Comments (7)
As I mentioned above, in this case please open a new or upvote an existing feature request in the Azure Security Center Uservoice. But also remember that preview recommendations should be considered before they will negatively affect Secure Score calculations which is why they're part of Continuous Export.
from microsoft-defender-for-cloud.
It would be possible if word "Preview" was a part of recommendation name, however currently PREVIEW recommendation can be filtered ONLY via GUI from Portal (see pic below)
SecurityRecommendation
| where RecommendationState == "Unhealthy" and TimeGenerated > startofmonth(now())
| where RecommendationName !contains "Preview"
from microsoft-defender-for-cloud.
Hi @andriikut ,
today, the preview information is not exported to LA, however, you can use the Microsoft.Security/AssessmentsMetadata API provider to retrieve the information, as there is a preview-field:
{
"id": "/providers/Microsoft.Security/assessmentMetadata/af560c4d-9c05-e073-b9f1-f7a94958ff25",
"name": "af560c4d-9c05-e073-b9f1-f7a94958ff25",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Container registries should be encrypted with a customer-managed key (CMK)",
"assessmentType": "BuiltIn",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
"description": "Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.",
"remediationDescription": "Azure automatically encrypts registry Contents. To encrypt a registry using a customer-managed key (CMK): 1. Create a user-assigned managed identity. 2. Create a Key Vault with soft delete and purge protection enabled. 3. Give the Managed Identity (Get, Unwrap and Wrap) Key Permissions to the key vault by adding a key vault Access Policy. 4. Create a key for encryption. 5. Create the registry: enable customer-managed key, add the managed identity, and provid the created key's version. For more information, see: https://aka.ms/acr/cmk",
"categories": [
"Data"
],
"preview": true,
"severity": "Medium"
}
},
If you need that information in Log Analytics, you could use a Logic App that helps you write data from the API to your Log Analytics workspace. The Get-SecureScoreData Logic App is an example to help you export data from a REST API to Log Analytics. If you want to see that feature in Continuous Export, too, please make sure to post a feature request in the Azure Security Center Uservoice.
from microsoft-defender-for-cloud.
Thanks @TomJanetscheck , I will check your findings
According to article : "Preview recommendations don't render a resource unhealthy, and they aren't included in the calculations of your secure score"
However they are being exporting to LA and that cause this issue. I DO NOT want Preview information and want to exclude it
from microsoft-defender-for-cloud.
When configuring continuous export, you can select which recommendations you want to be exported. You can uncheck the preview recommendations so only the others are exported to Log Analytics. Also, preview recommendations are shown in ASC to enable customers to care about remediation before they will negatively affect Secure Score. Once these recommendations are GA, they will count towards their particular security controls and will then make your Secure Score decrease in case you have not taken care of remediation. So, the preview flag does not necessarily mean that these recommendations are unstable, but it's more a grace period before they will finally count towards Secure Score calculation.
from microsoft-defender-for-cloud.
I got you point. It will work, but in this case we will need to manage this list manually each time when new recommendations become GA. I'm trying to avoid manual work while using continuous export
So it would be reasonable to add option to exclude Preview from exporting or sort them out in LA
from microsoft-defender-for-cloud.
Closing this issue since it is not related to an automation artifact.
from microsoft-defender-for-cloud.
Related Issues (20)
- Security Center REST API Endpoint missing
- Reproduce behaviour HOT 1
- Alternative HOT 1
- Permission and Variables HOT 1
- New-ASCVASolution.ps1 Rapid 7 Insight Agent BYOL deployment confusion HOT 2
- Defender for Cloud Environment settings, "Workload protections" views report incorrect resource coverage HOT 1
- this is the official domain for the website and email for teachers and students in the public sector of Kuwait ministry of education: moe.edu.kw
- https://learn.microsoft.com/ar-sa/users/12771345/
- D4Storage-PricingEstimation-Per-Storage.ps1 requires az.Storage HOT 1
- Instructions are outdated and should be updated
- Inconsistent CSV Export Log CSV HOT 1
- Support form link doesn't exist anymore
- Missing Images
- Line 47 provides error of "unexpected token" HOT 1
- Cannot Connect Subscription Based Sentinel Connector for MDC
- ARM Template Issue
- Subscription Not Found (HTTP - Get Azure VM) HOT 2
- ImageScanSummaryAssessmentGate.ps1 no longer finds assessments HOT 2
- CVE Dashboard- old version HOT 2
- Connection Error while accessing Microsoft Defender for Cloud HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microsoft-defender-for-cloud.