Si existe un requisito para obtener el informe del análisis de vulnerabilidad de seguridad de una máquina virtual o recurso específico, necesitaremos una consulta personalizada para ello.
securityresources
| where type == "microsoft.security/assessments"
| where
* contains "Vulnerabilities"
|
summarize by assessmentKey=name //the ID of the assessment
| join
kind=inner (
securityresources
| where
type == "microsoft.security/assessments/subassessments"
|
extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id)
) on
assessmentKey
| where
id contains "/resourceid" //mention
resourceid (vm > properties)
| where
split(id, "/")[7] == "virtualMachines"
|
project assessmentKey, vmname = split(id, "/")[8],
subassessmentKey=name, id, parse_json(properties), resourceGroup,
subscriptionId, tenantId
|
extend description = properties.description,displayName =
properties.displayName,
resourceId = properties.resourceDetails.id,
resourceSource
= properties.resourceDetails.source,
category
= properties.category,
severity
= properties.status.severity,
code = properties.status.code,
timeGenerated
= properties.timeGenerated,
remediation
= properties.remediation,
impact
= properties.impact,
vulnId
= properties.id,
additionalData
= properties.additionalData
Esto
proporcionará una respuesta con el informe de análisis de vulnerabilidad de
seguridad de máquinas virtuales específicas y también se puede descargar en
formato csv.
