我正在使用此查询来提取推荐状态的当前安全评估以及受影响的资源数量:
securityresources
| where type == "microsoft.security/assessments"
| extend resourceId=id, recommendationId=name, resourceType=type, recommendationName=properties.displayName, source=properties.resourceDetails.Source, recommendationState=properties.status.code, description=properties.metadata.description, assessmentType=properties.metadata.assessmentType, remediationDescription=properties.metadata.remediationDescription, policyDefinitionId=properties.metadata.policyDefinitionId, implementationEffort=properties.metadata.implementationEffort, recommendationSeverity=properties.metadata.severity, category=properties.metadata.categories, userImpact=properties.metadata.userImpact, threats=properties.metadata.threats, portalLink=properties.links.azurePortal
| summarize numberOfResources=count(resourceId) by tostring(recommendationName), tostring(recommendationState)
| order by tostring(recommendationState), numberOfResources desc
我想从“recommendationName”之一展开所有细节。
我需要为“应安全配置机器”提取所有单独的安全配置,如果可能的话,还需要为每个配置项提取受影响的资源。
在此先感谢, 塞尔吉