How to get Azure Security center recommandations into Sentinel?

Question

In my organization we have Azure security center and Azure Sentinel in same Workspace and they are connected. But need to know how we can list/query all the recommendations of Security center in sentinel.

Answer 1

Hi @Mohammad Hasan ,

For exporting all the recommendation (and alerts if you need) from the Security Center to Sentinel, you need to enable 'Continuous Export' from Azure Security Center.
For that, follow the below path:

In Security Center go to Pricing and Settings -> Select your subscription -> Continuous Export -> Select 'Log Analytics Workspace' tab and switch the toggle to 'ON'.
You can select the checkboxes of the items you want to export. Example attached.

If this answer helps you, please accept it as an answer and upvote it.

Answer 2

@Yash Mudaliar Thanks for the feedback. i have done that. But 'Continuous Export' only does export new recommendations into Sentinel or log analytics workspace.

What is the way to export all the existing Security center recommendations into Sentinel? is there any way to sync?

Answer 3

Hi @Mohammad Hasan ,

This is unfortunately not possible as recommendations are sent whenever a resource's compliance state changes so it will be sent to your Sentinel or Log Analytics workspace before the enablement.

Please refer to the documentation.
Also, please provide this as a feedback at Azure Security Center Uservoice.

Thanks
Saurabh

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.