Security Center periodically analyzes the security state of your Azure resources to identify potential security vulnerabilities. It then provides you with recommendations on how to remediate those vulnerabilities. Recommendations are actions for you to take in order to secure your resources.
Recommendations can be viewed from within the Azure Portal or using programmatic tools. To enable monitoring in external solutions or automation, it is possible to export all recommendations to an Event Hub or Log Analytics workspace. Think of integration with a SIEM solution (such as Azure Sentinel) or Power BI, Azure Data Explorer, and more.
Within all available recommendations there are a number which in turn consist of numerous nested (child) recommendations. An example of such a nested recommendation is “Vulnerabilities in your virtual machines should be remediated”. With the recent update of the continuous export functionality, it has become possible to export these nested recommendations as well.
To enable continuous export for security findings, follow the steps below:
- In the Azure Portal go to ‘Security Center’.
- Click on Pricing & settings.
- Select the desired subscription.
- Click on Continuous export.
- Select the export destination type (Event Hub / Log Analytics Workspace)
- Enable export of security recommendations. Make sure that the recommendations you would like to export security findings for are selected in the recommendations drop down menu.
- Choose the Resource Group in which the automation resource will be created.
- Fill in the details of your export destination (Event Hub/Log Analytics workspace).
- Click on the Include security findings toggle to enable export of the security findings.
- Click Save.
For more information about Continuous Export see the following documentation:
The Azure Security Center September 2020 release notes: