Skip to content

Commit 7df1de8

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #227295 from timwarner-msft/timwarner-mdcgraph
Add new Kusto example query
2 parents 682c259 + a14cec1 commit 7df1de8

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

articles/defender-for-cloud/resource-graph-samples.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: Azure Resource Graph sample queries for Microsoft Defender for Cloud
33
description: Sample Azure Resource Graph queries for Microsoft Defender for Cloud showing use of resource types and tables to access Microsoft Defender for Cloud related resources and properties.
4-
ms.date: 01/09/2023
4+
ms.date: 02/14/2023
55
ms.topic: sample
66
ms.custom: subject-resourcegraph-sample
77
---

includes/resource-graph/samples/bycat/microsoft-defender.md

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,42 @@
22
author: timwarner-msft
33
ms.service: resource-graph
44
ms.topic: include
5-
ms.date: 07/07/2022
5+
ms.date: 02/14/2023
66
ms.author: timwarner
77
ms.custom: generated
8+
---
9+
### Display all active Microsoft Defender for Cloud alerts
10+
11+
Returns a list of all active alerts in your Microsoft Defender for Cloud tenant.
12+
13+
```kusto
14+
securityresources
15+
| where type =~ 'microsoft.security/locations/alerts'
16+
| where properties.Status in ('Active')
17+
| where properties.Severity in ('Low', 'Medium', 'High')
18+
| project alert_type = tostring(properties.AlertType), SystemAlertId = tostring(properties.SystemAlertId), ResourceIdentifiers = todynamic(properties.ResourceIdentifiers)
19+
```
20+
21+
# [Azure CLI](#tab/azure-cli)
22+
23+
```azurecli-interactive
24+
az graph query -q "securityresources | where type =~ 'microsoft.security/locations/alerts' | where properties.Status in ('Active') | where properties.Severity in ('Low', 'Medium', 'High') | project alert_type = tostring(properties AlertType), SystemAlertId = tostring(properties.SystemAlertId), ResourceIdentifiers = todynamic(properties ResourceIdentifiers)"
25+
```
26+
27+
# [Azure PowerShell](#tab/azure-powershell)
28+
29+
```azurepowershell-interactive
30+
Search-AzGraph -Query "securityresources | where type =~ 'microsoft.security/locations/alerts' | where properties.Status in ('Active') | where properties.Severity in ('Low', 'Medium', 'High') | project alert_type = tostring(properties AlertType), SystemAlertId = tostring(properties.SystemAlertId), ResourceIdentifiers = todynamic(properties ResourceIdentifiers)"
31+
```
32+
33+
# [Portal](#tab/azure-portal)
34+
35+
:::image type="icon" source="../../../../articles/governance/resource-graph/media/resource-graph-small.png"::: Try this query in Azure Resource Graph Explorer:
36+
37+
- Azure portal: <a href="https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/securityresources%20%7C%20where%20type%20%3D~%20%27microsoft.security%2Flocations%2Falerts%27%20%7C%20where%20properties.Status%20in%20%28%27Active%27%29%20%7C%20where%20properties.Severity%20in%20%28%27Low%27%2C%20%27Medium%27%2C%20%27High%27%29%20%7C%20project%20alert_type%20%3D%20tostring%28properties%20AlertType%29%2C%20SystemAlertId%20%3D%20tostring%28properties.SystemAlertId%29%2C%20ResourceIdentifiers%20%3D%20todynamic%28properties%20ResourceIdentifiers%29" target="_blank">portal.Azure.com</a>
38+
- Azure Government portal: <a href="https://portal.azure.us/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/securityresources%20%7C%20where%20type%20%3D~%20%27microsoft.security%2Flocations%2Falerts%27%20%7C%20where%20properties.Status%20in%20%28%27Active%27%29%20%7C%20where%20properties.Severity%20in%20%28%27Low%27%2C%20%27Medium%27%2C%20%27High%27%29%20%7C%20project%20alert_type%20%3D%20tostring%28properties%20AlertType%29%2C%20SystemAlertId%20%3D%20tostring%28properties.SystemAlertId%29%2C%20ResourceIdentifiers%20%3D%20todynamic%28properties%20ResourceIdentifiers%29" target="_blank">portal.Azure.us</a>
39+
- Azure China 21Vianet portal: <a href="https://portal.azure.cn/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/securityresources%20%7C%20where%20type%20%3D~%20%27microsoft.security%2Flocations%2Falerts%27%20%7C%20where%20properties.Status%20in%20%28%27Active%27%29%20%7C%20where%20properties.Severity%20in%20%28%27Low%27%2C%20%27Medium%27%2C%20%27High%27%29%20%7C%20project%20alert_type%20%3D%20tostring%28properties%20AlertType%29%2C%20SystemAlertId%20%3D%20tostring%28properties.SystemAlertId%29%2C%20ResourceIdentifiers%20%3D%20todynamic%28properties%20ResourceIdentifiers%29" target="_blank">portal.Azure.cn</a>
40+
841
---
942

1043
### Controls secure score per subscription

0 commit comments

Comments
 (0)