0

I am trying to deploy the workbook Secure Score Over Time for my client. This one:

Workbook Name

It sets this steps as needed to deploy it:

To use this Secure Score Over Time workbook, you'll need to configure continuous export to export data to a Log Analytics workspace:

  1. From Defender for Cloud sidebar, select Environment settings.

  2. Select the specific subscription for which you want to configure the data export.

  3. From the sidebar of the settings page for that subscription, select Continuous export.

  4. Set the export targed to Log Analytics workspace.

  5. Select the following data types: Security recommendations and Secure score.

  6. From the export frequency options, select Streaming updates and Snapshots (Preview).

  7. Select Save.

    Learn more

    Notes

    • To get full visibility, wait at least one week for the first snapshot to be exported.

    • To configure continuous export across your organization, use the supplied Azure Policy 'DeployIfNotExist' policies described here.

Environment settings is already configured with what was requested for the azure info.

Environment settings configuration

But for some reason after selecting it, this is all it can show:

Secure Score Over Time table results

Even after weeks of having this set, the log analytics workspace is also selected and working for other resources, so I don't understand why this workbook is not getting any result...

Anyone have idea of what am I missing here?

--EDIT-- @JohnGardner suggested to take a look on the Workspace query, as well as the SecureScore table, after seeing it, i saw the table does exist on the workspace: SecureScore table Screenshot

result querying the table...

Sergio D
  • 1
  • 1
  • I would suggest you to open a support ticket through the Azure Portal. if other resource types such as alerts and recommendations are working for you then it should be checked further by the Azure support team – Matan Shabtay Apr 25 '23 at 14:22

1 Answers1

0

There is a check in this workbook that queries to see if the table SecureScores exists in the selected log analytics workspace.

If you're still seeing the onboarding info, then the workspace isn't fully onboarded, since the table still does not exist.

If you're seeing that specific error, the table exists, and the queries are running, they are just returning 0 rows, so there's nothing to display.

You could go into edit mode of the workbook, go to that step showing the error, edit it, and press the button in the upper left of that step with the logs icon, and it will open up the exact query used in the workbook in the logs view on the workspace the workbook is targeting. you can then look at the exact generated content and verify if that workspace indeed has no data, or if some other error is occurring?

Otherwise, as suggested in the comment, if the setup/export isn't working, you'd need to work with the Defender for Cloud support team to figure out why the data isn't properly being exported to the workspace, as that's what the workbook is querying.

John Gardner
  • 24,225
  • 5
  • 58
  • 76
  • I checked it just now, seems like securescores table has no results, i upload this post now with screenshots – Sergio D Apr 26 '23 at 09:56
  • if that's the case, the workbook is showing you what it can. You'll need to work through the onboarding instructions or the Defender team with support to figure out why data isn't making it into the workspace? – John Gardner Apr 27 '23 at 00:32