monkey365

0.95.1

rules/findings/Azure/Defender/CIS3.0/azure-vulnerability-assessment-on-servers-disabled.json

                                {

  "args": [

  ],

  "provider": "Azure",

  "serviceType": "Defender for Cloud",

  "serviceName": "Subscription",

  "displayName": "Ensure that 'Vulnerability assessment for machines' component status is set to 'On'",

  "description": "Enable vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.",

  "rationale": "Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.",

  "impact": "Microsoft Defender for Servers plan 2 licensing is required, and configuration of Azure Arc introduces complexity beyond this recommendation.",

  "remediation": {

    "text": "###### From Azure Portal

                1. From Azure Home select the Portal Menu 

                2. Select Microsoft Defender for Cloud 

                3. Under Management, select Environment Settings 

                4. Select a subscription 

                5. Click on Settings & Monitoring 

                6. Set the Status of Vulnerability assessment for machines to On 

                7. Click Continue

    ",

    "code": {

      "powerShell": null,

      "iac": null,

      "terraform": null,

      "other": null

    }

  },

  "recommendation": null,

  "references": [

    "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview",

    "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list",

    "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update",

    "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing",

    "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr"

  ],

  "compliance": [

    {

      "name": "CIS Microsoft Azure Foundations",

      "version": "3.0.0",

      "reference": "3.1.3.2",

      "profile":"Level 2"

    }

  ],

  "level": "medium",

  "tags": [

  ],

  "rule": {

    "path": "",

    "subPath": null,

    "selectCondition": {

    },

    "query": [

    ],

    "shouldExist": null,

    "returnObject": null,

    "removeIfNotExists": null

  },

  "output": {

    "html": {

      "data": {

        "properties": {

          "name": "Resource Name",

          "properties.pricingTier": "Pricing Tier"

        },

        "expandObject": null

      },

      "table": "asList",

      "decorate": [

      ],

      "emphasis": [

        "Pricing Tier"

      ],

      "actions": {

        "objectData": {

          "properties": [

          ],

          "expandObject": null,

          "limit": null

        },

        "showGoToButton": null,

        "showModalButton": null,

        "directLink": null

      }

    },

    "text": {

      "data": {

        "properties": {

        },

        "expandObject": null

      },

      "status": {

        "keyName": [

        ],

        "message": "",

        "defaultMessage": null

      },

      "properties": {

        "resourceName": null,

        "resourceId": null,

        "resourceType": null

      },

      "onlyStatus": false

    }

  },

  "idSuffix": "azure_vulnerability_assessment_for_server_disabled",

  "notes": [

  ],

  "categories": [

  ]

}