Merge pull request #910 from fanasere/patch-1

Updating azuredeploy.json to align the get databases sub assessments query with the get servers sub assessments query.
Azure · Oct 14, 2024 · 5f0c73b · 5f0c73b
2 parents 4535c31 + aef9a92
commit 5f0c73b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Workflow automation/Notify-SQLVulnerabilityReport/azuredeploy.json b/Workflow automation/Notify-SQLVulnerabilityReport/azuredeploy.json
@@ -259,7 +259,7 @@
                             "$skipToken": "",
                             "$top": 100
                           },
-                          "query": "securityresources \r\n            | where type =~ \"microsoft.security/assessments/subassessments\"\r\n            | extend assessmentKey = extract(@\"providers/Microsoft.Security/assessments/([^/]*)\", 1, id)\r\n            | extend resourceIdTemp = iff(properties.resourceDetails.id != \"\", properties.resourceDetails.id, extract(\"(.+)/providers/Microsoft.Security\", 1, id))\r\n            | extend resourceId = iff(properties.resourceDetails.source =~ \"OnPremiseSql\", strcat(resourceIdTemp, \"/servers/\", properties.resourceDetails.serverName, \"/databases/\" , properties.resourceDetails.databaseName), resourceIdTemp)\r\n            | extend resourceName = extract(@\"(.+)/(.+)\", 2, resourceId)\r\n            | extend resourceIdentifier = iff(properties.resourceDetails.source =~ \"OnPremiseSql\", tostring(properties.resourceDetails.sourceComputerId), extract(@\"(.+)/servers/\", 1, resourceId))\r\n            | extend resourceIdentifier = tolower(resourceIdentifier)\r\n            | extend status = tostring(properties.status.code), severity=tostring(properties.status.severity)\r\n            | where tolower(status) != \"notapplicable\"\r\n            | where assessmentKey in (\"82e20e14-edc5-4373-bfc4-f13121257c37\", \"f97aa83c-9b63-4f9a-99f6-b22c4398f936\")\r\n            | extend resourceDisplayName = iff(assessmentKey =~ \"82e20e14-edc5-4373-bfc4-f13121257c37\", resourceName, strcat(resourceName, \" (\", extract(@\".+/servers/(.+?)/\", 1, resourceId) ,\")\"))\r\n            | where id startswith \"@{items('For_each_server')?['resourceId']}\"\r\n            | extend bladeType = iff(assessmentKey =~ \"82e20e14-edc5-4373-bfc4-f13121257c37\", \"SqlVaServersSubAssessmentsBlade\", \"SqlVmsSubAssessmentsBlade\")\r\n            | extend detailsUrl = strcat(\"https://portal.azure.com/\", tenantId, \"#view/Microsoft_Azure_Security_AzureDefenderForData/\", bladeType,\"/assessmentKey/\", assessmentKey, \"/resourceId/\", url_encode(resourceId), \"/resourceName/\", resourceName)\r\n            | summarize totalChecksBySeverity=count(severity), timeGenerated=max(todatetime(properties.timeGenerated)) by subscriptionId, resourceName, resourceId, status, severity, detailsUrl, resourceDisplayName\r\n            | summarize high=sumif(totalChecksBySeverity, severity =~ \"high\" and status =~ \"unhealthy\"), medium=sumif(totalChecksBySeverity, severity =~ \"medium\" and status =~ \"unhealthy\"), low=sumif(totalChecksBySeverity, severity =~ \"low\" and status =~ \"unhealthy\"), totalUnhealthyChecks=sumif(totalChecksBySeverity, status =~ \"unhealthy\"), totalChecks=sum(totalChecksBySeverity) by subscriptionId, resourceName, resourceId, timeGenerated, detailsUrl, resourceDisplayName\r\n            | extend totalHealthyChecks = totalChecks-totalUnhealthyChecks\r\n            | extend scanResult = iff(totalUnhealthyChecks > 0, \"Findings\", \"No findings\")\r\n            | order by totalUnhealthyChecks, resourceName \r\n            | where timeGenerated > ago(7d)\r\n",
+                          "query": "securityresources \r\n            | where type =~ \"microsoft.security/assessments/subassessments\"\r\n            | extend assessmentKey = extract(@\"providers/Microsoft.Security/assessments/([^/]*)\", 1, id)\r\n            | extend resourceIdTemp = iff(properties.resourceDetails.id != \"\", properties.resourceDetails.id, extract(\"(.+)/providers/Microsoft.Security\", 1, id))\r\n            | extend resourceId = iff(properties.resourceDetails.source =~ \"OnPremiseSql\", strcat(resourceIdTemp, \"/servers/\", properties.resourceDetails.serverName, \"/databases/\" , properties.resourceDetails.databaseName), resourceIdTemp)\r\n            | extend resourceName = extract(@\"(.+)/(.+)\", 2, resourceId)\r\n            | extend resourceIdentifier = iff(properties.resourceDetails.source =~ \"OnPremiseSql\", tostring(properties.resourceDetails.sourceComputerId), extract(@\"(.+)/servers/\", 1, resourceId))\r\n            | extend resourceIdentifier = tolower(resourceIdentifier)\r\n            | extend status = tostring(properties.status.code), severity=tostring(properties.status.severity)\r\n            | where tolower(status) != \"notapplicable\"\r\n            | where assessmentKey in (\"82e20e14-edc5-4373-bfc4-f13121257c37\", \"f97aa83c-9b63-4f9a-99f6-b22c4398f936\")\r\n            | extend resourceDisplayName = iff(assessmentKey =~ \"82e20e14-edc5-4373-bfc4-f13121257c37\", resourceName, strcat(resourceName, \" (\", extract(@\".+/servers/(.+?)/\", 1, resourceId) ,\")\"))\r\n            | where id startswith \"@{items('For_each_server')?['resourceId']}\"\r\n            | extend bladeType = iff(assessmentKey =~ \"82e20e14-edc5-4373-bfc4-f13121257c37\", \"SqlVaServersSubAssessmentsBlade\", \"SqlVmsSubAssessmentsBlade\")\r\n            | extend detailsUrl = strcat(\"https://portal.azure.com/\", tenantId, \"#view/Microsoft_Azure_Security_AzureDefenderForData/\", bladeType,\"/assessmentKey/\", assessmentKey, \"/resourceId/\", url_encode(resourceId), \"/resourceName/\", resourceName)\r\n            | summarize totalChecksBySeverity=count(severity), timeGenerated=max(todatetime(properties.timeGenerated)) by subscriptionId, resourceName, resourceId, status, severity, detailsUrl, resourceDisplayName\r\n            | summarize high=sumif(totalChecksBySeverity, severity =~ \"high\" and status =~ \"unhealthy\"), medium=sumif(totalChecksBySeverity, severity =~ \"medium\" and status =~ \"unhealthy\"), low=sumif(totalChecksBySeverity, severity =~ \"low\" and status =~ \"unhealthy\"), totalUnhealthyChecks=sumif(totalChecksBySeverity, status =~ \"unhealthy\"), totalChecks=sum(totalChecksBySeverity) by subscriptionId, resourceName, resourceId, timeGenerated, detailsUrl, resourceDisplayName\r\n            | extend totalHealthyChecks = totalChecks-totalUnhealthyChecks\r\n            | extend scanResult = iff(totalUnhealthyChecks > 0, \"Findings\", \"No findings\")\r\n            | order by totalUnhealthyChecks, resourceName \r\n",
                           "subscriptions": [
                             "@{items('For_each_subscription')?['subscriptionId']}"
                           ]
@@ -501,4 +501,4 @@
       }
     }
   ]
-}
+}