module/ConfigurationProvider/ControlConfigurations/Services/EventHub.json
|
{
"FeatureName": "EventHub", "Reference": "aka.ms/azsktcp/eventhub", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_EventHub_AuthZ_Dont_Use_Policies_At_Event_Hub_Namespace", "Description": "Event Hub clients (event senders or receivers) must not use 'namespace' level access policies", "Id": "EventHub130", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckEventHubRootPolicy", "Rationale": "A 'namespace' level access policy provides access to all Event Hubs in a namespace. However, using an access policy at an entity (Event Hub) level provides access only to the specific entity. Thus, using the latter is in line with the principle of least privilege.", "Recommendation": "Remove all the authorization rules from Event Hub namespace except RootManageSharedAccessKey using Remove-AzEventHubAuthorizationRule command. Run 'Get-Help Remove-AzEventHubAuthorizationRule -full' for more help. Use the Azure portal to configure shared access policies with appropriate claims at the specific Event Hub scope.", "Tags": [ "SDL", "TCP", "Automated", "AuthZ", "EventHub", "Baseline", "Weekly" ], "Enabled": true, "DisplayName": "Event Hub clients (event senders or receivers) must not use 'namespace' level access policies", "Category": "Least privilege access to subscription and resources", "ControlRequirements": "Access to data, networks, services, utilities, tools, and applications must be controlled by authentication and authorization mechanisms", "ControlEvaluationDetails": { "RequiredProperties": [ "EventHubsNamespace" ] }, "CustomTags": [], "ControlSettings": { "SharedAccessPoliciesToExclude": [ "RootManageSharedAccessKey" ] } }, { "ControlID": "Azure_EventHub_AuthZ_Use_Min_Permissions_Access_Policies", "Description": "Access policies must be defined with minimum required permissions to the Event Hub", "Id": "EventHub140", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckEventHubAuthorizationRule", "Rationale": "Granting minimum access ensures that users are granted just enough permissions to perform their tasks. This minimizes the set of operations that can be performed on the resource by an attacker in case of access policy key compromise.", "Recommendation": "Ensure that client apps use shared access policies with the least required privilege and at the Event Hub scope. For instance, if the client app is only reading events from the event hub (as opposed to sending), then the policy used must only include the 'Listen' claim. Refer: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-authentication-and-security-model-overview", "Tags": [ "SDL", "TCP", "Automated", "AuthZ", "EventHub", "Baseline", "Weekly" ], "Enabled": true, "DisplayName": "Access policies must be defined with minimum required permissions to the Event Hub", "Category": "Least privilege access to subscription and resources", "ControlRequirements": "Access to data, networks, services, utilities, tools, and applications must be controlled by authentication and authorization mechanisms", "ControlEvaluationDetails": { "RequiredProperties": [ "EventHubsInstances" ] }, "CustomTags": [] } ] } |