Skip to content

Instantly share code, notes, and snippets.

@jkbryan jkbryan/Get-AzureNSGs.ps1
Last active Feb 8, 2019

Embed
What would you like to do?
A script to present Azure NSG's into a csv file
Connect-AzureRmAccount
$Subscription = "<Subscription-GUID>"
$LogFile = "C:\<PATH>\NSGs.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
Add-Content $LogFile "nsg,rule,protocol,SourcePortRange,DestinationPortRange,SourceAddressPrefix,DestinationAddressPrefix,SourceApplicationSecurityGroups,DestinationApplicationSecurityGroups,Access,Priority,Direction"
Set-AzureRmContext -Subscription $Subscription
$NSGs = Get-AzureRmNetworkSecurityGroup
foreach ($nsg in $NSGs) {
foreach ($rule in $nsg.SecurityRules) {
select-object nsg, rule, protocol, SourcePortRange, DestinationPortRange, SourceApplicationSecurityGroups, DestinationApplicationSecurityGroups, SourceAddressPrefix, DestinationAddressPrefix, Access, Priority, Direction
$NSGName = $nsg.Name
Write-Host "NSGName" $NSGName
$NSGRuleName = $rule.name
Write-Host "NSGRuleName" $NSGRuleName
$NSGRuleProtocol = $rule.Protocol
Write-Host "NSGRuleProtocol" NSGRuleProtocol
foreach ($sport in $rule.SourcePortRange) {
if ($sport -ne $rule.SourcePortRange[0]) {
$sport = $sport + ";" + $sport
}
$NSGRuleSourcePortRange = $sport
Write-Host "NSGRuleSourcePortRange" $NSGRuleSourcePortRange
}
foreach ($dport in $rule.DestinationPortRange) {
if ($dport -ne $rule.DestinationPortRange[0]) {
$dport = $dport + ";" + $dport
}
$NSGRuleDestinationPortRange = $dport
Write-Host "NSGRuleDestinationPortRange" $NSGRuleDestinationPortRange
}
foreach ($sprefix in $rule.SourceAddressPrefix) {
if ($sprefix -ne $rule.SourceAddressPrefix[0]) {
$sprefix = $sprefix + ";" + $sprefix
}
$NSGRuleSourceAddressPrefix = $sprefix
Write-Host "NSGRuleSourceAddressPrefix" $NSGRuleSourceAddressPrefix
}
foreach ($dprefix in $rule.DestinationAddressPrefix) {
if ($dprefix -ne $rule.DestinationAddressPrefix[0]) {
$dprefix = $dprefix + ";" + $dprefix
}
$NSGRuleDestinationAddressPrefix = $dprefix
Write-Host "NSGRuleDestinationAddressPrefix" $NSGRuleDestinationAddressPrefix
}
If ($rule.SourceApplicationSecurityGroups[0] -ne $null) {
$NSGRuleSourceApplicationSecurityGroups = $rule.SourceApplicationSecurityGroups[0].id
[Array]$NSGRuleASGSourceArray = $NSGRuleSourceApplicationSecurityGroups.Split("/")
$NSGRuleSourceApplicationSecurityGroupName = $NSGRuleASGSourceArray[8]
Write-Host "NSGRuleSourceApplicationSecurityGroupName" $NSGRuleSourceApplicationSecurityGroupName
}
If ($rule.DestinationApplicationSecurityGroups[0] -ne $null) {
$NSGRuleDestinationApplicationSecurityGroups = $rule.DestinationApplicationSecurityGroups[0].id
[Array]$NSGRuleASGDestinationArray = $NSGRuleDestinationApplicationSecurityGroups.Split("/")
$NSGRuleDestinationApplicationSecurityGroupName = $NSGRuleASGDestinationArray[8]
Write-Host "NSGRuleDestinationApplicationSecurityGroupName" $NSGRuleDestinationApplicationSecurityGroupName
}
$NSGRuleAccess = $rule.Access
$NSGRulePriority = $rule.Priority
$NSGRuleDirection = $rule.Direction
Add-Content $LogFile $NSGName","$NSGRuleName","$NSGRuleProtocol","$NSGRuleSourcePortRange","$NSGRuleDestinationPortRange","$NSGRuleSourceAddressPrefix","$NSGRuleDestinationAddressPrefix","$NSGRuleSourceApplicationSecurityGroupName","$NSGRuleDestinationApplicationSecurityGroupName","$NSGRuleAccess","$NSGRulePriority","$NSGRuleDirection
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.