Is it possible to access Azure Security Center recommendations outside of Azure Portal?

不问归期 提交于 2019-12-23 04:23:27

问题


For part of a project, I need to be able to display security center recommendations for a given resource group on a webpage. To be clear, I'm looking to access the data on the Recommendations blade of Azure Security Center and filter that information by a resource group, only displaying the recommendations relevant to those resources.

I've been looking at two ways to implement this:

  1. Security Resource API seems to be a good starting place, however I can't find any API endpoint that will allow me to access the recommendations. I've found methods to GET security alerts and security tasks, but these are both reactive (i.e. something happened that you should know about), while I'm looking for preventative (i.e. something could happen, take these steps to mitigate the risk of it happening).
  2. PowerBI dashboards also do almost what I want. I'm able to preview the number of recommendations, and one of the pages on the default dashboard even breaks those numbers down per resource group, but I still can't find a way to use this information in the way that I want.

An ideal solution would allow me to retrieve and display all resources recommendations scoped to a monitored resource group, with the following parameters:

  • Resource Name
  • Description
  • State
  • Severity

Is there any way to access this information from outside of Azure? Is it possible that I've overlooked something in the API or PowerBI documentation that would allow me to do this? I'm new to PowerBI, and I'm afraid that I'm misunderstanding a basic concept that may be right in front of me.

Thank you for your time!


回答1:


Figured I'd come back to this in case anyone is ever looking for an answer to this. I'm going to try and keep this brief, but I ended up doing the following.

The Get Security Status method I mentioned in the original question returns a field called properties. MSDN doesn't say anywhere (at the time I'm posting this) what those properties contain, but I'll post some sample JSON for posterity:


{
  "value": [
    {
*     "id": "(identifying information specific to task)",
      "name": "(int)",
      "type": "Microsoft.Security/locations/(resource group)/tasks",
      "properties": {
*       "state": "Active",
        "subState": "NA",
        "creationTimeUtc": "2017-01-29T10:40:43.6599124Z",
        "lastStateChangeTimeUtc": "2017-01-29T10:40:43.6599124Z",
        "securityTaskParameters": {
*         "storageAccountName": "(resource name)",
*         "name": "Enable encryption for Azure Storage Account",
          "uniqueKey": "(url to resource)",
          "resourceId": "(url to resource)"
        }
      }
    }
  }

So, I filled my models with the parameters with asterisks at the beginning of their lines (added by me).

Frankly, this isn't exactly what I was looking for, but it's a close enough analog to work. I really wish the documentation for this were better, but I was able to find the information by following a hunch.

I hope this helps someone someday!



来源:https://stackoverflow.com/questions/44317621/is-it-possible-to-access-azure-security-center-recommendations-outside-of-azure

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!