Builtin Vulnerability Dashboard
Introduction
Innovate and Protect IaaS Landing Zone is delivered with Microsoft Defender for Cloud Plan 1 (Plan 2 on-demand) enabled for servers. Microsoft Defender for Cloud comes along with Vulnerability assessment.
Vulnerability Assessment Findings
Microsoft provides a builtin dashboard showing the vulnerabilities in your environment.
URL: Vulnerability Assessment Findings
DEPRECATED IAAS LZ Vulnerabity dashboard
MCS-IaaS custom queries
Access to MCS-IaaS resource-graph shared queries
| Name | Description | Parameters |
|---|---|---|
| MCS-IAASLZ_CVESbyLZ | Given a subscription ID, returns all vulnerability findings with resourceID, CVE reference and more | subscriptionID |
| MCS-IAASLZ_CVESbyVM | Given a VM resource ID, returns all vulnerability findings with CVE reference and more | resourceId |
| MCS-IAASLZ_CVESLZsOrderByCount | Returns all vulnerable subscriptions ordered by number of findings | none |
| MCS-IAASLZ_LZSbyCVE | Given a CVE id, returns all subscriptions containing assets vulnerable to that CVE along with how many assets are vulnerable | CVE id |
| MCS-IAASLZ_VMSbyCVE | Given a CVE id, returns all VMs vulnerable to that CVE | CVE id |
| MCS-IAASLZ_VMSbyCVEorderByVMscount | Returns for all CVEs the Landing Zones that are vulnerable to each and the number of vulnerable VMs. The Landing Zones are ordered by number of VMs | none |
| MCS-IAASLZ_LZSbyCVEorderByLZscount | Returns for all CVEs the Landing Zones are vulnerable to and the number of vulnerable LZs. CVEs are ordered by number of LZs | none |
Go to "Resource Graph Explorer" service:
Click on "Open a Query" then filter by "MCS-IAASLZ" prefix. Then select the custom query of your choice.
List of Findings for a Landing Zone
Once you have opened MCS-IAASLZ_CVESbyLZ, edit the query to replace the current subscription id value" (l.18) with subscription id you are looking for.
Where you'll read CVE references depends on the assessed resource type:
- ServerVulnerability: the CVE reference appears in cve_number and cve_link_ref
- ContainerRegistryVulnerability: the CVE reference appears in cve_number and cve_link_ref
- GeneralVulnerability: the CVE references may appear in GeneralVulnerability_CVENumbers
- SqlServerVulnerability: no CVE references
Then, run the query to get the results.
List of Findings for a Virtual Machine
Once you have opened MCS-IAASLZ_CVESbyVM, edit the query to replace the current resourceId value" (l.18) with resourceId of the VM you are looking for.
Then, run the query to get the results.
Where you'll read CVE references depends on the assessed resource type:
- ServerVulnerability: the CVE reference appears in cve_number and cve_link_ref
- ContainerRegistryVulnerability: the CVE reference appears in cve_number and cve_link_ref
- GeneralVulnerability: the CVE references may appear in GeneralVulnerability_CVENumbers
List of Landing Zones ordered by number of CVEs
Once you have opened MCS-IAASLZ_CVESLZsOrderByCount, no edit is needed, you can run the query as-is.
List of Landing Zones vulnerable to a CVE
Once you have opened MCS-IAASLZ_LZSbyCVE, edit the query to replace "CVE-2021-45105" (l. 14) with the CVE ID you are looking for.
🔥 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
Then, run the query to get the results.
List of Virtual Machines vulnerable to a CVE
Once you have opened MCS-IAASLZ_VMSbyCVE, edit the query to replace "CVE-2021-45105" (l. 18) with the CVE ID you are looking for.
🔥 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
Then run the query.
List of CVEs with the number of vulnerable Virtual Machines for each
Once you have opened MCS-IAASLZ_VMSbyCVEorderByVMscount, no edit is needed, you can run the query as-is.
⚠️ The results are limited to ServerVulnerability (it doesn't include GeneralVulnerability or SQLvulnerability)
List of CVEs with the number of vulnerable Landing Zones for each
Once you have opened MCS-IAASLZ_LZSbyCVEorderByLZscount, no edit is needed, you can run the query as-is.
⚠️ The results are limited to ServerVulnerability (it doesn't include GeneralVulnerability or SQLvulnerability)