Unable to get the secure score in azure portal using kql query

Dharshinika-FT 21 Reputation points
2022-11-02T12:04:20.38+00:00

Hi Team,

I'm unable to get the security score in azure using KQL query.
If I select the time range to be set in query I will get the results.
PFA of screenshot
256340-image.png

If I select the time range is to last 24 hours, I'm not getting any results.
PFA of screenshot.
256412-image.png

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,158 questions
Azure ISV (Independent Software Vendors) and Startups
Azure ISV (Independent Software Vendors) and Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.ISV (Independent Software Vendors) and Startups: A Microsoft program that helps customers adopt Microsoft Cloud solutions and drive user adoption.
110 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AnuragSingh-MSFT 19,266 Reputation points
    2022-11-03T04:43:49.433+00:00

    Hi @Dharshinika-FT ,

    Thank you for posting this question.

    I see that you are using a workbook to get the Security Posture Score trend.

    Based on the details shared above, I see that the selected "Log Analytics Workspace" has data related to security posture score. When you select the option Set in query for Time Range, the time related parameter is set in query itself. For example, the query might be defined with a where clause looking like this --> where TimeGenerated > ago(7d) //Show entries with TimeGenerated from the last 7 days

    The screenshot shows the query's comment as: 256635-image.png

    Therefore, this query seems to be getting the current score with change over past week and past month. It seems that there are no data related to the posture score exported to LogAnalytics workspace over the past 24 hours because of which the result comes empty.

    Hope this helps. In case the explanation above does not help, please share the workbook name (if it is one of the default workbook) OR share the query (if custom query), so that I can take a look.

    Please let me know if you have any questions.

    ---
    Please 'Accept as answer' if it helped so that it can help others in the community looking for help on similar topics.

    0 comments No comments