func()

in internal/scanners/defender.go [20:61]

• 39 lines of code
• 6 McCabe index (conditional complexity)

func (s *DefenderScanner) Scan(ctx context.Context, scan bool, cred azcore.TokenCredential, subscriptions map[string]string, filters *models.Filters) []models.DefenderResult {
	models.LogResourceTypeScan("Defender Status")
	resources := []models.DefenderResult{}

	if scan {
		graphClient := graph.NewGraphQuery(cred)
		query := `
		SecurityResources
		| join kind=inner (
			resourcecontainers
			| where type == 'microsoft.resources/subscriptions'
			| project subscriptionId, subscriptionName = name)
		on subscriptionId
		| where type == 'microsoft.security/pricings'
		| project SubscriptionId = subscriptionId, SubscriptionName = subscriptionName, Name = name, Tier = properties.pricingTier
		`
		log.Debug().Msg(query)
		subs := make([]*string, 0, len(subscriptions))
		for s := range subscriptions {
			subs = append(subs, &s)
		}
		result := graphClient.Query(ctx, query, subs)
		resources = []models.DefenderResult{}
		if result.Data != nil {
			for _, row := range result.Data {
				m := row.(map[string]interface{})

				if filters.Azqr.IsSubscriptionExcluded(to.String(m["SubscriptionId"])) {
					continue
				}

				resources = append(resources, models.DefenderResult{
					SubscriptionID:   to.String(m["SubscriptionId"]),
					SubscriptionName: to.String(m["SubscriptionName"]),
					Name:             to.String(m["Name"]),
					Tier:             to.String(m["Tier"]),
				})
			}
		}
	}
	return resources
}