This article is contributed. See the original author and article here.
Secure Score by Groups Workbook
Scenario
The Azure Resource Graph security baseline for Azure Security and the power of Azure Monitor bring you infinite possibilities to custom Azure Security Center information. Consider a scenario where you want to have visibility of the Secure Score for different subscriptions that are in different regions in a single dashboard. This article explains how to leverage Azure Monitor workbooks to create that. The workbook is available in our GitHub community page and the result looks like this:
The queries
This workbook has two queries created using Azure Resource Graph:
- One for obtaining the Overall Secure Score of the selected subscriptions
- The other obtains the individual Secure Score
To obtain the individual score, use the sample query below:
securityresources
| where type == "microsoft.security/securescores"
| extend subscriptionSecureScore = round(100 * ((todouble(properties.score.current))/ todouble(properties.score.max)))
| project subscriptionSecureScore, subscriptionId
| order by subscriptionSecureScore asc
When you run the query in ARG, you will get a similar result to this:
Behind the scenes, each security control Current Score and Maximum Score is found here:
Query: overall secure score – multiple subscriptions
To get the overall secure score of more than one subscription, you can use the next query:
securityresources
| where type == "microsoft.security/securescores"
| extend subscriptionScore = todouble(properties.score.current)/todouble(properties.score.max)
| extend subScoreXsubWeight = todouble(subscriptionScore)*todouble(properties.weight)
| summarize upperValue = sum(subScoreXsubWeight), underValue = sum(todouble(properties.weight))
| extend overallScore = round(100*((upperValue)/(underValue)))
The result would be similar to this:
Follow this blog post to see the formulas used for Azure Security Center Secure Score.
The Workbook Visualization
The workbook will show by default four groups. Each group has five variables: group, title, subscription picker, overall secure score, secure score per subscription.
To modify the workbook, start by clicking the Edit button:
Modify Group Name
- Select the group you want to modify and click the Edit button.
- At the top, click on Advanced Settings, change the Group title, and click the button Done Editing.
Modify Title
- Go to the title and click Edit:
- Type the title you want in a Markdown syntax, and click the button Done Editing.
Create More Groups
- Go to any group
- Click on the three dots and select Clone
Pin It to Your Azure Dashboard
- Your workbook must be in Edit mode, then click the Pin button.
- Click on Pin All to send each component of your groups to the dashboard.
- Click either on Existing or Create New and choose your Dashboard Name. Then click Create And Pin.
- You will see a message saying it was successfully pinned. Click on that and start customizing your dashboard.
- Customize your dashboard by clicking the Edit button and moving the information squares.
Next Steps
Try it out and share your experience. The workbook is published here in the Azure Security Center GitHub repository.
References
Reviewers
Miri Landau, Senior PM, ASC Engineering
Yuri Diogenes, Principal PM, CxE Security ASC
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments