Home Get Azure Defender for Cloud score Via API
Post
Cancel

Get Azure Defender for Cloud score Via API

How to build a report of Azure Defender for Cloud score Via API, and export it to CSV. Why do we need this? share it with your ?, and show them the progress of your security posture.

Need to create service principal with the following permissions: Read RBAC on each subscription.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#set the variables
$ClientID = ''
$ClientSecret = ''
$tenant_Id = ''

# your subscription Ids
$subscription_Ids = ''

# Create the body of the request.
$Body = @{    
    Grant_Type    = "client_credentials"
    Resource      = "https://management.azure.com/"
    client_id     = $clientId
    client_secret = $clientSecret
}

$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoft.com/$tenant_Id/oauth2/token?api-version=1.0" -Method POST -Body $Body

$Headers = @{
    'Content-Type'  = "application/json"
    'Authorization' = "Bearer $($ConnectGraph.access_token)"
}

# Force TLS 1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

#function to get graph data with pagination
function Get-GraphData {
    param (
        [parameter(Mandatory)]
        [string]$AccessToken,
      
        [parameter(Mandatory)]
        [string]$Uri
    )

    $Headers = @{
        'Authorization' = "Bearer $AccessToken"
    }

    do {
        $Results = Invoke-RestMethod -Uri $Uri -Headers $Headers -ErrorAction Stop

        $QueryResults += $Results.value

        $Uri = $Results.'@odata.nextLink'
    } while ($Uri)

    return $QueryResults
}

# Get the data
foreach ($subscription_Id in $subscription_Ids) {
    $uri1 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores?api-version=2020-01-01"    
    [array]$secureScores = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri1
    $uri2 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores/ascScore/securescorecontrols?api-version=2020-01-01"
    [array]$ascScores = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri2
    $uri3 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScoreControlDefinitions?api-version=2020-01-01"
    [array]$secureScoreControlDefinitions = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri3
    $uri4 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/assessments?api-version=2020-01-01"
    [array]$assessments = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri4
    $uri5 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores/ascScore/securescorecontrols?api-version=2020-01-01&expand=definition"
    [array]$securescorecontrols = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri5
}

# Create the report
$ReportLineScore = [PSCustomObject][Ordered]@{  
    MaxScore   = $secureScores.Properties.score.max
    Current    = $secureScores.Properties.score.current
    percentage = $secureScores.Properties.score.percentage * 100 
}

$SPData = [System.Collections.Generic.List[Object]]::new()
ForEach ($ascScore in $ascScores) {
    $SPLine = [PSCustomObject][Ordered]@{  
        Name          = $ascScore.properties.displayName
        Healthy       = $ascScore.properties.healthyResourceCount
        UnHealthy     = $ascScore.properties.unhealthyResourceCount
        NotApplicable = $ascScore.properties.notApplicableResourceCount
        weight        = $ascScore.properties.weight
        maxScore      = $ascScore.properties.score.max
        currentScore  = $ascScore.properties.score.current
        percentage    = $ascScore.properties.score.percentage * 100
    }
    $SPData.Add($SPLine)
}

$SPData1 = [System.Collections.Generic.List[Object]]::new()
foreach ($secureScoreControlDefinition in $secureScoreControlDefinitions) {
    $SPLine1 = [PSCustomObject][Ordered]@{  
        Name     = $secureScoreControlDefinition.properties.displayName
        MaxScore = $secureScoreControlDefinition.properties.maxScore
    }
    $SPData1.Add($SPLine1)
}

$SPData2 = [System.Collections.Generic.List[Object]]::new()
foreach ($assessment in $assessments) {
    $SPLine2 = [PSCustomObject][Ordered]@{  
        Name     = $assessment.properties.displayName
        Status   = $assessment.properties.status.description
        Code     = $assessment.properties.status.code
        Cause    = $assessment.properties.status.cause
        Details  = $assessment.properties.resourceDetails.Id
    }
    $SPData2.Add($SPLine2)
}

$SPData3 = [System.Collections.Generic.List[Object]]::new()
foreach ($securescorecontrol in $securescorecontrols) {
    $SPLine3 = [PSCustomObject][Ordered]@{  
        Name               = $securescorecontrol.properties.displayName
        HealthyCount       = $securescorecontrol.properties.healthyResourceCount
        UnHealthyCount     = $securescorecontrol.properties.unhealthyResourceCount
        NotApplicableCount = $securescorecontrol.properties.notApplicableResourceCount
        
    }
    $SPData3.Add($SPLine3)
}

$ReportLineScore | Export-Csv -Path "c:\temp\ReportLineScore.csv" -NoTypeInformation -Encoding UTF8
$SPData | Export-Csv -Path "c:\temp\SPData.csv" -NoTypeInformation -Encoding UTF8
$SPData1 | Export-Csv -Path "c:\temp\SPData1.csv" -NoTypeInformation -Encoding UTF8
$SPData2 | Export-Csv -Path "c:\temp\SPData2.csv" -NoTypeInformation -Encoding UTF8
$SPData3 | Export-Csv -Path "c:\temp\SPData3.csv" -NoTypeInformation -Encoding UTF8

MaxScoreCurrentpercentage
312477,42
NameMaxScore
Protect applications against DDoS attacks2
Enable MFA10
Encrypt data in transit4
Restrict unauthorized network access4
Implement security best practices0
Apply adaptive application control3
Enable auditing and logging1
Enable encryption at rest4
Enable endpoint protection2
Apply system updates6
Manage access and permissions4
Remediate security configurations4
Secure management ports8
Remediate vulnerabilities6
Enable enhanced security features0
This post is licensed under CC BY 4.0 by the author.