monkey365

0.96

rules/findings/Azure/Defender/CIS3.0/azure-agentless-scanning-for-machines-disabled.json

{
    "args": [
         
    ],
    "provider": "Azure",
    "serviceType": "Defender for Cloud",
    "serviceName": "Subscription",
    "displayName": "Ensure that \u0027Agentless scanning for machines\u0027 component status is set to \u0027On\u0027",
    "description": "Using disk snapshots, the agentless scanner scans for installed software, vulnerabilities, and plain text secrets.",
    "rationale": "The Microsoft Defender for Cloud agentless machine scanner provides threat detection, vulnerability detection, and discovery of sensitive information.",
    "impact": "\r\n\t\tAgentless scanning for machines requires licensing and is included in these plans: \r\n\t\t* Defender CSPM \r\n\t\t* Defender for Servers plan 2\r\n ",
    "remediation": {
        "text": null,
        "code": {
            "powerShell": null,
            "iac": null,
            "terraform": null,
            "other": null
        }
    },
    "recommendation": null,
    "references": [
        "https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware"
    ],
    "compliance": [
        {
            "name": "CIS Microsoft Azure Foundations",
            "version": "3.0.0",
            "reference": "3.1.3.4",
            "profile": "Level 2"
        }
    ],
    "level": "medium",
    "tags": [
         
    ],
    "rule": {
        "path": "",
        "subPath": null,
        "selectCondition": {
             
        },
        "query": [
             
        ],
        "shouldExist": null,
        "returnObject": null,
        "removeIfNotExists": null
    },
    "output": {
        "html": {
            "data": {
                "properties": {
                    "name": "Disk Name",
                    "localNic.localIpAddress": "Local IP Address",
                    "location": "Location",
                    "osDisk.isEncrypted": "OS disk encryption",
                    "isAVAgentInstalled": "Antimalware agent installed"
                },
                "expandObject": null
            },
            "table": "asList",
            "decorate": [
                 
            ],
            "emphasis": [
                "Antimalware agent installed"
            ],
            "actions": {
                "objectData": {
                    "properties": [
                         
                    ],
                    "expandObject": null,
                    "limit": null
                },
                "showGoToButton": null,
                "showModalButton": null,
                "directLink": null
            }
        },
        "text": {
            "data": {
                "properties": {
                     
                },
                "expandObject": null
            },
            "status": {
                "keyName": [
                     
                ],
                "message": "",
                "defaultMessage": null
            },
            "properties": {
                "resourceName": null,
                "resourceId": null,
                "resourceType": null
            },
            "onlyStatus": false
        }
    },
    "idSuffix": "az_agentless_scanning_for_machines_disabled",
    "notes": [
         
    ],
    "categories": [
         
    ],
    "immutable_properties": [
         
    ],
    "id": "azure_141"
}