monkey365

0.95.1

rules/findings/Azure/Defender/CIS3.0/azure-defender-missing-appservice-protection.json

{
  "args": [
     
  ],
  "provider": "Azure",
  "serviceType": "Defender for Cloud",
  "serviceName": "Subscription",
  "displayName": "Ensure That Microsoft Defender for App Services Is Set To 'On'",
  "description": "Turning on Microsoft Defender for Cloud enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
  "rationale": "Enabling Microsoft Defender for Cloud for App Service allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).",
  "impact": "Turning on Microsoft Defender for Cloud in Microsoft Defender for Cloud incurs an additional cost per resource.",
  "remediation": {
    "text": "###### From Azure Console\r\n\t\t\t\t\t1. Go to `Microsoft Defender for Cloud`\r\n\t\t\t\t\t2. Select `Environment settings`\r\n\t\t\t\t\t3. Click on the subscription name\r\n\t\t\t\t\t4. Select the `Defender plans` blade\r\n\t\t\t\t\t5. On the line in the table for `App Service` Select `On` under `Plan`.\r\n\t\t\t\t\t6. Select `Save`",
    "code": {
      "powerShell": null,
      "iac": null,
      "terraform": null,
      "other": null
    }
  },
  "recommendation": null,
  "references": [
    "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview",
    "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list",
    "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update",
    "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing",
    "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr"
  ],
  "compliance": [
    {
      "name": "CIS Microsoft Azure Foundations",
      "version": "3.0.0",
      "reference": "3.1.6.1",
      "profile":"Level 2"
    }
  ],
  "level": "medium",
  "tags": [
     
  ],
  "rule": {
    "path": "az_pricing_tier",
    "subPath": null,
    "selectCondition": {
       
    },
    "query": [
      {
        "filter": [
          {
            "conditions": [
              [
                "name",
                "eq",
                "AppServices"
              ],
              [
                "properties.pricingTier",
                "eq",
                "Free"
              ]
            ],
            "operator": "and"
          }
        ]
      }
    ],
    "shouldExist": null,
    "returnObject": null,
    "removeIfNotExists": null
  },
  "output": {
    "html": {
      "data": {
        "properties": {
          "name": "Resource Name",
          "properties.pricingTier": "Pricing Tier"
        },
        "expandObject": null
      },
      "table": "asList",
      "decorate": [
         
      ],
      "emphasis": [
        "Pricing Tier"
      ],
      "actions": {
        "objectData": {
          "properties": [
             
          ],
          "expandObject": null,
          "limit": null
        },
        "showGoToButton": null,
        "showModalButton": null,
        "directLink": null
      }
    },
    "text": {
      "data": {
        "properties": {
           
        },
        "expandObject": null
      },
      "status": {
        "keyName": [
           
        ],
        "message": "",
        "defaultMessage": null
      },
      "properties": {
        "resourceName": null,
        "resourceId": null,
        "resourceType": null
      },
      "onlyStatus": false
    }
  },
  "idSuffix": "azure_defender_missing_appservice_protection",
  "notes": [
     
  ],
  "categories": [
     
  ]
}