question

PreranaPrajapat-6938 avatar image
0 Votes"
PreranaPrajapat-6938 asked PramodValavala-MSFT answered

Need to Pull Azure Defender Scans data periodically via automation

We have AKS platform and have enabled Azure Defender Protection to scan container images. The scans are results from the queries using Azure resource graph query and currently I download via CSV.

Is there a way we can automate the pulling of scan results everyday in some table storage. I need to create Power BI report on the same

azure-logic-appsazure-security-center
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PreranaPrajapat-6938 I hope the Q&A Post linked in James' last comment helps. You could also use the Invoke Resource Operation action for the resource graph query to simplify authentication.


0 Votes 0 ·

hi @PramodValavala-MSFT Thanks for following up. Yeah I tried using logic apps but he the azure resource graph query works fine in resource graph explorer but fails in the logic app JSON body when copied.
I have tried multiple times the same query but it gives Invalid Parameters error

0 Votes 0 ·

hi @PramodValavala-MSFT There is no issue with authentication. I need to call Azure Resource Graph Query for automation around pulling the Azure resource graph query output. There is no connector/ existing methodology I could find to solve this

0 Votes 0 ·
JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered sikumars commented

@PreranaPrajapat-6938
Thank you for your post!

Based off your issue, I'm assuming that you enabled Azure Defender for container registries. Once the Azure Defender scans are complete, the findings are made available as Security Center recommendations:
124453-image.png


Because the scan results can be found using the Sub Assessments - List REST API, you can try to automate getting the results using that. Additionally, you can leverage our Automate responses to Security Center triggers documentation to create a Logic App which can trigger on security alerts, recommendations, and changes to regulatory compliance.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (268.0 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JamesTran-MSFT Thanks for your response. I appreciate. I am looking forward to get the results by Azure Resource Graph Query results & add the same into storage location to create BI reporting to be able to shared with larger audience and leadership.


Currently the results are shown as download as CSV
124542-image.png

The automation workflow which you shared is more on sending alerts to remediate the owners of images. however we look forward to create a centralized repository of these scan results to identify trends and publish the same. to be able to do that we need everyday scan results added in one storage location.
124478-image.png


0 Votes 0 ·
image.png (18.4 KiB)
image.png (30.8 KiB)

@PreranaPrajapat-6938
Thank you for reaching out internally and posting a follow up on Q&A!

I reached out to our Azure Security Center SMEs, and it looks like your issue would be better handled by our Logic Apps team. I found a similar issue - Azure resource graph connection with Logic apps - Microsoft Q&A, that might help with resolving yours. However, within the post, the solution is to use a SQL DB rather than a Storage Account. But since you're internal, I'd recommend reaching out to our Logic App PG DL for more assistance.


I've also added the "azure-logic-apps" tag so our logic apps community can take a look at your issue as well.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

1 Vote 1 ·
sikumars avatar image sikumars PreranaPrajapat-6938 ·

@PreranaPrajapat-6938

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let me know.

Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·
PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered

@PreranaPrajapat-6938 For the benefit of others coming across this post, you can query the logs by making a request to the Azure Resource Graph Resources API using an HTTP Action from Logic Apps.

Given the nature of the query response, you could transform the JSON into the required format using the inline code action.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.