Can you please help me make me an analytical rule or query to list all the virtual machines open to public in Azure through kql query.

Rajneesh Kapoor 0 Reputation points
2023-09-27T17:56:43.4133333+00:00

Please Help me make an analytical rule or a query to list all the virtual machines open to public IP address or ports also in Azure through kql query. Or logic apps.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,881 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 26,306 Reputation points
    2023-09-29T05:38:33.52+00:00

    Hello Rajneesh Kapoor

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    This is a sample query for pulling VM name & Public IP Associated:

    Resources
    | where type =~ 'microsoft.compute/virtualmachines'
    | extend nics=array_length(properties.networkProfile.networkInterfaces)
    | mv-expand nic=properties.networkProfile.networkInterfaces
    | where nics == 1 or nic.properties.primary =~ 'true' or isempty(nic)
    | project vmId = id, vmName = name, vmSize=tostring(properties.hardwareProfile.vmSize), nicId = tostring(nic.id)
    | join kind=leftouter (
    	Resources
    	| where type =~ 'microsoft.network/networkinterfaces'
    	| extend ipConfigsCount=array_length(properties.ipConfigurations)
    	| mv-expand ipconfig=properties.ipConfigurations
    	| where ipConfigsCount == 1 or ipconfig.properties.primary =~ 'true'
    	| project nicId = id, publicIpId = tostring(ipconfig.properties.publicIPAddress.id))
    	on nicId
    | project-away nicId1
    | summarize by vmId, vmName, vmSize, nicId, publicIpId
    | join kind=leftouter (
    	Resources
    	| where type =~ 'microsoft.network/publicipaddresses'
    	| project publicIpId = id, publicIpAddress = properties.ipAddress)
    on publicIpId
    | project-away publicIpId1
    

    Ref: https://learn.microsoft.com/en-us/azure/virtual-machines/resource-graph-samples?tabs=azure-cli#list-virtual-machines-with-their-network-interface-and-public-ip

    Note: You can refer the above document and tweak the query based on your requirement.

    Hope this helps.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.