how to get azure vulnerability assessment reports

Irakli Saldadze 0 Reputation points
2024-04-02T07:45:14.45+00:00

Hello friends,

Could you please let me know how to get azure vulnerability assessment reports?

Thank you in advanced

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,193 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. David Broggy 5,681 Reputation points MVP
    2024-04-02T14:05:07.0833333+00:00

    Hi Irakli,

    Azure is an IASS (infrastructure as a service).

    It also offers SAAS (software as a service) and PASS (platform as a service)

    As such they're responsible for the patching and vulnerability assessments for those services.

    They are not likely to offer up vulnerability assessment reports for these services.

    You can read more about their shared responsibility policies here:

    https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

    0 comments No comments

  2. Emad Adel 1 Reputation point
    2024-04-02T14:41:33.7833333+00:00

    Certainly! To view vulnerability assessment findings and remediate identified vulnerabilities in Azure, you can follow these steps:

    1. View Vulnerability Assessment Findings:
      • From Defender for Cloud's menu, open the Recommendations page.
      • Select the recommendation "Machines should have vulnerability findings resolved".
      • Defender for Cloud will show you all the findings for all VMs in the currently selected subscriptions, ordered by severity.
      • To filter the findings by a specific VM, open the "Affected resources" section and select the VM of interest.
      • You can also select a VM from the resource health view to see all relevant recommendations for that resource.
      • To learn more about a specific vulnerability, select it. The details pane provides extensive information, including links to relevant CVEs, remediation steps, and more.
    2. Export Vulnerability Assessment Results:
      • Use Azure Resource Graph (ARG) to export assessment results to a CSV file:
        1. In the Azure Portal, go to Resource Graph Explorer.
      1. Type the following query:
               
                securityresources
               
                | where type == "microsoft.security/assessments"
               
                | where * contains "vulnerabilities in your virtual machines"
               
                | summarize by assessmentKey=name
               
                | join kind=inner (
               
                    securityresources
               
                    | where type == "microsoft.security/assessments/subassessments"
               
                    | extend assessmentKey = extract(".*assessments/(.+?)/.*", 1, id)
               
                ) on assessmentKey
               
                | project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
               
                | extend description = properties.description, displayName = properties.displayName, resourceId = properties.resourceDetails.id, resourceSource = properties.resourceDetails.source, category = properties.category, severity = properties.status.severity, code = properties.status.code, timeGenerated = properties.timeGenerated, remediation = properties.remediation, impact = properties.impact, vulnId = properties.id, additionalData = properties.additionalData
               
        
      2. Click Run Query and then Download as CSV to access the exported data.