@KIRAN POLUSANI
Thank you for your post!
Unfortunately, the $filter
URI parameter currently isn't supported by the Assessments - List or Sub Assessments - List REST API. However, you should be able to use the $expand=statusEvaluationDates
parameter which will indicate when a resource’s status has recently changed, for example from healthy to unhealthy. For more info.
-The statusChangeDate
field will indicate when a resource’s status has changed.
-The firstEvaluationDate
field shows when a resource has been evaluated for the first time.
GET https://management.azure.com/subscriptions/{{subscriptionId}}/providers/Microsoft.Security/assessments?api-version=2020-01-01&$expand=statusEvaluationDates
You can also leverage the Azure Resource Graph Explorer, and run the following KQL query to show all assessments and their corresponding policy initiatives that have recently changed their assessment status to unhealthy.
securityresources
| where type =~ "microsoft.security/assessments"
| extend assessmentStatusCode = tostring(properties.status.code)
| where assessmentStatusCode =~ "unhealthy"
| extend firstEvaluationDate = todatetime(properties.status.firstEvaluationDate)
| extend statusChangeDate = todatetime(properties.status.statusChangeDate)
| where statusChangeDate > firstEvaluationDate
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.