Thanks for the update.. Actually I am from Telenor group and we have deployed all

Yes, Sure, Please find the below mentioned... I have executed

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi,Just two questions. Below Quals work for azure arc also. (1)

Script to deploy Log Analytics extension on Azure Arc connected machines,about azure/microsoft-defender-for-cloud

hassanbsee2071 commented on July 22, 2024 1

Dear Lior, I am really thankful to you for this. I am very obliged. You made my day. Love You. :-). I would really like to keep in touch with you. I checked this but I think I do not have permission to deploy policy. I will ask my lead to do that. Thank you once again.

…

On Sun, Dec 13, 2020 at 11:10 PM Lior Arviv ***@***.***> wrote: Sure, the below are direct links to our built-in policies for Log Analytics deployment on Arc machines: *[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines* <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F69af7d4a-7b18-4044-93a9-2651498ef203> *[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines* <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9d2b61b4-1d14-4a63-be30-d4498e7ad2cf> [image: image] <https://user-images.githubusercontent.com/10098064/102019958-f1fd1200-3d7e-11eb-8f04-cd0dee471d7d.png> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#269 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AL75JZWI7UM4HQXXOYXSEJTSUT7Q7ANCNFSM4UZUUCXA> .

from microsoft-defender-for-cloud.

hassanbsee2071 commented on July 22, 2024

Yes, Sure,

Please find the script below mentioned... I have executed the script now and one VM is successfully added. Comments are added in the script.

$Setting = @{ "workspaceId" = " XXXXXXXXXXXXXXXXXXXXXXX " }
$protectedSetting = @{ "workspaceKey" = " XXXXXXXXXXXXXXXXXXXXXXX " }

$query = @"
securityresources
| where type == "microsoft.security/assessments" and name == "27ac71b1-75c5-41c2-adc2-858f5db45b08" or name == "720a3e77-0b9a-4fa9-98b6-ddf0fd7e32c1"
| extend resourceId = properties.resourceDetails.Id
| extend resourceName = tostring(split(resourceId, "/")[8])
| extend resourceGroup = (split(resourceId, "/")[4])
| extend status = properties.status.code
| extend recommendatioName = properties.displayName
| where status == "Unhealthy"
| project subscriptionId,
recommendatioName,
resourceName,
resourceGroup,
status,
resourceId,
name
"@

$vms = Search-AzGraph -Query $query
write-host "n" echo "Following VMs have been identified for Loga Analytics Extension" $vms.resourceName write-host "n"
write-host "`n"
foreach ($vm in $vms) {
$vmName = ($vm.resourceName)
$resgrp = ($vm.resourceGroup)
if ($vm.name -match '27ac71b1-75c5-41c2-adc2-858f5db45b08') {

                              Write-Host "This is Windows Platform $vmName" -ForegroundColor Green
                              Write-Host "Adding log Analytics Extention to VM $vmName. It will take eight minutes per vm:-)" -ForegroundColor Green
                              New-AzConnectedMachineExtension -Name MMAExtension -ResourceGroupName $resgrp -MachineName $vmName -Location "West Europe" -Publisher "Microsoft.EnterpriseCloud.Monitoring" -TypeHandlerVersion "1.0" -Settings $Setting -ProtectedSetting $protectedSetting -ExtensionType "MicrosoftMonitoringAgent"
                              write-host "`n"
                              Get-AzConnectedMachineExtension -ResourceGroupName $resgrp -MachineName $vmName
                                                                                                                              }
else {
                         
                              Write-Host "This is Linux Platform $vmName" -ForegroundColor Green
                              Write-Host "Adding log Analytics Extention to VM $vmName. It will take eight minutes per vm:-)" -ForegroundColor Green
                              Write-Host "$resgrp" -ForegroundColor Green
                              New-AzConnectedMachineExtension -Name MMAExtension -ResourceGroupName $resgrp -MachineName $vmName -Location "West Europe" -Publisher "Microsoft.EnterpriseCloud.Monitoring" -TypeHandlerVersion "1.13" -Settings $Setting -ProtectedSetting $protectedSetting -ExtensionType "OmsAgentforLinux"

                              write-host "`n"
                              Get-AzConnectedMachineExtension -ResourceGroupName $resgrp -MachineName $vmName
     }


                      }

from microsoft-defender-for-cloud.

liorarviv commented on July 22, 2024

@hassanbsee2071 thanks for providing the script. Have you considered using Azure Policy instead?
It can automatically deploy the extension on Azure Arc machines.

[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines
[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines

Is there a reason for using a script and not policy?

from microsoft-defender-for-cloud.

hassanbsee2071 commented on July 22, 2024

Thank you very much for your feedback. No, there is no specific reason. I will check this method. Is there any link or reference that you can provide me?

…

On Sun, Dec 13, 2020 at 10:50 PM Lior Arviv ***@***.***> wrote: @hassanbsee2071 <https://github.com/hassanbsee2071> thanks for providing the script. Have you considered using Azure Policy instead? It can automatically deploy the extension on Azure Arc machines. - [Preview]: Deploy Log Analytics agent to Windows Azure Arc machines - [Preview]: Deploy Log Analytics agent to Linux Azure Arc machines Is there a reason for using a script and not policy? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#269 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AL75JZV2W2T7GGBLMVSFPBDSUT5H5ANCNFSM4UZUUCXA> .

from microsoft-defender-for-cloud.

liorarviv commented on July 22, 2024

Sure, the below are direct links to our built-in policies for Log Analytics deployment on Arc machines:

[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines

[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines

from microsoft-defender-for-cloud.

liorarviv commented on July 22, 2024

Sure, my pleasure :)

from microsoft-defender-for-cloud.

hassanbsee2071 commented on July 22, 2024

Hi, Just two questions. Below Quals script work for azure arc also. (1) When I execute the query it shows azure arc vms. Did you mean it does not remediate vulnerability assessment? I just skipped the condition which checks vm status running or not. and (2) can we do that with policy? #Requires -Modules Az.Accounts, Az.ResourceGraph if(-not (Get-AzContext)) { Write-Host "Please authenticate to Azure using 'Connect-AzAccount'" } $query = @" securityresources | where type == 'microsoft.security/assessments' and name == 'ffff0522-1e88-47fc-8382-2a80ba848f5d' | extend status = properties.status.code, resourceid = properties.resourceDetails.Id | where status == 'Unhealthy' | project resourceid "@ $vms = Search-AzGraph -Query $query foreach ($vm in $vms) { $vmName = ($vm.resourceid -split '\/')[-1] Write-Host "Working on $vmName" -ForegroundColor Green $res = Invoke-AzRestMethod -Path ('{0}/providers/Microsoft.Security/serverVulnerabilityAssessments/default?api-Version=2015-06-01-preview' -f $vm.resourceid) -Method PUT if ($res.StatusCode -notmatch '200|202') { Write-Host ($res.Content | ConvertFrom-Json).Error.message -ForegroundColor Red } else { Write-Host "Working on $vmName is Complete" -ForegroundColor Green } On Sun, Dec 13, 2020 at 11:15 PM Syed Muhammad Hassan 2071-FET/BSEE/F13 < [email protected]> wrote:

…

Dear Lior, I am really thankful to you for this. I am very obliged. You made my day. Love You. :-). I would really like to keep in touch with you. I checked this but I think I do not have permission to deploy policy. I will ask my lead to do that. Thank you once again. On Sun, Dec 13, 2020 at 11:10 PM Lior Arviv ***@***.***> wrote: > Sure, the below are direct links to our built-in policies for Log > Analytics deployment on Arc machines: > > *[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines* > <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F69af7d4a-7b18-4044-93a9-2651498ef203> > > *[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines* > <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9d2b61b4-1d14-4a63-be30-d4498e7ad2cf> > > [image: image] > <https://user-images.githubusercontent.com/10098064/102019958-f1fd1200-3d7e-11eb-8f04-cd0dee471d7d.png> > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#269 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AL75JZWI7UM4HQXXOYXSEJTSUT7Q7ANCNFSM4UZUUCXA> > . >

from microsoft-defender-for-cloud.

hassanbsee2071 commented on July 22, 2024

Hi Lior, We have deployed Azure Arc VMs, but we are facing an issue, as per your suggestion we have enabled policy. But we did not find a log analytics extension. Moreover when I ran a query it still shows a message to deploy log analytics extension in unhealthy status. What are we doing wrong? Why the policy does not enable the log analytics extension. *[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines* <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F69af7d4a-7b18-4044-93a9-2651498ef203> *[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines* <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9d2b61b4-1d14-4a63-be30-d4498e7ad2cf> securityresources | where type == "microsoft.security/assessments" and name == "27ac71b1-75c5-41c2-adc2-858f5db45b08" or name == "720a3e77-0b9a-4fa9-98b6-ddf0fd7e32c1" | extend resourceId = properties.resourceDetails.Id | extend resourceName = tostring(split(resourceId, "/")[8]) | extend resourceGroup = (split(resourceId, "/")[4]) | extend status = properties.status.code | extend recommendatioName = properties.displayName | where status == "Unhealthy" | project subscriptionId, recommendatioName, resourceName, resourceGroup, status, resourceId, name On Sun, Dec 13, 2020 at 11:37 PM Syed Muhammad Hassan 2071-FET/BSEE/F13 < [email protected]> wrote:

…

Hi, Just two questions. Below Quals script work for azure arc also. (1) When I execute the query it shows azure arc vms. Did you mean it does not remediate vulnerability assessment? I just skipped the condition which checks vm status running or not. and (2) can we do that with policy? #Requires -Modules Az.Accounts, Az.ResourceGraph if(-not (Get-AzContext)) { Write-Host "Please authenticate to Azure using 'Connect-AzAccount'" } $query = @" securityresources | where type == 'microsoft.security/assessments' and name == 'ffff0522-1e88-47fc-8382-2a80ba848f5d' | extend status = properties.status.code, resourceid = properties.resourceDetails.Id | where status == 'Unhealthy' | project resourceid "@ $vms = Search-AzGraph -Query $query foreach ($vm in $vms) { $vmName = ($vm.resourceid -split '\/')[-1] Write-Host "Working on $vmName" -ForegroundColor Green $res = Invoke-AzRestMethod -Path ('{0}/providers/Microsoft.Security/serverVulnerabilityAssessments/default?api-Version=2015-06-01-preview' -f $vm.resourceid) -Method PUT if ($res.StatusCode -notmatch '200|202') { Write-Host ($res.Content | ConvertFrom-Json).Error.message -ForegroundColor Red } else { Write-Host "Working on $vmName is Complete" -ForegroundColor Green } On Sun, Dec 13, 2020 at 11:15 PM Syed Muhammad Hassan 2071-FET/BSEE/F13 < ***@***.***> wrote: > Dear Lior, > > I am really thankful to you for this. I am very obliged. You made my day. > Love You. :-). I would really like to keep in touch with you. I checked > this but I think I do not have permission to deploy policy. I will ask my > lead to do that. Thank you once again. > > On Sun, Dec 13, 2020 at 11:10 PM Lior Arviv ***@***.***> > wrote: > >> Sure, the below are direct links to our built-in policies for Log >> Analytics deployment on Arc machines: >> >> *[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines* >> <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F69af7d4a-7b18-4044-93a9-2651498ef203> >> >> *[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines* >> <https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9d2b61b4-1d14-4a63-be30-d4498e7ad2cf> >> >> [image: image] >> <https://user-images.githubusercontent.com/10098064/102019958-f1fd1200-3d7e-11eb-8f04-cd0dee471d7d.png> >> >> — >> You are receiving this because you were mentioned. >> Reply to this email directly, view it on GitHub >> <#269 (comment)>, >> or unsubscribe >> <https://github.com/notifications/unsubscribe-auth/AL75JZWI7UM4HQXXOYXSEJTSUT7Q7ANCNFSM4UZUUCXA> >> . >> >

from microsoft-defender-for-cloud.

Script to deploy Log Analytics extension on Azure Arc connected machines about microsoft-defender-for-cloud HOT 8 CLOSED

Comments (8)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent