Is it possible to access Azure Security Center recommendations outside of Azure Portal?

Question

For part of a project, I need to be able to display security center recommendations for a given resource group on a webpage. To be clear, I'm looking to access the data on the Recommendations blade of Azure Security Center and filter that information by a resource group, only displaying the recommendations relevant to those resources.

I've been looking at two ways to implement this:

1. Security Resource API seems to be a good starting place, however I can't find any API endpoint that will allow me to access the recommendations. I've found methods to GET security alerts and security tasks, but these are both reactive (i.e. something happened that you should know about), while I'm looking for preventative (i.e. something could happen, take these steps to mitigate the risk of it happening).
2. PowerBI dashboards also do almost what I want. I'm able to preview the number of recommendations, and one of the pages on the default dashboard even breaks those numbers down per resource group, but I still can't find a way to use this information in the way that I want.

An ideal solution would allow me to retrieve and display all resources recommendations scoped to a monitored resource group, with the following parameters:

• Resource Name
• Description
• State
• Severity

Is there any way to access this information from outside of Azure? Is it possible that I've overlooked something in the API or PowerBI documentation that would allow me to do this? I'm new to PowerBI, and I'm afraid that I'm misunderstanding a basic concept that may be right in front of me.

Thank you for your time!

Answer 1

When using API's on Azure there is a limit of 1000 records, so you need to take the nextlink and continue from there.

Azure Resource Graph Explorer uses Kusto query language. You can only run microsoft.security/assessments from Azure Resource Graph Explorer, not able to run from PowerBI. Problem is HowTo get microsoft.security/assessments data outside Azure.

Answer 2

// *** Azure Resource Graph Explorer query is below:

securityresources

| where type == "microsoft.security/assessments"

| where displayName == "Endpoint protection should be installed on your machines"

// statusChangeDate: 2021-08-02, 2021-11-03

Answer 3

Figured I'd come back to this in case anyone is ever looking for an answer to this. I'm going to try and keep this brief, but I ended up doing the following.

The Get Security Status method I mentioned in the original question returns a field called properties. MSDN doesn't say anywhere (at the time I'm posting this) what those properties contain, but I'll post some sample JSON for posterity:

---

{
  "value": [
    {
*     "id": "(identifying information specific to task)",
      "name": "(int)",
      "type": "Microsoft.Security/locations/(resource group)/tasks",
      "properties": {
*       "state": "Active",
        "subState": "NA",
        "creationTimeUtc": "2017-01-29T10:40:43.6599124Z",
        "lastStateChangeTimeUtc": "2017-01-29T10:40:43.6599124Z",
        "securityTaskParameters": {
*         "storageAccountName": "(resource name)",
*         "name": "Enable encryption for Azure Storage Account",
          "uniqueKey": "(url to resource)",
          "resourceId": "(url to resource)"
        }
      }
    }
  }

So, I filled my models with the parameters with asterisks at the beginning of their lines (added by me).

Frankly, this isn't exactly what I was looking for, but it's a close enough analog to work. I really wish the documentation for this were better, but I was able to find the information by following a hunch.

I hope this helps someone someday!