ASC PowerShell Module
Thank you for your interest in checking out this module, but with the formal release of the new Azure Security Center cmdlets, there is no longer a need to keep these cmdlets published. Please check the link below to find the new official Azure Security Center cmdlets.
Thanks!
Mike
Is it possible to enable setting the OMS Workspace? I have tried directly modifying the JSON file to specify a specific OMS Workspace but Set-ASCPolicy throws an error. Not sure if the error is because of the module or the ASC REST API.
In your ASC Policy alert settings, if you do not have a phone number specified, the API will not provide the securityContactPhone property when using Get-ASCPolicy. This causes Set-ASCPolicy to break because the property is missing.
This is a known issue and needs to be fixed on the ASC side. Posting here in case others run into it.
Workaround:
Manually specify a phone number in the portal so that the property contains data.
the url path should be ClassicCompute rather than 'Classic Compute' (with the space) when trying to get security information for 'classic' VMs.
Get-ASCDataCollection : {"error":{"code":"GatewayTimeout","message":"The gateway did not receive a response from 'Microsoft.Security' within the specified time
period."}}
At line:1 char:1
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ASCDataCollection
Hey,
first thx for great module, saved me from alot of additinal coding :-) i have on issue though when applying the Qualys solution i get an error in azure monitor:
{
"channels": "Operation",
"correlationId": "8914c53c-b2e2-411a-bc62-b60154cef9c6",
"eventDataId": "bc8e5be4-5ada-4c7e-8960-72ea9c1c43f5",
"eventName": {
"value": "Semi-integrated solution creation",
"localizedValue": "Semi-integrated solution creation"
},
"category": {
"value": "Security",
"localizedValue": "Security"
},
"eventTimestamp": "2018-02-22T09:17:59.7302105Z",
"id": "/subscriptions/subscriptionid/resourceGroups/QualysVA1/providers/Microsoft.Security/securitySolutions/QualysVA/events/bc8e5be4-5ada-4c7e-8960-72ea9c1c43f5/ticks/636548878797302105",
"level": "Error",
"operationId": "48e12c35-9f78-4fc7-aed1-da6df19c5407",
"operationName": {
"value": "Semi-integrated solution creation",
"localizedValue": "Semi-integrated solution creation"
},
"resourceGroupName": "QualysVA1",
"resourceProviderName": {
"value": "Microsoft.Security",
"localizedValue": "Microsoft.Security"
},
"resourceType": {
"value": "Microsoft.Security/securitySolutions",
"localizedValue": "Microsoft.Security/securitySolutions"
},
"resourceId": "/subscriptions/subscriptionid/resourceGroups/QualysVA1/providers/Microsoft.Security/securitySolutions/QualysVA",
"status": {
"value": "Failed",
"localizedValue": "Failed"
},
"subStatus": {
"value": "",
"localizedValue": ""
},
"submissionTimestamp": "2018-02-22T09:17:59.6907723Z",
"subscriptionId": "subscriptionid",
"properties": {
"securityFamily": "Vulnerability Assessment",
"reason": "",
"solutionName": "QualysVA"
},
"relatedEvents": []
}
PS test code:
Select-AzureRmSubscription -SubscriptionId subscriptionid
$secsolution = New-ASCQualysVASolutionConfiguration -LicenseCode "lcode" `
-PublicKey "key" `
-AutoUpdate $true
Set-ASCSecuritySolution -JSON $secsolution -SolutionName QualysVa1 -ResourceGroupName QualysVA1 -Verbose
running newest version of module:
PS C:\Users\username> Get-Module -Name Azure-Security-Center
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0.19 Azure-Security-Center {Build-ASCPolicy, Get-ASCAlert, Get-ASCJITAccessPo...
any idea why this is happening?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.