Azure CSPM - Multiple questions

Hello,

So I just enabled Azure CSPM (8.12.2) and I have some questions:

  • Is there is a way to snooze / acknowledge / ignore findings? Some of the findings are not applicable to our organization and we would like to ignore them or acknowledge them.

  • Where is the compliance score stored? Or is it a calculated value? I would like to show this score on a custom dashboard we use for reporting to our management. How can I create a Lens metric visualisation which show this score?

  • Is there a way to visualize the evolution of the compliance score? If we'd fix some things, I'd like to show to my management the evolution of our compliance score somehow.

  • Is it documented somewhere what Azure ur'ls need to be acessible so I can open only those in our perimeter firewall? For example what url's in this list do I need to open? Allow the Azure portal URLs on your firewall or proxy server - Azure portal | Microsoft Learn

Thanks.

Willem

2 Likes

@willemdh Thank you for your questions and exploring latest Azure CSPM coverage in our Product. Please find responses below:

  • Is there is a way to snooze / acknowledge / ignore findings? Some of the findings are not applicable to our organization and we would like to ignore them or acknowledge them.

It was one of the top asks from customers and we have prioritised and worked on delivering this capability in version 8.13 which will be released later this month. We plan to release the "enable/disable" functionality for benchmark rules. It will be possible to disable/mute specific rules so they are not producing any findings and don't participate in the score calculation. Lookout for 8.13 release updates.

  • Where is the compliance score stored? Or is it a calculated value? I would like to show this score on a custom dashboard we use for reporting to our management. How can I create a Lens metric visualisation which show this score?

The percentage score is a calculated value, but all the base numbers for the score are stored in the index logs-cloud_security_posture.scores-default and it should be possible to use it in Lens. You need to create a Data View with this index first so it shows up in Lens, but then you should be able to build any custom visualisation based on this data

  • Is there a way to visualize the evolution of the compliance score? If we'd fix some things, I'd like to show to my management the evolution of our compliance score somehow.

Should be possible with a custom visualisation. The score data is stored in the logs-cloud_security_posture.scores-default index every 5 mins, so it is possible to show a trendline of the score

Is it documented somewhere what Azure ur'ls need to be acessible so I can open only those in our perimeter firewall? For example what url's in this list do I need to open?

We recommend to enable all listed endpoints in Microsoft's documentation.

Let me know if you have any follow up questions on these or related topics.

3 Likes

Thank you very much for all the info. I'll look into the scores indices and will look for the compliance score.

@smriti0321 Are you sure I should be able to recreate the percentage score? I gave it a try, but the low / medium / high / critical scores always seem 0...

The index also only has very limited fields:

So not sure what's going on here and where else I should look.