Microsoft Azure – Find Security Score by Controls in Azure Subscriptions
Pre-requisite: Azure
In this article, we will show you how to find the security score for the specific azure subscription and also for all subscriptions by subscriptionId using the KQL resource graph query. In order to read resources in Azure using KQL (Kusto Query Language) one should have at least read access on the select subscriptions or “Azure Resource Graph Data Reader” role in the management group.
Steps to Find Security Score
Step 1: Log in to Azure Portal
Step 2: Access the Azure Resource Graph Explorer from azure global search to run the KQL queries.
Step 3: Now run the following KQL (Kusto Query Language) resource graph query to find the security score for subscription in Azure. This query uses the ‘SecurityResources’ table, which contains security-related information for resources in Azure.
SecurityResources | where type == 'microsoft.security/securescores/securescorecontrols' | extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max, subscriptionId | project SecureControl , unhealthy, currentscore, maxscore, subscriptionId | where subscriptionId == "<subscriptionId>" // use this to filter multiple subscriptions // | where subscriptionId == "<subscriptionId-01>" or "<subscriptionId-02>"
this query returns the table with columns SecureControl, unhealthy, currentscore, maxscore, subscriptionId for a given subscription.
Use the following KQL (Kusto Query Language) resource graph query to find the security score by subscription in Azure.
SecurityResources | where type == 'microsoft.security/securescores/securescorecontrols' | extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max, subscriptionId | project SecureControl , unhealthy, currentscore, maxscore, subscriptionId
this query returns the table with columns SecureControl, unhealthy, currentscore, maxscore, subscriptionId from all the active subscriptions.