我有一个JSON,由于资源图查询,我得到了JSON,我只需要返回其中properties.policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"的实例
如何在查询中做到这一点?
{
"name": "GenericSecurityStatusesSummary",
"resourceHealthSummryPerCategory": [
{
"category": "Compute",
"healthy": 9,
"medium": 287,
"high": 337,
"none": null,
"low": 143
},
{
"category": "Networking",
"healthy": 754,
"medium": null,
"high": 10,
"none": 12,
"low": null
}
],
"policyAssessmentsSummaries": [
{
"policyDefinitionId": null,
"assessmentKey": "d1db3318-01ff-16de-29eb-28b344515626",
"policyName": "Monitoring agent should be installed on your machines",
"category": "Compute",
"healthy": 776,
"medium": null,
"high": null,
"none": null,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "8e2b96ff-3de2-289b-b5c1-3b9921a3441e",
"policyName": "Monitoring agent health issues should be resolved on your machines",
"category": "Compute",
"healthy": 676,
"medium": 100,
"high": null,
"none": null,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
"policyName": "Install endpoint protection solution on your machines",
"category": "Compute",
"healthy": 496,
"medium": null,
"high": 71,
"none": 209,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a",
"policyName": "Endpoint protection health issues should be resolved on your machines",
"category": "Compute",
"healthy": 488,
"medium": 2,
"high": 6,
"none": 280,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "181ac480-f7c4-544b-9865-11b8ffe87f47",
"policyName": "Vulnerabilities in security configuration on your machines should be remediated",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 136,
"low": 640
},
{
"policyDefinitionId": null,
"assessmentKey": "c0f5316d-5ac5-9218-b77a-b96e16ccfd66",
"policyName": "Your machines should be restarted to apply system updates",
"category": "Compute",
"healthy": 629,
"medium": 17,
"high": null,
"none": 130,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "4ab6e3c5-74dd-8b35-9ab9-f61b30875b27",
"policyName": "System updates should be installed on your machines",
"category": "Compute",
"healthy": 572,
"medium": null,
"high": 24,
"none": 130,
"low": 50
},
{
"policyDefinitionId": null,
"assessmentKey": "d57a4221-a804-52ca-3dea-768284f06bb7",
"policyName": "Disk encryption should be applied on virtual machines",
"category": "Compute",
"healthy": null,
"medium": null,
"high": 272,
"none": 504,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "f9f0eed0-f143-47bf-b856-671ea2eeed62",
"policyName": "Harden Network Security Group rules of internet facing virtual machines",
"category": "Networking",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "35f45c95-27cf-4e52-891f-8390d1de5828",
"policyName": "Adaptive Application Controls should be enabled on virtual machines",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "01b1ed4c-b733-4fee-b145-f23236e70cf3",
"policyName": "Vulnerability assessment solution should be installed on your virtual machines",
"category": "Compute",
"healthy": null,
"medium": 522,
"high": null,
"none": 254,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "71992a2a-d168-42e0-b10e-6b45fa2ecddb",
"policyName": "Vulnerabilities should be remediated by a Vulnerability Assessment solution",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "3b20e985-f71f-483b-b078-f30d73936d43",
"policyName": "Access should be restricted for permissive Network Security Groups with Internet-facing VMs",
"category": "Networking",
"healthy": 755,
"medium": null,
"high": 9,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "0f50c962-6277-4142-8f95-aa16e80f8da4",
"policyName": "The rules for web applications on IaaS NSGs should be hardened",
"category": "Networking",
"healthy": 760,
"medium": null,
"high": 4,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"policyName": "Management ports should be closed on your virtual machines",
"category": "Networking",
"healthy": 761,
"medium": null,
"high": 3,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "c3b51c94-588b-426b-a892-24696f9e54cc",
"policyName": "IP forwarding on your virtual machine should be disabled",
"category": "Networking",
"healthy": 764,
"medium": null,
"high": null,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "805651bc-6ecd-4c73-9b55-97a19d0582d0",
"policyName": "Just-In-Time network access control should be applied on virtual machines",
"category": "Networking",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
}
],
"resourceHealthSummary": {
"healthy": 9,
"medium": 284,
"high": 340,
"none": null,
"low": 143
},
"resourceCount": 776
}
答案 0 :(得分:0)
print d = dynamic({
"name": "GenericSecurityStatusesSummary",
"resourceHealthSummryPerCategory": [
{
"category": "Compute",
"healthy": 9,
"medium": 287,
"high": 337,
"none": null,
"low": 143
},
{
"category": "Networking",
"healthy": 754,
"medium": null,
"high": 10,
"none": 12,
"low": null
}
],
"policyAssessmentsSummaries": [
{
"policyDefinitionId": null,
"assessmentKey": "d1db3318-01ff-16de-29eb-28b344515626",
"policyName": "Monitoring agent should be installed on your machines",
"category": "Compute",
"healthy": 776,
"medium": null,
"high": null,
"none": null,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "8e2b96ff-3de2-289b-b5c1-3b9921a3441e",
"policyName": "Monitoring agent health issues should be resolved on your machines",
"category": "Compute",
"healthy": 676,
"medium": 100,
"high": null,
"none": null,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df",
"policyName": "Install endpoint protection solution on your machines",
"category": "Compute",
"healthy": 496,
"medium": null,
"high": 71,
"none": 209,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a",
"policyName": "Endpoint protection health issues should be resolved on your machines",
"category": "Compute",
"healthy": 488,
"medium": 2,
"high": 6,
"none": 280,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "181ac480-f7c4-544b-9865-11b8ffe87f47",
"policyName": "Vulnerabilities in security configuration on your machines should be remediated",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 136,
"low": 640
},
{
"policyDefinitionId": null,
"assessmentKey": "c0f5316d-5ac5-9218-b77a-b96e16ccfd66",
"policyName": "Your machines should be restarted to apply system updates",
"category": "Compute",
"healthy": 629,
"medium": 17,
"high": null,
"none": 130,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "4ab6e3c5-74dd-8b35-9ab9-f61b30875b27",
"policyName": "System updates should be installed on your machines",
"category": "Compute",
"healthy": 572,
"medium": null,
"high": 24,
"none": 130,
"low": 50
},
{
"policyDefinitionId": null,
"assessmentKey": "d57a4221-a804-52ca-3dea-768284f06bb7",
"policyName": "Disk encryption should be applied on virtual machines",
"category": "Compute",
"healthy": null,
"medium": null,
"high": 272,
"none": 504,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "f9f0eed0-f143-47bf-b856-671ea2eeed62",
"policyName": "Harden Network Security Group rules of internet facing virtual machines",
"category": "Networking",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "35f45c95-27cf-4e52-891f-8390d1de5828",
"policyName": "Adaptive Application Controls should be enabled on virtual machines",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "01b1ed4c-b733-4fee-b145-f23236e70cf3",
"policyName": "Vulnerability assessment solution should be installed on your virtual machines",
"category": "Compute",
"healthy": null,
"medium": 522,
"high": null,
"none": 254,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "71992a2a-d168-42e0-b10e-6b45fa2ecddb",
"policyName": "Vulnerabilities should be remediated by a Vulnerability Assessment solution",
"category": "Compute",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "3b20e985-f71f-483b-b078-f30d73936d43",
"policyName": "Access should be restricted for permissive Network Security Groups with Internet-facing VMs",
"category": "Networking",
"healthy": 755,
"medium": null,
"high": 9,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "0f50c962-6277-4142-8f95-aa16e80f8da4",
"policyName": "The rules for web applications on IaaS NSGs should be hardened",
"category": "Networking",
"healthy": 760,
"medium": null,
"high": 4,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"policyName": "Management ports should be closed on your virtual machines",
"category": "Networking",
"healthy": 761,
"medium": null,
"high": 3,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "c3b51c94-588b-426b-a892-24696f9e54cc",
"policyName": "IP forwarding on your virtual machine should be disabled",
"category": "Networking",
"healthy": 764,
"medium": null,
"high": null,
"none": 12,
"low": null
},
{
"policyDefinitionId": null,
"assessmentKey": "805651bc-6ecd-4c73-9b55-97a19d0582d0",
"policyName": "Just-In-Time network access control should be applied on virtual machines",
"category": "Networking",
"healthy": null,
"medium": null,
"high": null,
"none": 776,
"low": null
}
],
"resourceHealthSummary": {
"healthy": 9,
"medium": 284,
"high": 340,
"none": null,
"low": 143
},
"resourceCount": 776
})
| mv-apply d.policyAssessmentsSummaries on
(
where d_policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"
)
或使用
...
| mv-expand d.policyAssessmentsSummaries
| where d_policyAssessmentsSummaries.policyName == "Monitoring agent health issues should be resolved on your machines"