How to build a report of Azure Defender for Cloud score Via API, and export it to CSV. Why do we need this? share it with your ?, and show them the progress of your security posture.
Need to create service principal with the following permissions: Read RBAC on each subscription.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
| #set the variables
$ClientID = ''
$ClientSecret = ''
$tenant_Id = ''
# your subscription Ids
$subscription_Ids = ''
# Create the body of the request.
$Body = @{
Grant_Type = "client_credentials"
Resource = "https://management.azure.com/"
client_id = $clientId
client_secret = $clientSecret
}
$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoft.com/$tenant_Id/oauth2/token?api-version=1.0" -Method POST -Body $Body
$Headers = @{
'Content-Type' = "application/json"
'Authorization' = "Bearer $($ConnectGraph.access_token)"
}
# Force TLS 1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#function to get graph data with pagination
function Get-GraphData {
param (
[parameter(Mandatory)]
[string]$AccessToken,
[parameter(Mandatory)]
[string]$Uri
)
$Headers = @{
'Authorization' = "Bearer $AccessToken"
}
do {
$Results = Invoke-RestMethod -Uri $Uri -Headers $Headers -ErrorAction Stop
$QueryResults += $Results.value
$Uri = $Results.'@odata.nextLink'
} while ($Uri)
return $QueryResults
}
# Get the data
foreach ($subscription_Id in $subscription_Ids) {
$uri1 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores?api-version=2020-01-01"
[array]$secureScores = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri1
$uri2 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores/ascScore/securescorecontrols?api-version=2020-01-01"
[array]$ascScores = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri2
$uri3 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScoreControlDefinitions?api-version=2020-01-01"
[array]$secureScoreControlDefinitions = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri3
$uri4 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/assessments?api-version=2020-01-01"
[array]$assessments = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri4
$uri5 = "https://management.azure.com/subscriptions/$subscription_Id/providers/Microsoft.Security/secureScores/ascScore/securescorecontrols?api-version=2020-01-01&expand=definition"
[array]$securescorecontrols = Get-GraphData -AccessToken $ConnectGraph.access_token -Uri $uri5
}
# Create the report
$ReportLineScore = [PSCustomObject][Ordered]@{
MaxScore = $secureScores.Properties.score.max
Current = $secureScores.Properties.score.current
percentage = $secureScores.Properties.score.percentage * 100
}
$SPData = [System.Collections.Generic.List[Object]]::new()
ForEach ($ascScore in $ascScores) {
$SPLine = [PSCustomObject][Ordered]@{
Name = $ascScore.properties.displayName
Healthy = $ascScore.properties.healthyResourceCount
UnHealthy = $ascScore.properties.unhealthyResourceCount
NotApplicable = $ascScore.properties.notApplicableResourceCount
weight = $ascScore.properties.weight
maxScore = $ascScore.properties.score.max
currentScore = $ascScore.properties.score.current
percentage = $ascScore.properties.score.percentage * 100
}
$SPData.Add($SPLine)
}
$SPData1 = [System.Collections.Generic.List[Object]]::new()
foreach ($secureScoreControlDefinition in $secureScoreControlDefinitions) {
$SPLine1 = [PSCustomObject][Ordered]@{
Name = $secureScoreControlDefinition.properties.displayName
MaxScore = $secureScoreControlDefinition.properties.maxScore
}
$SPData1.Add($SPLine1)
}
$SPData2 = [System.Collections.Generic.List[Object]]::new()
foreach ($assessment in $assessments) {
$SPLine2 = [PSCustomObject][Ordered]@{
Name = $assessment.properties.displayName
Status = $assessment.properties.status.description
Code = $assessment.properties.status.code
Cause = $assessment.properties.status.cause
Details = $assessment.properties.resourceDetails.Id
}
$SPData2.Add($SPLine2)
}
$SPData3 = [System.Collections.Generic.List[Object]]::new()
foreach ($securescorecontrol in $securescorecontrols) {
$SPLine3 = [PSCustomObject][Ordered]@{
Name = $securescorecontrol.properties.displayName
HealthyCount = $securescorecontrol.properties.healthyResourceCount
UnHealthyCount = $securescorecontrol.properties.unhealthyResourceCount
NotApplicableCount = $securescorecontrol.properties.notApplicableResourceCount
}
$SPData3.Add($SPLine3)
}
$ReportLineScore | Export-Csv -Path "c:\temp\ReportLineScore.csv" -NoTypeInformation -Encoding UTF8
$SPData | Export-Csv -Path "c:\temp\SPData.csv" -NoTypeInformation -Encoding UTF8
$SPData1 | Export-Csv -Path "c:\temp\SPData1.csv" -NoTypeInformation -Encoding UTF8
$SPData2 | Export-Csv -Path "c:\temp\SPData2.csv" -NoTypeInformation -Encoding UTF8
$SPData3 | Export-Csv -Path "c:\temp\SPData3.csv" -NoTypeInformation -Encoding UTF8
|
MaxScore | Current | percentage |
---|
31 | 24 | 77,42 |
Name | MaxScore |
---|
Protect applications against DDoS attacks | 2 |
Enable MFA | 10 |
Encrypt data in transit | 4 |
Restrict unauthorized network access | 4 |
Implement security best practices | 0 |
Apply adaptive application control | 3 |
Enable auditing and logging | 1 |
Enable encryption at rest | 4 |
Enable endpoint protection | 2 |
Apply system updates | 6 |
Manage access and permissions | 4 |
Remediate security configurations | 4 |
Secure management ports | 8 |
Remediate vulnerabilities | 6 |
Enable enhanced security features | 0 |