How to List Azure Network Security Group from all Subscription using powershell

0
votes

I am trying to create an PowerShell script to list Azure Network Security Groups and it's rule from all subscription and export it to CSV.

Below is my code which list all the NSG Rule Name,Description,Priority,SourceAddressPrefix,SourcePortRange,DestinationAddressPrefix,DestinationPortRange,Protocol,Access and Direction.

############# List All Azure Network Security Groups #############
$subs = Get-AzSubscription

foreach ($sub in $subs) {
    Select-AzSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Users\admin-vishal.singh\Desktop\Test\nsg\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

The output I am Getting for above script enter image description here

I also tried to call object Resourcegroup, SubscriptionName under $nsgRule | Select-Object it gave me blank column with header Resourcegroup, subscriptionName.

I am trying to get output like this:

enter image description here

I don't know at which for loop I need to do changes to get output like above.

Basically, I am trying to list all the Azure NSGs with Rules from all subscription with there respective ResourcegroupName, subscriptionName.

2
azurepowershellazure-powershellazure-securityazure-nsg

2 Answers

2
votes

The extra properties you want to return belong to a different object than $nsgRule. You can still retrieve those properties through the use of Select-Object's calculated properties.

$subs = Get-AzureRmSubscription

foreach ($sub in $subs) {
    Select-AzureRmSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzureRmNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Vishal\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

$nsg contains ResourceGroupName and Name (the network security group name). $sub contains the subscription name as Name.

0
votes

Not sure if this helps a bit... I'm doing similar and using the az cli (which has direct conversions to powershell)

I'm taking this approach:

#get all the subs in a list
$subs_list = az account list --query [].[id] -o tsv

#loop through list of subs
foreach($sub in $subs_list)
{
    az account set --subscription $sub # change the active sub
    $rg_list = az group list | ConvertFrom-json # retrieve a list of resource groups for that sub
    foreach($rg in $rg_list) # loop through the list of resource groups
    {
        $nsg_list = az network nsg list --resource-group $rg.name | ConvertFrom-json # get the list of nsg for a resource group
        foreach($nsg in $nsg_list) # loop through the list of nsg
        {
            $nsg_rules = az network nsg rule list --nsg $nsg.name --resource-group $rg.name -o table # get a list of rules for each nsg
            $nsg_rules # print the rules to screen
        }
        

    }
}

You'll have to figure out how to format it all, but you now have the subscription object in $sub and the resource group in $rg via $rg.name or $rg.id...

I hope that helps, I'm new to this as well and this is my first question answered on here :)