Defender for Cloud – Part 2: The Asset Inventory 

Table of Contents

Asset Inventory

The asset inventory page  shows the security posture of the resources you’ve connected to Defender for Cloud. Defender for Cloud periodically analyzes the security state of resources connected to your subscriptions to identify potential security issues and provides you with active recommendations. 

Use this view and its filters to address such questions as:

  • Which of my subscriptions with Defender plans enabled have outstanding recommendations?
  • Which of my machines with the tag ‘Production’ are missing the Log Analytics agent?
  • How many of my machines tagged with a specific tag have outstanding recommendations?
  • Which machines in a specific resource group have a known vulnerability (using a CVE number)?

The security recommendations on the asset inventory page are also shown in the Recommendations page, but here they’re shown according to the affected resource.

Also a new feature called Critical Assets are shown.

Key features

1. Inventory

Inventory shows ALL your Azure resources, your other connected resources like in my case Amazon Web Services -connected resources. It shows where they are located, recommedations for those resources. You can search for example installed applications and vulnerabilities to those. These features were in lot of use before the Cloud Security Explorer function. 

And if you like to drill in to resource you just click the resource like in this example of my ubuntu server:

2. Summaries

  • Total resources: The total number of resources connected to Defender for Cloud.
  • Unhealthy resources: Resources with active security recommendations that you can implement. Learn more about implementing security recommendations.
  • Unmonitored resources: Resources with agent monitoring issues – they have the Log Analytics agent deployed, but the agent isn’t sending data or has other health issues.
  • Unregistered subscriptions: Any subscription in the selected scope that hasn’t yet been connected to Microsoft Defender for Cloud.

3. Filters

With filters you can provide a quick way to refine the list of resources according to the question you’re trying to answer.

4. Export tools

Inventory includes an option to export the results of your selected filter options to a CSV file. You can also export the query itself to Azure Resource Graph Explorer to further refine, save, or modify the Kusto Query Language (KQL) query.

You can also add non-Azure servers to the inventory which actually means that you can install a log analytics agent to a non-Azure like on-prem windows/linux server.

So if you press that link above you end up this view:

and from there you finally end up this view if you do as instructions say:

1.You can see the summary of connected windows or linux servers and you can add Data Collection rules to that Azure monitor agent you are about to install:

2.Here you can have installers for a windows/linux machines and get the needed information to those installers:

  • Workspace ID
  • Primary key
  • Secondary key

It’s also possible download the Log Analytics Gateway to act as a proxy if you have machines without Internet connectivity

That was kind of all from the Asset inventory. Stay tuned. The next part is coming. 

The parts of the MDC blog series

 
Picture of Jussi Metso

Jussi Metso

Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future.

Discover more from Jussi Metso

Subscribe to get the latest posts sent to your email.

DEFENDER FOR CLOUD

Related Posts