View security recommendations in Azure Sentinel

Akshay Kotra 16 Reputation points
2023-10-05T16:48:25.1933333+00:00

I am able to see the Security recommendations in Defender how can i view them in Azure sentinel ?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,164 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Clive Watson 6,601 Reputation points MVP
    2023-10-12T13:17:08.6666667+00:00

    I dont think the Sentinel team have agreed to support ARG queries in Incidents yet.

    You could try something like this. Note, most SecurityResource results dont contain a date, so you may not be able to do this for the data you require.

    The use of arg(""). allows you to run an ARG query in a Logs blade.

    arg("").securityresources
    | where type =~ "microsoft.security/assessments"
    | extend statusChangeDate_ = properties.status.statusChangeDate,
             displayName_ =      properties.displayName
    | where statusChangeDate_ > ago(3d) 
    

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.