This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 65%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
For automation purpose, my requirement is through API call fetch the AKS and ARO clusters from Azure on which "Defender for Containers" is enabled. Is there such API present or any alternative ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi DiptiRanjan Swain,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here,
Based on your query, you can retrieve cluster information through the provided APIs. Please refer to the documentation below
AKS
Open Shift Clusters
About Cloud defender security standards and custom APIs Please look into this API documentation. Specifically for Defender for Containers, it is not explicitly mentioned. But in Defender the document as they mentioned you can use the Get and List API actions for security assessments. The Get action retrieves details of a specific security assessment for a resource, while the List action retrieves all security assessments for resources within a scope. To get there is a list of assessments that you can retrieve, which includes information that might be helpful for your needs. Please refer to this documentation Defender API Assessments These actions help manage and check the security status of your resources, including whether status like healthy or not. You can see an example List API response image below
If you have any further query, please let me know
Hi DiptiRanjan Swain,
If you have a chance, could you please review my inputs, and let me know if you have any queries by tag me in the comments.
Thank you
@Akshay kumar Mandha Thank you for the answer. the API is working fine when no assessment id is specified, returns data for all the assessments. But my requirement is to only get the data for specific assessment id. I am trying with various options to make that work.
Hi DiptiRanjan Swain,
Based on your latest comment, it looks like the API is working. As you mentioned, your requirement is to get data for a specific assessment ID. I completely understand your point, and I appreciate the efforts you are putting in to try different approaches. Have you tried retrieving the list of all assessments and then filtering by the one id associated with your exact resource? I could you please try in this way and let me know and please feel free to reach out to me.
If you have any further query or any additional will provide support, you always as needed
@Akshay kumar Mandha following resource graph query meeting my expectation. Thank you for the follow-up
securityresources
| where name == "56a83a6e-c417-42ec-b567-1e6fcb3d09a9"
| extend Status = tostring(properties["status"]["code"])
| extend ResourceName = tostring(properties ["resourceDetails"]["ResourceName"])
| where Status == "Healthy"
| distinct ResourceName, Status, resourceGroup, subscriptionId
Hi DiptiRanjan Swain,
Good catch! Glad the issue is resolved for you finally. I will have this answer promoted by reposting it. As an Original Poster (You) will not be able to accept your own answer. This is in the attempt to help others looking for a solution for a similar issue.
Thanks again for sharing the solution here. Have a good day!
Issue:
For automation purpose, my requirement is through API call fetch the AKS and ARO clusters from Azure on which "Defender for Containers" is enabled. Is there such API present or any alternative?
Solution:
securityresources
| where name == "56a83a6e-c417-42ec-b567-1e6fcb3d09a9"
| extend Status = tostring(properties["status"]["code"])
| extend ResourceName = tostring(properties ["resourceDetails"]["ResourceName"])
| where Status == "Healthy"
| distinct ResourceName, Status, resourceGroup, subscriptionId
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 79%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Hello @Diptiranjan Swain , another option that you can try is Resource Graph API query for AKS and ARO clusters with "Defender for Containers" enabled.
Something like this-
Resources
| where type == "microsoft.containerservice/managedclusters"
| where properties.addonProfiles.azureDefender.enabled == true
| project name, resourceGraph, location
Similarly, you can change the query accordingly for ARO clusters.
Reference: https://learn.microsoft.com/en-us/azure/governance/resource-graph/first-query-portal
You can use Azure CLI or Rest APIs too to run these queries instead of Azure portal. Hope this helps.
Please feel free to reach out if you have questions on these.
Thanks!
Hi @Megha Dubey , thank you for answering. The query is not recognizing metadata properties.addonProfiles.azureDefender.enabled, when I verified, it seems this metadata is not present for the clusters. But following query works
securityresources
| where name == "56a83a6e-c417-42ec-b567-1e6fcb3d09a9"
| extend Status = tostring(properties["status"]["code"])
| extend ResourceName = tostring(properties ["resourceDetails"]["ResourceName"])
| where Status == "Healthy"
| distinct ResourceName, Status, resourceGroup, subscriptionId