如何在资源图中查询JSON

时间:2019-11-05 00:09:31

标签: kusto

我有一个JSON,由于资源图查询,我得到了JSON,我只需要返回其中properties.policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"的实例 如何在查询中做到这一点?

{
    "name": "GenericSecurityStatusesSummary",
    "resourceHealthSummryPerCategory": [
        {
            "category": "Compute",
            "healthy": 9,
            "medium": 287,
            "high": 337,
            "none": null,
            "low": 143
        },
        {
            "category": "Networking",
            "healthy": 754,
            "medium": null,
            "high": 10,
            "none": 12,
            "low": null
        }
    ],
    "policyAssessmentsSummaries": [
        {
            "policyDefinitionId": null,
            "assessmentKey": "d1db3318-01ff-16de-29eb-28b344515626",
            "policyName": "Monitoring agent should be installed on your machines",
            "category": "Compute",
            "healthy": 776,
            "medium": null,
            "high": null,
            "none": null,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "8e2b96ff-3de2-289b-b5c1-3b9921a3441e",
            "policyName": "Monitoring agent health issues should be resolved on your machines",
            "category": "Compute",
            "healthy": 676,
            "medium": 100,
            "high": null,
            "none": null,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
            "policyName": "Install endpoint protection solution on your machines",
            "category": "Compute",
            "healthy": 496,
            "medium": null,
            "high": 71,
            "none": 209,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a",
            "policyName": "Endpoint protection health issues should be resolved on your machines",
            "category": "Compute",
            "healthy": 488,
            "medium": 2,
            "high": 6,
            "none": 280,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "181ac480-f7c4-544b-9865-11b8ffe87f47",
            "policyName": "Vulnerabilities in security configuration on your machines should be remediated",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 136,
            "low": 640
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "c0f5316d-5ac5-9218-b77a-b96e16ccfd66",
            "policyName": "Your machines should be restarted to apply system updates",
            "category": "Compute",
            "healthy": 629,
            "medium": 17,
            "high": null,
            "none": 130,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "4ab6e3c5-74dd-8b35-9ab9-f61b30875b27",
            "policyName": "System updates should be installed on your machines",
            "category": "Compute",
            "healthy": 572,
            "medium": null,
            "high": 24,
            "none": 130,
            "low": 50
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "d57a4221-a804-52ca-3dea-768284f06bb7",
            "policyName": "Disk encryption should be applied on virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": 272,
            "none": 504,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "f9f0eed0-f143-47bf-b856-671ea2eeed62",
            "policyName": "Harden Network Security Group rules of internet facing virtual machines",
            "category": "Networking",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "35f45c95-27cf-4e52-891f-8390d1de5828",
            "policyName": "Adaptive Application Controls should be enabled on virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "01b1ed4c-b733-4fee-b145-f23236e70cf3",
            "policyName": "Vulnerability assessment solution should be installed on your virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": 522,
            "high": null,
            "none": 254,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "71992a2a-d168-42e0-b10e-6b45fa2ecddb",
            "policyName": "Vulnerabilities should be remediated by a Vulnerability Assessment solution",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "3b20e985-f71f-483b-b078-f30d73936d43",
            "policyName": "Access should be restricted for permissive Network Security Groups with Internet-facing VMs",
            "category": "Networking",
            "healthy": 755,
            "medium": null,
            "high": 9,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "0f50c962-6277-4142-8f95-aa16e80f8da4",
            "policyName": "The rules for web applications on IaaS NSGs should be hardened",
            "category": "Networking",
            "healthy": 760,
            "medium": null,
            "high": 4,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
            "policyName": "Management ports should be closed on your virtual machines",
            "category": "Networking",
            "healthy": 761,
            "medium": null,
            "high": 3,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "c3b51c94-588b-426b-a892-24696f9e54cc",
            "policyName": "IP forwarding on your virtual machine should be disabled",
            "category": "Networking",
            "healthy": 764,
            "medium": null,
            "high": null,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "805651bc-6ecd-4c73-9b55-97a19d0582d0",
            "policyName": "Just-In-Time network access control should be applied on virtual machines",
            "category": "Networking",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        }
    ],
    "resourceHealthSummary": {
        "healthy": 9,
        "medium": 284,
        "high": 340,
        "none": null,
        "low": 143
    },
    "resourceCount": 776
}

1 个答案:

答案 0 :(得分:0)

您可以尝试使用mv-expandmv-apply。例如:

print d = dynamic({
    "name": "GenericSecurityStatusesSummary",
    "resourceHealthSummryPerCategory": [
        {
            "category": "Compute",
            "healthy": 9,
            "medium": 287,
            "high": 337,
            "none": null,
            "low": 143
        },
        {
            "category": "Networking",
            "healthy": 754,
            "medium": null,
            "high": 10,
            "none": 12,
            "low": null
        }
    ],
    "policyAssessmentsSummaries": [
        {
            "policyDefinitionId": null,
            "assessmentKey": "d1db3318-01ff-16de-29eb-28b344515626",
            "policyName": "Monitoring agent should be installed on your machines",
            "category": "Compute",
            "healthy": 776,
            "medium": null,
            "high": null,
            "none": null,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "8e2b96ff-3de2-289b-b5c1-3b9921a3441e",
            "policyName": "Monitoring agent health issues should be resolved on your machines",
            "category": "Compute",
            "healthy": 676,
            "medium": 100,
            "high": null,
            "none": null,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
            "policyName": "Install endpoint protection solution on your machines",
            "category": "Compute",
            "healthy": 496,
            "medium": null,
            "high": 71,
            "none": 209,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a",
            "policyName": "Endpoint protection health issues should be resolved on your machines",
            "category": "Compute",
            "healthy": 488,
            "medium": 2,
            "high": 6,
            "none": 280,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "181ac480-f7c4-544b-9865-11b8ffe87f47",
            "policyName": "Vulnerabilities in security configuration on your machines should be remediated",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 136,
            "low": 640
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "c0f5316d-5ac5-9218-b77a-b96e16ccfd66",
            "policyName": "Your machines should be restarted to apply system updates",
            "category": "Compute",
            "healthy": 629,
            "medium": 17,
            "high": null,
            "none": 130,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "4ab6e3c5-74dd-8b35-9ab9-f61b30875b27",
            "policyName": "System updates should be installed on your machines",
            "category": "Compute",
            "healthy": 572,
            "medium": null,
            "high": 24,
            "none": 130,
            "low": 50
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "d57a4221-a804-52ca-3dea-768284f06bb7",
            "policyName": "Disk encryption should be applied on virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": 272,
            "none": 504,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "f9f0eed0-f143-47bf-b856-671ea2eeed62",
            "policyName": "Harden Network Security Group rules of internet facing virtual machines",
            "category": "Networking",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "35f45c95-27cf-4e52-891f-8390d1de5828",
            "policyName": "Adaptive Application Controls should be enabled on virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "01b1ed4c-b733-4fee-b145-f23236e70cf3",
            "policyName": "Vulnerability assessment solution should be installed on your virtual machines",
            "category": "Compute",
            "healthy": null,
            "medium": 522,
            "high": null,
            "none": 254,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "71992a2a-d168-42e0-b10e-6b45fa2ecddb",
            "policyName": "Vulnerabilities should be remediated by a Vulnerability Assessment solution",
            "category": "Compute",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "3b20e985-f71f-483b-b078-f30d73936d43",
            "policyName": "Access should be restricted for permissive Network Security Groups with Internet-facing VMs",
            "category": "Networking",
            "healthy": 755,
            "medium": null,
            "high": 9,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "0f50c962-6277-4142-8f95-aa16e80f8da4",
            "policyName": "The rules for web applications on IaaS NSGs should be hardened",
            "category": "Networking",
            "healthy": 760,
            "medium": null,
            "high": 4,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
            "policyName": "Management ports should be closed on your virtual machines",
            "category": "Networking",
            "healthy": 761,
            "medium": null,
            "high": 3,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "c3b51c94-588b-426b-a892-24696f9e54cc",
            "policyName": "IP forwarding on your virtual machine should be disabled",
            "category": "Networking",
            "healthy": 764,
            "medium": null,
            "high": null,
            "none": 12,
            "low": null
        },
        {
            "policyDefinitionId": null,
            "assessmentKey": "805651bc-6ecd-4c73-9b55-97a19d0582d0",
            "policyName": "Just-In-Time network access control should be applied on virtual machines",
            "category": "Networking",
            "healthy": null,
            "medium": null,
            "high": null,
            "none": 776,
            "low": null
        }
    ],
    "resourceHealthSummary": {
        "healthy": 9,
        "medium": 284,
        "high": 340,
        "none": null,
        "low": 143
    },
    "resourceCount": 776
})
| mv-apply d.policyAssessmentsSummaries on
(
    where d_policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"
)

或使用

...
| mv-expand d.policyAssessmentsSummaries
| where d_policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"