Need to Pull Azure Defender Scans data periodically via automation

Prerana Prajapat 46 Reputation points Microsoft Employee
2021-08-18T06:31:34.053+00:00

We have AKS platform and have enabled Azure Defender Protection to scan container images. The scans are results from the queries using Azure resource graph query and currently I download via CSV.

Is there a way we can automate the pulling of scan results everyday in some table storage. I need to create Power BI report on the same

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,889 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,211 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JamesTran-MSFT 36,476 Reputation points Microsoft Employee
    2021-08-18T22:12:46.51+00:00

    @Prerana Prajapat
    Thank you for your post!

    Based off your issue, I'm assuming that you enabled Azure Defender for container registries. Once the Azure Defender scans are complete, the findings are made available as Security Center recommendations:
    124453-image.png

    Because the scan results can be found using the Sub Assessments - List REST API, you can try to automate getting the results using that. Additionally, you can leverage our Automate responses to Security Center triggers documentation to create a Logic App which can trigger on security alerts, recommendations, and changes to regulatory compliance.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


  2. Pramod Valavala 20,591 Reputation points Microsoft Employee
    2021-09-01T08:42:05.943+00:00

    @Prerana Prajapat For the benefit of others coming across this post, you can query the logs by making a request to the Azure Resource Graph Resources API using an HTTP Action from Logic Apps.

    Given the nature of the query response, you could transform the JSON into the required format using the inline code action.

    0 comments No comments