Share via

how to get azure vulnerability assessment reports

Irakli Saldadze 0 Reputation points
2024-04-02T07:45:14.45+00:00

Hello friends,

Could you please let me know how to get azure vulnerability assessment reports?

Thank you in advanced

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,562 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emad Adel 16 Reputation points
    2024-04-02T14:41:33.7833333+00:00

    Certainly! To view vulnerability assessment findings and remediate identified vulnerabilities in Azure, you can follow these steps:

    1. View Vulnerability Assessment Findings:
      • From Defender for Cloud's menu, open the Recommendations page.
      • Select the recommendation "Machines should have vulnerability findings resolved".
      • Defender for Cloud will show you all the findings for all VMs in the currently selected subscriptions, ordered by severity.
      • To filter the findings by a specific VM, open the "Affected resources" section and select the VM of interest.
      • You can also select a VM from the resource health view to see all relevant recommendations for that resource.
      • To learn more about a specific vulnerability, select it. The details pane provides extensive information, including links to relevant CVEs, remediation steps, and more.
    2. Export Vulnerability Assessment Results:
      • Use Azure Resource Graph (ARG) to export assessment results to a CSV file:
        1. In the Azure Portal, go to Resource Graph Explorer.
      1. Type the following query: 
               
        securityresources
       
        | where type == "microsoft.security/assessments"
       
        | where * contains "vulnerabilities in your virtual machines"
       
        | summarize by assessmentKey=name
       
        | join kind=inner (
       
            securityresources
       
            | where type == "microsoft.security/assessments/subassessments"
       
            | extend assessmentKey = extract(".*assessments/(.+?)/.*", 1, id)
       
        ) on assessmentKey
       
        | project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
       
        | extend description = properties.description, displayName = properties.displayName, resourceId = properties.resourceDetails.id, resourceSource = properties.resourceDetails.source, category = properties.category, severity = properties.status.severity, code = properties.status.code, timeGenerated = properties.timeGenerated, remediation = properties.remediation, impact = properties.impact, vulnId = properties.id, additionalData = properties.additionalData
      2. Click Run Query and then Download as CSV to access the exported data.
    3 people found this answer helpful.
  2. David Broggy 6,286 Reputation points MVP Volunteer Moderator
    2024-04-02T14:05:07.0833333+00:00

    Hi Irakli,

    Azure is an IASS (infrastructure as a service).

    It also offers SAAS (software as a service) and PASS (platform as a service)

    As such they're responsible for the patching and vulnerability assessments for those services.

    They are not likely to offer up vulnerability assessment reports for these services.

    You can read more about their shared responsibility policies here:

    https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.