monkey365

0.98

rules/findings/azure/appservices/azure-app-service-private-dns-not-configured.json

                                {

    "args": [],

    "provider": "Azure",

    "serviceType": "App Service",

    "serviceName": "Hosted Services",

    "displayName": "Ensure private endpoints used to access App Service apps use private DNS zones",

    "description": "Use private DNS zones to override DNS resolution for a private endpoint. A private DNS zone links a virtual network to an App Service app.\r\n",

    "rationale": "It’s important to correctly configure DNS settings to ensure that the fully qualified domain name (FQDN) of the App Service app resolves to the private endpoint IP address.",

    "impact": "Incorrectly configured DNS settings may result in unintentional exposure of traffic to the public internet.",

    "remediation": {

        "text": "

            Remediate from Azure Portal

            1. Go to App Services.

            2. Click the name of an app.

            3. Under Settings, click Networking.

            4. Under Inbound traffic configuration, click the link next to Private 

            endpoints.

            5. Click the name of a private endpoint.

            6. Under Settings, click DNS configuration.

            7. Ensure a configuration is displayed with a value for Private DNS zone.

            8. Repeat steps 1-7 for each app and private endpoint.

        ",

        "code": {

            "powerShell": null,

            "iac": null,

            "terraform": null,

            "other": null

        }

    },

    "recommendation": null,

    "references": [

        "https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint#dns",

        "https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns"

    ],

    "compliance": [

        {

            "name": "CIS Microsoft Azure Foundations",

            "version": "2.0.0",

            "reference": "2.1.17",

            "profile": [

                "Level 1"

            ]

        }

    ],

    "level": "low",

    "tags": [],

    "rule": {

        "path": "",

        "subPath": null,

        "selectCondition": {},

        "query": [

        ],

        "shouldExist": null,

        "returnObject": null,

        "removeIfNotExists": null

    },

    "output": {

        "html": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "table": "default",

            "decorate": [],

            "emphasis": [],

            "actions": {

                "objectData": {

                    "properties": [],

                    "expandObject": null,

                    "limit": null

                },

                "showGoToButton": "True",

                "showModalButton": "True",

                "directLink": null

            }

        },

        "text": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "status": {

                "keyName": [],

                "message": "",

                "defaultMessage": null

            },

            "properties": {

                "resourceName": "name",

                "resourceId": "id",

                "resourceType": "type"

            },

            "onlyStatus": false

        }

    },

    "idSuffix": "azure_app_service_private_dns_not_configured",

    "notes": [],

    "categories": [],

    "immutable_properties": [

        "name",

        "id"

    ],

    "id": "azure_app_service_081"

}