Introduction to Azure Security Center

Contents

Inventory

After onboarding all resources from Azure and other cloud providers, you may want to list all resources available or query specific resources that you need more information about. You can use the Inventory feature in Security Center to accomplish that.

This feature uses Azure Resource Graph (ARG) in the background. ARG is an Azure service that provides the ability to query Security Center’s data across multiple subscriptions using Kusto Query language. In a case where you want to query only resources that are available in AWS, you can easily create a resource type filter to see only those resources. Follow the steps below to access the Inventory feature and create this filter:

  1. Open the Azure portal and sign in as a user who has read permission in the subscription.

  2. In the left navigation, click Security Center.

  3. In the Security Center left navigation, under General, click the Inventory option. The Inventory page appears, as shown in Figure 2-25.

    f02xx25.jpg

    FIGURE 2-25 The Inventory page

  4. Click the Resource Types filter, click Select All to uncheck all the items, and then only select aws account and aws resources, as shown in Figure 2-26.

    f02xx26.jpg

    FIGURE 2-26 Filtering by resource types

  5. After selecting those items, click outside the drop-down menu to commit the changes. At this point, you should see only your AWS resources/account.

  6. After applying the filter, you can also select a particular resource from the list to see more details about that resource. The Resource Health page for the opened resource also presents the list of recommendations that are open, as shown in Figure 2-27.

f02xx27.jpg

FIGURE 2-27 Filtering by resources types

Besides filtering on resource types, you can also create filters based on the following variables:

  • Resource name

  • Resource groups

  • Recommendations

  • Agent monitoring status

  • Azure Defender status (on, off, or partially enabled)

  • Security findings (including values from the vulnerability assessment)

  • Tag

If you need to create filters that are beyond the options that are available, you can also customize your own query using ARG. You can create the base visualization using the filters that are available in the Inventory dashboard, and from there click the Open Query button, as shown in Figure 2-28.

f02xx28.jpg

FIGURE 2-28 Accessing the ARG interface via the Open Query button

After you click this button, the Azure Resource Graph Explorer page appears, as shown in Figure 2-29.

f02xx29.jpg

FIGURE 2-29 Azure Resource Graph Explorer with a pre-defined query

From this page, you can click Run Query, which will produce a similar result to what you have in the Inventory page since this query is based on the filtering that was configured on that page. Also, you can customize this query according to your own needs.

NOTE

For other sample ARG queries, consult the Azure Security Center community page at https://github.com/Azure/Azure-Security-Center/tree/master/Kusto/Azure%20Resource%20Graph.

Save to your account

This chapter is from the book