Select Page

You can tell where I’ve been working by the Kusto queries against Azure Resource Graph that I leave behind.

All Azure VNets and subnets, with subnet details:

// get all Azure VNETS and SUBNETS with associated subnets

resources

| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId

| where type == “microsoft.network/virtualnetworks”

| mv-expand subs=properties.subnets

| extend subnetname = subs.name

| extend subnetprefix= subs.properties.addressPrefix

| extend vnetprefix = substring(tostring(properties.addressSpace.addressPrefixes),2,strlen(tostring(properties.addressSpace.addressPrefixes))-4)

| project SubName, resourceGroup, name, vnetprefix, subnetname, subnetprefix

| sort by SubName, resourceGroup asc, name

This one for pulling back network security groups and metadata (this was originally at Thomas Balkeståhl’s blog) – tidied up:

Resources

| where type =~ “microsoft.network/networksecuritygroups”

| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId

| mv-expand rules=properties.securityRules

| extend direction = tostring(rules.properties.direction)

| extend priority = toint(rules.properties.priority)

| extend description = rules.properties.description

| extend destprefix = rules.properties.destinationAddressPrefix

| extend destport = rules.properties.destinationPortRange

| extend sourceprefix = rules.properties.sourceAddressPrefix

| extend sourceport = rules.properties.sourcePortRange

| extend subnet_name = split((split(tostring(properties.subnets), ‘/’))[10], ‘”‘)[0]

| project SubName, resourceGroup, subnet_name, name, direction, priority, destprefix, destport, sourceprefix, sourceport, description

| sort by SubName, resourceGroup asc, name, direction asc, priority asc