Comments (14)
LeeSchuenemeyer
commented on July 22, 2024
2 week old issue _ I have the same problem.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Hi @kaevans and @LeeSchuenemeyer,
We're currently looking into the issue and will provide a solution once finished. In the meantime, please also take a look at the Azure Monitor workbooks that are published here.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Hi @kaevans and @LeeSchuenemeyer
have you tried to redeploy the workbook? On December 4th, the ARM template has been changed to address the issue you're reporting.
from microsoft-defender-for-cloud.
majormer
commented on July 22, 2024
I have been working with @LeeSchuenemeyer . The deployment in question was a new deploy last week from scratch.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Have you deployed the template with an existing, or a new Log Analytics workspace? Does your workspace contain the following custom log tables?
- SecureScore_CL
- SecureScoreAssessments_CL
- SecureScoreControls_CL
- Subscriptions_CL
If they exist, do the tables contain data?
from microsoft-defender-for-cloud.
majormer
commented on July 22, 2024
It was a brand new Log Analytics workspace. I do not see the tables in there.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Have you followed the instructions to grant the Logic App's Managed Identity access to your subscriptions? Also, have you manually triggered the Logic App once you have met all prerequisites? These steps are mandatory so the Logic App can read information from Azure Security Center and store it in the Log Analytics Workspace which is provided by the automation (or which is connected when deploying the automation using this template). The workbook uses these custom tables to visualize Secure Score data.
from microsoft-defender-for-cloud.
majormer
commented on July 22, 2024
I'm getting a parsing error in the query.
I have granted the Managed Identity read rights to the subscription the Log Analytics RG exists in so that I could get some starting data.
You can assign reader permissions for the Managed Identity for each one of the subscriptions you want to get data on.
Also, everything was deployed exactly from the template link you provided.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Have you manually triggered the Logic App? If so, what is the result in the Logic App's run history? Your workspace does not contain the custom tables that are used by the workbook, which means that the Logic App has either not found any Azure Security Center-related data in your subscription, or that it has not propagated the data to the workspace.
The error you get in the screenshot means that the custom table SecureScore_CL has not been found, so there is no data to display.
from microsoft-defender-for-cloud.
majormer
commented on July 22, 2024
I have manually triggered the Logic App.
The runs seem to be working fine. I kind of wish they would error so I could see if no data is coming back. As it stands, I just have missing data, I fear.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
If you take a look at the Logic App run details (just click on one of the succeeded runs on the bottom of your screenshot), the first HTTP step should give you an output that contains your subscription information, such as subscription ID (see the screenshot below). This information is then written to your Log Analytics workspace.
With this step, the Subscriptions_CL table is created in your Log Analytics workspace. If the Logic App does not get the information, the managed identity probably cannot read it. So, you seem to have an issue with your RBAC.
from microsoft-defender-for-cloud.
kaevans
commented on July 22, 2024
Hi @kaevans and @LeeSchuenemeyer
have you tried to redeploy the workbook? On December 4th, the ARM template has been changed to address the issue you're reporting.
I believe that @LeeSchuenemeyer should open a different issue as that discussion is not relevant to the issue I've reported. Typically that issue is resolved by waiting 10-15 minutes since custom data written to Log Analytics (as is used in this sample) takes 10-15 minutes to show up in Log Analytics.
In the ARM template for azuredeploy.json in the Get-SecureScoreData project, the ARM template deploys an Azure workbook that is not used by the Logic App or by Power BI. That workbook cannot be opened as it contains several parse errors:
I tried to discern what the queries should actually be so that I could submit a pull request but unsure the intent. Would be helpful to have a workbook deployed that shows some of the Log Analytics queries that are embedded in the PowerBI and use that workbook to confirm that the _CL tables are present.
from microsoft-defender-for-cloud.
TomJanetscheck
commented on July 22, 2024
Hi @kaevans
the parsing error you refer to has been addressed in a PR back in December already. The workbook will visualize data from the custom tables that are filled by the Logic App. Have you redeployed the ARM template since then?
from microsoft-defender-for-cloud.
kaevans
commented on July 22, 2024
Spoke with @TomJanetscheck , problem exists between chair and keyboard. You have to select the subscription(s) in the workbook. If that parameter says "unset" then you get the parse error. Apologies!
from microsoft-defender-for-cloud.
Related Issues (20)
- Security Center REST API Endpoint missing
- Reproduce behaviour HOT 1
- Alternative HOT 1
- Permission and Variables HOT 1
- New-ASCVASolution.ps1 Rapid 7 Insight Agent BYOL deployment confusion HOT 2
- Defender for Cloud Environment settings, "Workload protections" views report incorrect resource coverage HOT 1
- this is the official domain for the website and email for teachers and students in the public sector of Kuwait ministry of education: moe.edu.kw
- https://learn.microsoft.com/ar-sa/users/12771345/
- D4Storage-PricingEstimation-Per-Storage.ps1 requires az.Storage HOT 1
- Instructions are outdated and should be updated
- Inconsistent CSV Export Log CSV HOT 1
- Support form link doesn't exist anymore
- Missing Images
- Line 47 provides error of "unexpected token" HOT 1
- Cannot Connect Subscription Based Sentinel Connector for MDC
- ARM Template Issue
- Subscription Not Found (HTTP - Get Azure VM) HOT 2
- ImageScanSummaryAssessmentGate.ps1 no longer finds assessments HOT 2
- CVE Dashboard- old version HOT 2
- Connection Error while accessing Microsoft Defender for Cloud HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microsoft-defender-for-cloud.