question

MohammadHasan-6023 avatar image
0 Votes"
MohammadHasan-6023 asked SaurabhSharma-msft edited

How to get Azure Security center recommandations into Sentinel?

In my organization we have Azure security center and Azure Sentinel in same Workspace and they are connected. But need to know how we can list/query all the recommendations of Security center in sentinel.

azure-security-centermicrosoft-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YashMudaliar-2108 avatar image
0 Votes"
YashMudaliar-2108 answered

Hi @MohammadHasan-6023 ,

For exporting all the recommendation (and alerts if you need) from the Security Center to Sentinel, you need to enable 'Continuous Export' from Azure Security Center.
For that, follow the below path:

In Security Center go to Pricing and Settings -> Select your subscription -> Continuous Export -> Select 'Log Analytics Workspace' tab and switch the toggle to 'ON'.
You can select the checkboxes of the items you want to export. Example attached.

If this answer helps you, please accept it as an answer and upvote it.93343-screenshot-2021-05-03-162326.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MohammadHasan-6023 avatar image
0 Votes"
MohammadHasan-6023 answered MohammadHasan-6023 edited

@YashMudaliar-2108 Thanks for the feedback. i have done that. But 'Continuous Export' only does export new recommendations into Sentinel or log analytics workspace.

What is the way to export all the existing Security center recommendations into Sentinel? is there any way to sync?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered SaurabhSharma-msft edited

Hi @mohammadhasan-6023,

This is unfortunately not possible as recommendations are sent whenever a resource's compliance state changes so it will be sent to your Sentinel or Log Analytics workspace before the enablement.

Please refer to the documentation.
Also, please provide this as a feedback at Azure Security Center Uservoice.

Thanks
Saurabh


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.