Finding all Network Interfaces that are connected to Virtual Machines in Azure

-
Recently I was involved in a discovery project to find all our network interfaces and virtual machines in Azure.

I was aware that you could go to the Network Interface dashboard or the Virtual Machine dashboard but this was too manual for my liking. Also I needed to know which Network Interface was used by which Virtual Machine.

So my solution was using Azure Resource Graph Explorer. 

The following KQL is used to get all Network Interfaces in your azure tenant. 

resources
| where type =~ 'microsoft.network/networkinterfaces'
| extend privateIp = properties.ipConfigurations[0].properties.privateIPAddress
| extend id = name
| project name, privateIp, properties.macAddress, id

Running this KQL gives me a output like this in my test tenant.







To get the Virtual Machines that use the Network Interfaces a left outer join can be used to join the networkinterfaces table with the virtalmachines table using the IDs. 

This is the KQL I used the left outer join. 

| join kind=leftouter (
    resources
| where type == "microsoft.compute/virtualmachines"
| extend idString = tostring(properties.networkProfile.networkInterfaces[0].id)
| extend id = extract(@"networkInterfaces\/(.*)", 1, idString)
        | extend virtualMachineName = name
| project virtualMachineName, id)
on id

When using the above KQL extracts together, this is the output. 





Below is the final rendition of the KQL with comments added into explain what each line does. I am more than happy for anyone to use the below KQL, if it is not working for you or you need assistance in editing it I am more than happy to help.

//table to use
resources
//which part of the table to look at
| where type =~ 'microsoft.network/networkinterfaces'
//get the privateIP address as it was stored in an array
| extend privateIp = properties.ipConfigurations[0].properties.privateIPAddress
//sets id to equal name, this will be needed for the join later on
| extend id = name
//specifies which variable to show
| project name, privateIp, properties.macAddress, id
//joins the networkinterface and virtaulmachines together
| join kind=leftouter (
    resources
//which part of the table to look at
| where type == "microsoft.compute/virtualmachines"
//get the string which includes the id
| extend idString = tostring(properties.networkProfile.networkInterfaces[0].id)
//uses a regular expression to pull the virtual machine id from the string
| extend id = extract(@"networkInterfaces\/(.*)", 1, idString)
    //changes the name of name so that is easier to understand what it is
    | extend virtualMachineName = name
    //works out if the network adapter has a virtual machine attached
//specifies which variable to show
| project virtualMachineName, id)
//specifies the tables to join on the id 
on id
| extend vmOrNot = iif(isnotempty(virtualMachineName), "vm", "not")
| project-away id1, id

Comments

Post a Comment

Popular posts from this blog

AD PowerShell script to add/remove a list of users from a group

-
Image
Have you ever had to do something manually and you were just like, I don't ever want to do that again it took to long.  Well that happened to me when I was setting up my domain and experimenting, I had to keep adding and removing my mock users to groups and it got really annoying.  So I simply automated it using PowerShell, know all I need to do is supply a list of the users I want to remove or add and the group name then voila.  To automate this I simply went through each line in the CSV file and got the distinguished name of the user using Get-ADUser. I then used either Add-ADGroupMember or Remove-ADGroupMember to add or remove the user, all that needed to be supplied here was the distinguished name of the group and the previously gotten distinguished name of the user.  Below is a screenshot of my code, I am happy for you to use it but I am not accountable if you edit or misuse and cause any issues.  Screenshot of the code: Results of running the code:
Read more

Terraform with VirtualBox

-
Image
So I wanted to learn how to use Terraform, it is something that is quite interesting but I have never got to use it. I had to sort that out. 👍 I could have made it build me a VM instance on the cloud but I currently don't have the need for that as I have the Kali VM that I use for messing around with CTFs hosted locally. So I decided to go with Virtual Box, also this stops any issues like for example me building the wrong VM instance and my card screaming at me. So my first order of business was to create a new folder and create the terraform.tf file in there. I then used the boiler plate code that can be found on the HashiCorp website here : https://registry.terraform.io/providers/terra-farm/virtualbox/latest/docs.  Using "terraform init" to initialise a Terraform instance then "terraform apply". But I ran into some issues with that. For starters the first issue that will arise is that the version specified in this template is no longer the current version and...
Read more