Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix the coverage section of the AKS workbook

This commit is contained in:
Yossi Weizman 2020-12-14 12:25:50 +02:00
Родитель 6fa2ada224
Коммит 911c5a3f2c
2 изменённых файлов: 3 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
Workbooks/AksSecurity.json
Просмотреть файл

@ -239,7 +239,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == \"microsoft.containerservice/managedclusters\"\r\n| summarize AksClusters = count() by subscriptionId, DefenderForAks = 0\r\n| union\r\n(securityresources\r\n| where type =~ \"microsoft.security/pricings\"\r\n| where name == \"KubernetesService\"\r\n| project DefenderForAks = iif(properties.pricingTier == 'Standard', 1, 0), AksClusters = 0, subscriptionId)\r\n| summarize AksClusters = sum(AksClusters), DefenderForAks = sum(DefenderForAks) by subscriptionId\r\n| project Subscription = strcat('/subscriptions/', subscriptionId), [\"AKS clusters\"] = AksClusters, ['Defender for AKS'] = iif(DefenderForAks > 0,'yes','no'), ['Onboard Azure Defender'] = iif(DefenderForAks > 0, '', 'https://ms.portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/26')\r\n| order by ['Defender for AKS'] asc\r\n",
"query": "datatable (Event:string)\r\n [\"AKS Workbook\"]\r\n| extend cluster = (strcat(\"[\", \"{clustername}\", \"]\"))\r\n| extend cluster = todynamic(replace(\"'\", '\"', cluster))\r\n| mvexpand cluster\r\n| extend subscriptionId = extract(@\"/subscriptions/([^/]+)\", 1, tostring(cluster))\r\n| summarize AksClusters = count() by subscriptionId, DefenderForAks = 0\r\n| union\r\n(\r\nsecurityresources\r\n| where type =~ \"microsoft.security/pricings\"\r\n| where name == \"KubernetesService\"\r\n| project DefenderForAks = iif(properties.pricingTier == 'Standard', 1, 0), AksClusters = 0, subscriptionId\r\n)\r\n| summarize AksClusters = sum(AksClusters), DefenderForAks = sum(DefenderForAks) by subscriptionId\r\n| project Subscription = strcat('/subscriptions/', subscriptionId), [\"AKS clusters\"] = AksClusters, ['Defender for AKS'] = iif(DefenderForAks > 0,'yes','no'), ['Onboard Azure Defender'] = iif(DefenderForAks > 0, '', 'https://ms.portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/26')\r\n| order by ['Defender for AKS'] asc",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
@ -287,7 +287,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "resources\r\n| where type == \"microsoft.containerservice/managedclusters\"\r\n| summarize AksClusters = count() by subscriptionId, DefenderForAks = 0\r\n| union\r\n(securityresources\r\n| where type =~ \"microsoft.security/pricings\"\r\n| where name == \"KubernetesService\"\r\n| project DefenderForAks = iif(properties.pricingTier == 'Standard', 1, 0), AksClusters = 0, subscriptionId)\r\n| summarize AksClusters = sum(AksClusters), DefenderForAks = sum(DefenderForAks) by subscriptionId\r\n| project Subscription = 1, ['Defender for AKS'] = iif(DefenderForAks > 0,'Protected by Azure Defender','Not protected by Azure Defender')",
"query": "datatable (Event:string)\r\n [\"AKS Workbook\"]\r\n| extend cluster = (strcat(\"[\", \"{clustername}\", \"]\"))\r\n| extend cluster = todynamic(replace(\"'\", '\"', cluster))\r\n| mvexpand cluster\r\n| extend subscriptionId = extract(@\"/subscriptions/([^/]+)\", 1, tostring(cluster))\r\n| summarize AksClusters = count() by subscriptionId, DefenderForAks = 0\r\n| union\r\n(\r\nsecurityresources\r\n| where type =~ \"microsoft.security/pricings\"\r\n| where name == \"KubernetesService\"\r\n| project DefenderForAks = iif(properties.pricingTier == 'Standard', 1, 0), AksClusters = 0, subscriptionId\r\n)\r\n| summarize AksClusters = sum(AksClusters), DefenderForAks = sum(DefenderForAks) by subscriptionId\r\n| project Subscription = 1, ['Defender for AKS'] = iif(DefenderForAks > 0,'Protected by Azure Defender','Not protected by Azure Defender')",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",

2
Workbooks/WorkbooksMetadata.json
Просмотреть файл

@ -1017,7 +1017,7 @@
"dataTypesDependencies": [ "SecurityAlert", "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "AzureSecurityCenter" ],
"previewImagesFileNames": [ "AksSecurityWhite.png", "AksSecurityBlack.png" ],
"version": "1.1",
"version": "1.2",
"title": "Azure Kubernetes Service (AKS) Security",
"templateRelativePath": "AksSecurity.json",
"subtitle": "",