Azure Security Center included integration with Azure Workbooks. With the new Workbooks feature is it possible to build custom reports. From Azure Security Center there is integration with Azure Workbooks. By default Azure Security Center included three new dashboards for more detailed information reports. Currently all in public preview. 

Newly added workbooks:

  • Secure Score over Time
  • System Updates
  • Vulnerability Assessments

In this blog, the explanation of the Azure Security Center workbooks features and the usage of the new workbooks including setting-up Continuous Export for the Secure Score over Time dashboard.

Within Azure Security Center, you can access the built-in reports to track the organization’s security posture. You can also create custom reports to view a wide range of data from Azure Security Center and other supported sources from Azure.

Requirements

Currently, the new feature is in Public Preview. For using the new feature make sure you have at least the Workbook Contributor permission on the target resource group for saving the workbooks. For the Secure Score Over Time workbook it is required to enable continuous export from the Security Center subscription level.


Dashboard for Azure Security Center

With the integrated Azure Workbooks functionality from Azure Security Center it is possible to build your own custom dashboards. Security Center also includes a workbook gallery with some newly created workbooks. For now 3 default workbooks are available by default:

  • Secure Score Over Time – Track your subscriptions’ scores and changes to recommendations for your resources
  • System Updates – View missing system updates by resources, OS, severity, and more
  • Vulnerability Assessment Findings – View the findings of vulnerability scans of your Azure resources

How to start?

For opening the Security Center workbook feature:

  1. Go to Azure Security Center
  2. Click on Workbooks
  3. Under the section Public Templates, 3 default templates are available with the category Security Center


Secure Score Over Time report

Secure Score Over Times gives the score trends for the Secure Score trends. Multiple graphs are available to view the general trends of the scores for your subscriptions.

In the default workbook the following graph blocks are available:

Score trends for the last week and month: Monitor the current score and general trends of the scores for your connected subscriptions.

Aggregated score for all selected subscriptions: Hover your mouse over any point in the trend line to see the aggregated score at any date in the selected time range.

Recommendations with the most unhealthy resources: Triage the recommendations with the most unhealthy resources.

Scores for specific security controls: Overall score for the specific recommendations.

Resources changes: Recommendations with the most resources that have changed state (healthy, unhealthy, or not applicable) during the selected period are listed.


How to configure Secure Score Over Time report?

The Secure Score Over Time report uses the Log Analytics workspace data. For getting the correct information it is required to export the data from the continuous export tool.

For configuring the export functionality:

  1. From Security Center’s sidebar, select Pricing & settings.
  2. Select the specific subscription for which you want to configure the data export.
  3. From the sidebar of the settings page for that subscription, select Continuous Export.
  4. Set the export target to Log Analytics workspace (1).
  5. Select the following data types: Security recommendations (2) and Secure Score (Preview). (3). If needed it is possible to specify the export value. 
  6. From the export frequency options, select Streaming and Snapshots (4).
  7. Fill in the Export configuration/ Security Workspace and the Export target (6)
  8. Select Save.
  9. It takes some time to complete the Continuous Export sync

System Updates

The System Updates reports are based on the specific security recommendation “System updates should be installed on your machines” from Azure Security Center. For the correct usage make sure to select all or a selected subscription.

Note: Image from Microsoft because limit data available in demo tenant


Vulnerability Assessment Findings’ report

The Security Center vulnerability Assessments Finding report is based on the vulnerability from the ASC core. For the different resources it is possible to detect and report the assessments.

With the overview tab it is possible to switch between the different scanners:

  • Machines
  • Container
  • SQL

Based on the configured scanners it is possible to track and list the vulnerabilities.

Note: Image from Microsoft because limit data available in demo tenant


Sources

Microsoft:  Azure Security Center Workbooks