module/ConfigurationProvider/ControlConfigurations/Services/SecurityConnectors.json
|
{
"FeatureName": "SecurityConnectors", "Reference": "aka.ms/azsktcp/securityconnectors", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_SecurityConnectors_Config_Enable_MicrosoftDefender_Container_AWSConnector_MCSB", "Description": "[MCSB] Microsoft Defender for Containers should be enabled on AWS connectors", "Id": "SecurityConnectors100", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "MDC", "DisplayName": "[MCSB] Microsoft Defender for Containers should be enabled on AWS connectors", "Category": "Monitoring must be correctly configured", "ControlRequirements": "To support threat detection scenarios, monitor all known resource types for known and expected threats and anomalies", "Rationale": "Microsoft Defender for Containers provides hardening, vulnerability assessment and run-time protections for your Azure, hybrid, and multi-cloud Kubernetes environments. You can use this information to quickly remediate security issues and improve the security of your containers.", "Recommendation": "To enable this plan on all Kubernetes clusters in an AWS connector: From Defender for Cloud's 'Environment settings' page, select the relevant AWS connector --> In the 'Defender plans' page, set 'Containers' to 'On'", "Tags": [ "SDL", "Automated", "Baseline", "Config" ], "AssessmentProperties": { "AssessmentNames": [ "11d0f4af-6924-4a2e-8b66-781a4553c828" ], "ResourceDetails": { "HasExtendedResourceId": true }, "AssessmentStatusMappings": [ { "AssessmentStatusCode": "NotApplicable", "EffectiveVerificationResult": "Failed", "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*", "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed." } ] }, "Enabled": false, "CustomTags": [ "Daily", "MCSB" ] }, { "ControlID": "Azure_SecurityConnectors_Config_Enable_MicrosoftDefender_Container_GCPConnector_MCSB", "Description": "[MCSB] Microsoft Defender for Containers should be enabled on GCP connectors", "Id": "SecurityConnectors110", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "MDC", "DisplayName": "[MCSB] Microsoft Defender for Containers should be enabled on GCP connectors", "Category": "Monitoring must be correctly configured", "ControlRequirements": "To support threat detection scenarios, monitor all known resource types for known and expected threats and anomalies", "Rationale": "Microsoft Defender for Containers provides hardening, vulnerability assessment and run-time protections for your Azure, hybrid, and multi-cloud Kubernetes environments. You can use this information to quickly remediate security issues and improve the security of your containers.", "Recommendation": "To enable this plan on all Kubernetes clusters in a GCP connector: From Defender for Cloud's 'Environment settings' page, select the relevant GCP connector --> In the 'Defender plans' page, set 'Containers' to 'On'", "Tags": [ "SDL", "Automated", "Baseline", "Config" ], "AssessmentProperties": { "AssessmentNames": [ "d42ac63d-0592-43b2-8bfa-ff9199da595e" ], "ResourceDetails": { "HasExtendedResourceId": true }, "AssessmentStatusMappings": [ { "AssessmentStatusCode": "NotApplicable", "EffectiveVerificationResult": "Failed", "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*", "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed." } ] }, "Enabled": false, "CustomTags": [ "Daily", "MCSB" ] } ] } |