=endofday(datetime("2022-10-14"));  
Heartbeat  
| where TimeGenerated > start_time and TimeGenerated < end_time  
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, start_time), Computer  
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)  
| summarize total_available_hours=countif(available_per_hour==true) by Computer  
| extend total_number_of_buckets=round((end_time-start_time)/1h)  
| extend availability_rate=total_available_hours*100/total_number_of_buckets

    Please let us know if you have any questions or concerns and we'll be happy to assist you further if needed.

    Thanks!
    Carlos V.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Gattsek 26 Reputation points
    2022-10-13T21:15:08.617+00:00

    @Carlos Villagomez - this was very helpful and accomplished the goal. Thank you very much for your input.

    1 person found this answer helpful.
    0 comments
  2. Andrew Blumhardt 9,831 Reputation points Microsoft Employee
    2022-10-10T14:59:32.35+00:00

    It depends on what you are looking for. Cost data related to MDFC is in the Resource Graph. It has an API and the Resource Graph Explorer (uses KQL). Use this if you are referring to the $15 per server/month bill. You might also consider using the log analytics workspace API. From there you can track the volume of data and system availability. You might find it easier to estimate the cost based on server availability from the workspace. There are more samples and articles around using the Log Analytics API.

    For example, %100 uptime for 30 days = $15.

    https://learn.microsoft.com/en-us/rest/api/azure-resourcegraph/

    0 comments
  3. Andrew Gattsek 26 Reputation points
    2022-10-11T19:12:04.557+00:00

    While this is great, what I was looking for was guidance on creating a KQL query that would query the API and return server utilization / uptime / heartbeat etc.

    0 comments
  4. Andrew Gattsek 26 Reputation points
    2022-10-13T18:16:08.037+00:00

    This is great. A couple of questions:

    1. Does this return total number of hours, concurrent worklaods, etc.
    2. What does the reference to "buckets" refer to?

    Thank you very much. This has been great.