module/ConfigurationProvider/ControlConfigurations/Services/KubernetesConnectedCluster.json
|
{
"FeatureName": "KubernetesConnectedCluster", "Reference": "", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_KubernetesConnectedCluster_SI_Enable_Resource_Logs_MCSB", "Description": "[MCSB] Kubernetes connected clusters must have Microsoft Defender for Cloud extension installed", "Id": "KubernetesConnectedCluster100", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "MDC", "DisplayName": "[MCSB] Kubernetes connected clusters must have Microsoft Defender for Cloud extension installed", "Category": "Vulnerabilities must be remediated", "ControlRequirements": "Vulnerability scans must be performed and vulnerabilities remediated according to prescribed organizational guidance", "Rationale": "Microsoft Defender for Cloud extension for Azure Arc provides threat protection for your Arc enabled Kubernetes clusters. The extension collects data from all nodes in the cluster and sends it to the Azure Defender for Kubernetes backend in the cloud for further analysis.", "Recommendation": "To install Defender extension in Kubernetes clusters please refer: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-enable?pivots=defender-for-container-aks&tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api#enable-the-plan", "Tags": [ "Automated", "Baseline", "Audit", "KubernetesConnectedCluster" ], "AssessmentProperties": { "AssessmentNames": [ "3ef9848c-c2c8-4ff3-8b9c-4c8eb8ddfce6" ], "AssessmentStatusMappings": [ { "AssessmentStatusCode": "NotApplicable", "EffectiveVerificationResult": "Failed", "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*", "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed." } ] }, "Enabled": false, "CustomTags": [ "Daily", "MCSB" ] } ] } |