rules/findings/Azure/Defender/CIS3.0/azure-defender-missing-keyvault-protection.json
|
{
"args": [ ], "provider": "Azure", "serviceType": "Defender for Cloud", "serviceName": "Subscription", "displayName": "Ensure That Microsoft Defender for Key Vault Is Set To \u0027On\u0027", "description": "Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", "rationale": "Enabling Microsoft Defender for Cloud for Key Vault allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", "impact": "Turning on Microsoft Defender for Cloud in Microsoft Defender for Cloud incurs an additional cost per resource.", "remediation": { "text": "###### From Azure Console\r\n\t\t\t\t\t1. Go to `Microsoft Defender for Cloud`\r\n\t\t\t\t\t2. Select `Environment settings`\r\n\t\t\t\t\t3. Click on the subscription name\r\n\t\t\t\t\t4. Select the `Defender plans` blade\r\n\t\t\t\t\t5. On the line in the table for `Key Vault` Select `On` under `Plan`.\r\n\t\t\t\t\t6. Select `Save`", "code": { "powerShell": null, "iac": null, "terraform": null, "other": null } }, "recommendation": null, "references": [ "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview", "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list", "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update", "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing", "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr" ], "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.8.1", "profile": "Level 2" } ], "level": "medium", "tags": [ ], "rule": { "path": "az_pricing_tier", "subPath": null, "selectCondition": { }, "query": [ { "filter": [ { "conditions": [ [ "name", "eq", "KeyVaults" ], [ "properties.pricingTier", "eq", "Free" ] ], "operator": "and" } ] } ], "shouldExist": null, "returnObject": null, "removeIfNotExists": null }, "output": { "html": { "data": { "properties": { "name": "Resource Name", "properties.pricingTier": "Pricing Tier" }, "expandObject": null }, "table": "asList", "decorate": [ ], "emphasis": [ "Pricing Tier" ], "actions": { "objectData": { "properties": [ ], "expandObject": null, "limit": null }, "showGoToButton": null, "showModalButton": null, "directLink": null } }, "text": { "data": { "properties": { }, "expandObject": null }, "status": { "keyName": [ ], "message": "", "defaultMessage": null }, "properties": { "resourceName": null, "resourceId": null, "resourceType": null }, "onlyStatus": false } }, "idSuffix": "azure_defender_missing_keyvault_protection", "notes": [ ], "categories": [ ], "immutable_properties": [ ], "id": "azure_151" } |