Need to Pull Azure Defender Scans data periodically via automation

Prerana Prajapat 46 Microsoft Employee

We have AKS platform and have enabled Azure Defender Protection to scan container images. The scans are results from the queries using Azure resource graph query and currently I download via CSV.

Is there a way we can automate the pulling of scan results everyday in some table storage. I need to create Power BI report on the same

Pramod Valavala 20,611 Reputation points Microsoft Employee

2021-08-24T08:47:49.607+00:00

@Prerana Prajapat I hope the Q&A Post linked in James' last comment helps. You could also use the Invoke Resource Operation action for the resource graph query to simplify authentication.
Prerana Prajapat 46 Reputation points Microsoft Employee

2021-08-24T09:17:30.483+00:00

hi @Pramod Valavala Thanks for following up. Yeah I tried using logic apps but he the azure resource graph query works fine in resource graph explorer but fails in the logic app JSON body when copied.
I have tried multiple times the same query but it gives Invalid Parameters error
Prerana Prajapat 46 Reputation points Microsoft Employee

2021-08-26T07:30:23.36+00:00

hi @Pramod Valavala There is no issue with authentication. I need to call Azure Resource Graph Query for automation around pulling the Azure resource graph query output. There is no connector/ existing methodology I could find to solve this

2 answers

JamesTran-MSFT 36,541 Reputation points Microsoft Employee

2021-08-18T22:12:46.51+00:00

@Prerana Prajapat
Thank you for your post!

Based off your issue, I'm assuming that you enabled Azure Defender for container registries. Once the Azure Defender scans are complete, the findings are made available as Security Center recommendations:

Because the scan results can be found using the Sub Assessments - List REST API, you can try to automate getting the results using that. Additionally, you can leverage our Automate responses to Security Center triggers documentation to create a Logic App which can trigger on security alerts, recommendations, and changes to regulatory compliance.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please sign in to rate this answer.
Prerana Prajapat 46 Reputation points Microsoft Employee

2021-08-19T04:26:19.613+00:00

@JamesTran-MSFT Thanks for your response. I appreciate. I am looking forward to get the results by Azure Resource Graph Query results & add the same into storage location to create BI reporting to be able to shared with larger audience and leadership.

Currently the results are shown as download as CSV

The automation workflow which you shared is more on sending alerts to remediate the owners of images. however we look forward to create a centralized repository of these scan results to identify trends and publish the same. to be able to do that we need everyday scan results added in one storage location.

JamesTran-MSFT 36,541 Reputation points Microsoft Employee

2021-08-19T18:18:02.507+00:00

@Prerana Prajapat
Thank you for reaching out internally and posting a follow up on Q&A!

I reached out to our Azure Security Center SMEs, and it looks like your issue would be better handled by our Logic Apps team. I found a similar issue - Azure resource graph connection with Logic apps - Microsoft Q&A, that might help with resolving yours. However, within the post, the solution is to use a SQL DB rather than a Storage Account. But since you're internal, I'd recommend reaching out to our Logic App PG DL for more assistance.

I've also added the "azure-logic-apps" tag so our logic apps community can take a look at your issue as well.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Siva-kumar-selvaraj 15,606 Reputation points

2021-08-31T10:20:30.157+00:00

@Prerana Prajapat

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let me know.

Thank you for your time and patience throughout this issue.

-----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Sign in to comment
Pramod Valavala 20,611 Reputation points Microsoft Employee

2021-09-01T08:42:05.943+00:00

@Prerana Prajapat For the benefit of others coming across this post, you can query the logs by making a request to the Azure Resource Graph Resources API using an HTTP Action from Logic Apps.

Given the nature of the query response, you could transform the JSON into the required format using the inline code action.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Need to Pull Azure Defender Scans data periodically via automation

2 answers