azure:azure_security_assessments

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:azure_security_assessments [2025/04/11 15:06] mmuzeazure:azure_security_assessments [2025/06/25 18:59] (current) – [List Azure Role Assignments] mmuze
Line 1: Line 1:
 ====== Azure Security Assessments ====== ====== Azure Security Assessments ======
 +  * [[azure:Azure Security Assessments Exploration]]
 +  * [[azure:Azure Powerpipe]]
 +  * [[azure:azure_resource_graph_explorer|Azure Resource Graph Explorer]]
 +  * [[https://github.com/microsoft/ARI]]
 +
 +====== Methodology ======
 +To begin an assessment list all resources that are in all subscriptions that are in scope to get a sense of the environment.
 +
  
 ====== List All Resources ====== ====== List All Resources ======
Line 11: Line 19:
 } }
  
-$resources | convert-to-json | out-file " . \resources.json"+$resources | convert-to-json | out-file " . \resources.json" -encoding utf8
 </code> </code>
  
 == List All Resource Types == == List All Resource Types ==
 +Output a unique list of resource types
 +<code>
 +jq 'map(.ResourceType) | unique' resources.json
 +</code>
  
 <code> <code>
-jq.exe 'map(.Type) | unique' resources.json+jq '. | unique_by(.ResourceType) | .[] | .ResourceType.\resources.json
 </code> </code>
  
Line 51: Line 63:
  
 </code> </code>
 +
 +====== List Azure Role Assignments ======
 +<code powershell>
 +Get-AzRoleAssignment
 +</code>
 +
 +<code>
 + az role assignment list --role "User Access Administrator" --scope "/providers/Microsoft.Management/managementGroups/<id guid>"
 +</code>
 +====== Tools ======
 +  * [[https://github.com/microsoft/ARI]], inventory tool
  
  • azure/azure_security_assessments.1744384013.txt.gz
  • Last modified: 2025/04/11 15:06
  • by mmuze