[Feature Request] Use existing Get-SecureScoreData Log Analytics workspace for Secure Score reduction alerts #169
Comments
|
Hi @famjunxiang, you can already use the existing workspace by manually changing the connections within the LogicApp. However, the LogicApp will create another Customer Log (dailyAscScore_CL) within that workspace. Today, we do not have a LogicApp that connects and uses data from the existing tables. Adding @safeenab786 as the code owner to see if she can provide another ARM Template which will connect to the existing workspace instead of creating a new one. |
|
Hi @TomJanetscheck , thanks for your respond. I have deployed Send-SecureScoreBriefing LogicApp, which connect to the existing workspace to get the result. Thanks. |
TomJanetscheck
changed the title
|
Hi @TomJanetscheck , Good day to you, may i know the ETA for this enhancement? |
|
Hi @famjunxiang, |
|
Hi @famjunxiang, Uploaded the ARM template that you can use with existing Log Analytics Workspace. Thank you. |
|
Closing this issue as a solution was provided with PR #175 . |
|
Hi @safeenab786, i hit error at Append to string variable |
|
@famjunxiang Hello, what is the secure score at the moment in the subscription that you're deploying this template on? |
|
@safeenab786 i have 23 subscription at the moment, each subscription have different score. and I have assigned managed identity reader role for the Send-SecureScoreReductionAlert at the root management group. |
|
Reopening due to errors during LogicApp run. |
|
@famjunxiang - I could reproduce the behavior you mentioned above in my environment with subscriptions that have a Secure Score of 0, which should not apply to productive environments. In that case, the substring function does not work correctly. In case you have subscriptions with a Secure Score of 0, could you please remove the role assignment from the management group and then re-create it on all subscriptions with a Secure Score > 0 for testing? |
|
Hi, @TomJanetscheck, i try run the query at the failed subscription, found out the subscription with Secure Score is 100 not 0 |
|
Hi @safeenab786, any feedback for the report bug? Thanks. |
|
Hi @famjunxiang Please help me understand, the secure score in all the subscriptions you're trying this automation on is >single digit or >0%? |
|
Hi @safeenab786, we have subscriptions that disabled, so the secure score is 0. And we have subscription with 100 secure score, 3 digit and it will hit the error as well. |
|
Hi @famjunxiang Kindly run the script against those subscriptions that has a score to display. Please don't combine the subscriptions with 0 score and the ones with a score. Let me know how it goes. |
|
Hi @safeenab786 , I have assigned the reader role for the logic app at the root management group, it will run the script against all subscriptions. This is to ensure new subscription is covered as well. Thanks, |
|
Hi @safeenab786 , any feedback from your end? Thanks |
|
Hi @famjunxiang Thanks for the confirmation. I'm working on it, I hope to get back to you soon. |
|
Hi @safeenab786 , thanks for your feedback. |
|
Hi @safeenab786 , may i know the new merged is it the fix? Thanks. |
|
Hi @famjunxiang Yes it is. Request you to try it out and let us know your feedback. Thank you. |
|
Hi @safeenab786 , best to remove everything and redeploy? or ? |
|
Hi @famjunxiang I've made modifications in the code, yes please redeploy with the new template. |
|
Hi @safeenab786 Good day to you. { |
|
This issue is closed and therefore no longer monitored. Please create a new issue using our Bug report template. |
https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score/Secure%20Score%20Reduction%20Alerts
For Send Email notification on Secure Score downgrade , may i know instead of create new log analytic workspace, could we utilize the existing log analytic workspace - get-securescore?
The text was updated successfully, but these errors were encountered: