Skip to content

gusitde/Azure_Defender_Alert_asbuilt_

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

  1. Install the Azure PowerShell module (if not already installed):

    Install-Module -Name Az -AllowClobber -Scope CurrentUser

  2. Authenticate to Azure:

    Connect-AzAccount

  3. Script to download Azure Defender for Cloud alerts for all subscriptions with logging and verbose output:

    # Enable verbose output
$VerbosePreference = "Continue"

# Authenticate to Azure
Write-Verbose "Authenticating to Azure..."
Connect-AzAccount

# Get all subscriptions
Write-Verbose "Retrieving all subscriptions..."
$subscriptions = Get-AzSubscription

# Initialize an array to store the Defender for Cloud alerts
$defenderAlerts = @()

foreach ($subscription in $subscriptions) {
    Write-Verbose "Processing subscription: $($subscription.Name) ($($subscription.Id))"
    # Set the subscription context
    Set-AzContext -SubscriptionId $subscription.Id

    # Get all Defender for Cloud alerts for the subscription
    Write-Verbose "Retrieving Defender for Cloud alerts for subscription: $($subscription.Name) ($($subscription.Id))"
    $alerts = Get-AzSecurityAlert

    foreach ($alert in $alerts) {
        Write-Verbose "Processing alert: $($alert.AlertDisplayName)"
        # Add the alert to the array
        $defenderAlerts += [pscustomobject]@{
            SubscriptionId     = $subscription.Id
            AlertDisplayName   = $alert.AlertDisplayName
            AlertType          = $alert.AlertType
            Severity           = $alert.Severity
            Status             = $alert.Status
            ReportedTimeUtc    = $alert.ReportedTimeUtc
            Description        = $alert.Description
            RemediationSteps   = $alert.RemediationSteps
        }
    }
}

# Export the Defender for Cloud alerts to a CSV file
$outputFile = "DefenderForCloud_Alerts.csv"
Write-Verbose "Exporting alerts to $outputFile"
$defenderAlerts | Export-Csv -Path $outputFile -NoTypeInformation

Write-Host "Defender for Cloud alerts have been exported to $outputFile"

Explanation:

  1. Enable Verbose Output: The script sets $VerbosePreference to "Continue" to enable verbose output.

  2. Verbose Logging: Throughout the script, Write-Verbose statements are added to log key actions and states. This includes authentication, retrieving subscriptions, setting context, retrieving alerts, processing each alert, and exporting data.

  3. Export to CSV: The script exports the collected Defender for Cloud alerts to a CSV file named DefenderForCloud_Alerts.csv.

This script will now provide detailed logging information when run with the -Verbose flag, which can help you debug and understand the execution flow better.

About

RBAC assignment as built module

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published