monkey365

0.95.1

rules/findings/Azure/Defender/CIS3.0/azure-agentless-scanning-for-machines-disabled.json

                                {

  "args": [

  ],

  "provider": "Azure",

  "serviceType": "Defender for Cloud",

  "serviceName": "Subscription",

  "displayName": "Ensure that 'Agentless scanning for machines' component status is set to 'On'",

  "description": "Using disk snapshots, the agentless scanner scans for installed software, vulnerabilities, and plain text secrets.",

  "rationale": "The Microsoft Defender for Cloud agentless machine scanner provides threat detection, vulnerability detection, and discovery of sensitive information.",

  "impact": "

        Agentless scanning for machines requires licensing and is included in these plans: 

        * Defender CSPM 

        * Defender for Servers plan 2

  ",

  "remediation": {

    "text": null,

    "code": {

      "powerShell": null,

      "iac": null,

      "terraform": null,

      "other": null

    }

  },

  "recommendation": null,

  "references": [

    "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware"

  ],

  "compliance": [

    {

      "name": "CIS Microsoft Azure Foundations",

      "version": "3.0.0",

      "reference": "3.1.3.4",

      "profile":"Level 2"

    }

  ],

  "level": "medium",

  "tags": [

  ],

  "rule": {

    "path": "",

    "subPath": null,

    "selectCondition": {

    },

    "query": [

    ],

    "shouldExist": null,

    "returnObject": null,

    "removeIfNotExists": null

  },

  "output": {

    "html": {

      "data": {

        "properties": {

          "name": "Disk Name",

          "localNic.localIpAddress": "Local IP Address",

          "location": "Location",

          "osDisk.isEncrypted": "OS disk encryption",

          "isAVAgentInstalled": "Antimalware agent installed"

        },

        "expandObject": null

      },

      "table": "asList",

      "decorate": [

      ],

      "emphasis": [

        "Antimalware agent installed"

      ],

      "actions": {

        "objectData": {

          "properties": [

          ],

          "expandObject": null,

          "limit": null

        },

        "showGoToButton": null,

        "showModalButton": null,

        "directLink": null

      }

    },

    "text": {

      "data": {

        "properties": {

        },

        "expandObject": null

      },

      "status": {

        "keyName": [

        ],

        "message": "",

        "defaultMessage": null

      },

      "properties": {

        "resourceName": null,

        "resourceId": null,

        "resourceType": null

      },

      "onlyStatus": false

    }

  },

  "idSuffix": "az_agentless_scanning_for_machines_disabled",

  "notes": [

  ],

  "categories": [

  ]

}