I am using Azure CLI (az advisor recommendation list) to download all recommendations for my subscriptions. What I've noticed is that it works perfectly ok for all recommendations except from security recommendations. For the security recommendations, I always get:
"shortDescription": {
"problem": "Improve the security of your Azure resources",
"solution": "Follow Security Center recommendations"
},
even though on Azure those recommendations have concrete problem/solution (like Enable Network Security Groups on subnets) I assume, I need to use another command to get the concrete security recommendation, however I cannot find anything in the documentation. Can anyone help ?
Please use az security task list
Also, if you want to achieve the same using powershell, please use the following ASC powershell modules. A link for sample from github is provided.
ASC Powershell Module :- https://www.powershellgallery.com/packages/AzureRM.Security/0.2.0-preview
ASC Powershell Reference :- https://github.com/Azure/azure-powershell/blob/preview/src/ResourceManager/Security/Commands.Security/help/AzureRM.Security.md
ASC sample :- https://github.com/Microsoft/Azure-Security-Center/blob/master/quickstarts/ASC-Samples.ps1
Please check the blog on how to install the module. https://blogs.technet.microsoft.com/germanageability/2018/09/04/installing-and-testing-the-new-azure-security-center-preview-cmdlets/
Get-AzureRmSecurityTask will give you details of the types of recommendation suggested for each resource where the policy is applied.