search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.26k stars 3.86k forks source link

Can't run Get-AzSecurityTask at the subscription level #23054

Open SponTanious opened 1 year ago

SponTanious commented 1 year ago

Description

Hi Team,

I am unable to run Get-AzSecurityTask on a Subscription.

$SubscriptionIDs = Get-AzSubscription

foreach ($sub in $SubscriptionIDs) {

    $sub.Name
    Set-AzContext -Subscription $sub | Out-null
    Get-AzSecurityTask 

}

This is the error I am getting, I have access to a lot of subscriptions and this error is occurring for all of them.

image

Looks like it was a bug that existed previously. issue

Let me know if you would like anymore details.

Kind Regards, Daniel Tanious

Issue script & Debug output

Issue Script:

$SubscriptionIDs = Get-AzSubscription

foreach ($sub in $SubscriptionIDs) {

    $sub.Name
    Set-AzContext -Subscription $sub | Out-null
    Get-AzSecurityTask 

}

Debug Output: Can't provide as it contains to much sensitive data.


### Environment data

```PowerShell
Name                           Value
----                           -----
PSVersion                      7.3.8
PSEdition                      Core
GitCommitId                    7.3.8
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.12.5                Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     1.4.0                 Az.Security                         {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecuritySqlVulnerabilityAssessmentBaseline, Confirm…
Script     5.9.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccou…
Manifest   2.1.0                 AzTable                             {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}

Error output

Message        : The given key 'policyName' was not present in the dictionary.
StackTrace     :    at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.ConvertToPSType(SecurityTask value)
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.<>c.<ConvertToPSType>b__1_0(SecurityTask task)
                    at System.Linq.Enumerable.SelectEnumerableIterator`2.ToList()
                    at Microsoft.Azure.Commands.Security.Models.Tasks.PSSecurityTaskConverters.ConvertToPSType(IEnumerable`1 value)
                    at Microsoft.Azure.Commands.Security.Cmdlets.Tasks.GetTasks.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.Collections.Generic.KeyNotFoundException
InvocationInfo : {Get-AzSecurityTask}
Line           :     Get-AzSecurityTask

Position       : At untitled:Untitled-1:42 char:5
                 +     Get-AzSecurityTask
                 +     ~~~~~~~~~~~~~~~~~~
HistoryId      : 1
isra-fel commented 1 year ago

Let me route this to the Azure Security team. BTW @SponTanious hi, I noticed the call is in a for-loop. Does the command not work for every subscription? Any error when Set-AzContext?

microsoft-github-policy-service[bot] commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @zivraf.

SponTanious commented 1 year ago

@isra-fel No errors with Set-AzContext

ghetzu commented 10 months ago

hi,

any news on this one?

facing the same issue, can't run Get-AzSecurityTask.

thanks,

SponTanious commented 9 months ago

Issue still exists but I wanted to post a work around I found.

@ghetzu - you can use the following as an alternative.

$SecurityAssements = Get-AzSecurityAssessment | Where-Object {$_.Status.Code -eq "Unhealthy"} | Group-Object 'DisplayName' | ForEach-Object { $_.Group[0] }
$SecurityAssementMetadatas = $SecurityAssements | ForEach-Object {Get-AzSecurityAssessmentMetadata -ResourceId $_.Id}
$SecurityRecommendations = $SecurityAssementMetadatas | Select-Object DisplayName, Severity
theorjan commented 9 months ago

stale issue?

SponTanious commented 9 months ago

stale issue?

No I don't believe so