Azure – New capability added to Azure Security Center: Inventory

As you know Azure comes with a lot of security capability which sometimes get missed or misconfigured.

To help customers stay on top of their security posture, Azure integrates Azure Security Center (ASC) which gives you an overview of your security configuration, not only for Azure resources but also for on-premises ones if you have onboarded your resources.

Well, the Azure Security Center just got a new capability called Inventory.

This new capability is providing a full visibility over all your resources monitored by ASC, providing ways to look in details on specific resources, export report (in CSV) or even use Graph Explorer.

This new capability is now in preview.

To start using it, logon to your Azure portal (https://portal.azure.com/) and access your Security Center

image

Then look for the Inventory blade available at the top of the left pane

image

There you will get the complete list of all resources monitored, including Azure subscriptions (either on Azure or on-premises) with their corresponding security state (recommendations)

image

If you click on one of these resources, you will get details about the security state for this specific resource with associated recommendations

image   image

Getting back at the main Inventory blade, you can choose to export in CSV the current state; unfortunately, as of now (maybe this will change later), you can not get the recommendations associated with the resources

image  image

You can also use Graph Explorer to run KQL queries if you need to get more details about the resource(s) – like operating system, IP address, tags…

image  image

Leave a Comment

Your email address will not be published.