| summarize avg(Percent) by bin(TimeGenerated,1d), SubscriptionId=_SubscriptionId Track secure score over time by subscription: Copy and paste a query from the samples described below.In Azure Portal, navigate to the Log Analytics workspace to which you enabled continuous export.
Below are common queries for these scenarios, follow the steps below to use them: For example, track secure score over time or find what recommendations and resources are lowering your score. When consuming secure score data from Log Analytics workspace, you might like to further analyze the data. When exporting the data to Log Analytics workspace the overall secure score will be exported to SecureScores table, and secure score per control to SecureScoreControls table, in the following schemas:Ĭommon queries for Log Analytics workspace The score of a control with max score of 0 is updated.įor export to Event Hub, the data schemas are in line with the Secure Scores and Secure Score Controls APIs.The change in the control score is less than 0.01.The number of resources changed but the overall score didn’t.From the moment of enabling continuous export every change to the score will be exported. Continuous export exports only updates to the score, and not the baseline. Fill in the details of your export destination (Event Hub/Log Analytics workspace).ġ.Choose the Resource Group in which the automation resource will be created.In the drop-down menu you can choose whether to export both the overall score of the subscription and the score per control, or only one of them. In the Azure Portal go to ‘Microsoft Defender for Cloud’.To enable continuous export for secure score, follow the steps below:
This will enable you to track secure score over time with dynamic reports, export secure score data to Microsoft Sentinel or other 3 rd party SIEM solutions, and integrate this data type with any internal processes you might already be using to monitor secure score in your organization. Using continuous export of secure score (preview), you can stream secure score changes in real-time to an Event Hub or a Log Analytics workspace.
0 kommentar(er)
