如何获取安全扫描后受影响的 Azure 容器映像列表？

Question

不幸的是，您无法直接从 CLI 获取结果。所有扫描数据都存储在 Log Analytics 中（通过 Azure 安全中心/Defender），因此您需要使用 Kusto 语言通过它进行查询。此查询将获取以下信息：

securityresources
| where type == "microsoft.security/assessments"
| summarize by assessmentKey=name //the ID of the assessment
| join kind=inner (
  securityresources
  | where type == "microsoft.security/assessments/subassessments"
  | extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id)
) on assessmentKey
| where properties.additionalData.assessedResourceType == "ContainerRegistryVulnerability"
| extend status = properties.status.code
| extend severity = properties.status.severity

Answer 1

不幸的是，您无法直接从 CLI 获取结果。所有扫描数据都存储在 Log Analytics 中（通过 Azure 安全中心/Defender），因此您需要使用 Kusto 语言通过它进行查询。此查询将获取以下信息：

securityresources
| where type == "microsoft.security/assessments"
| summarize by assessmentKey=name //the ID of the assessment
| join kind=inner (
  securityresources
  | where type == "microsoft.security/assessments/subassessments"
  | extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id)
) on assessmentKey
| where properties.additionalData.assessedResourceType == "ContainerRegistryVulnerability"
| extend status = properties.status.code
| extend severity = properties.status.severity

如何获取安全扫描后受影响的 Azure 容器映像列表？

答案1

相关内容