monkey365

0.96

rules/findings/Azure/Defender/CIS3.0/azure-vulnerability-assessment-on-servers-disabled.json

{
    "args": [
         
    ],
    "provider": "Azure",
    "serviceType": "Defender for Cloud",
    "serviceName": "Subscription",
    "displayName": "Ensure that \u0027Vulnerability assessment for machines\u0027 component status is set to \u0027On\u0027",
    "description": "Enable vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.",
    "rationale": "Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.",
    "impact": "Microsoft Defender for Servers plan 2 licensing is required, and configuration of Azure Arc introduces complexity beyond this recommendation.",
    "remediation": {
        "text": "###### From Azure Portal\r\n\t\t\t\t1. From Azure Home select the Portal Menu \r\n\t\t\t\t2. Select Microsoft Defender for Cloud \r\n\t\t\t\t3. Under Management, select Environment Settings \r\n\t\t\t\t4. Select a subscription \r\n\t\t\t\t5. Click on Settings \u0026 Monitoring \r\n\t\t\t\t6. Set the Status of Vulnerability assessment for machines to On \r\n\t\t\t\t7. Click Continue\r\n\t",
        "code": {
            "powerShell": null,
            "iac": null,
            "terraform": null,
            "other": null
        }
    },
    "recommendation": null,
    "references": [
        "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview",
        "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list",
        "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update",
        "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing",
        "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security#es-1-use-endpoint-detection-and-response-edr"
    ],
    "compliance": [
        {
            "name": "CIS Microsoft Azure Foundations",
            "version": "3.0.0",
            "reference": "3.1.3.2",
            "profile": "Level 2"
        }
    ],
    "level": "medium",
    "tags": [
         
    ],
    "rule": {
        "path": "",
        "subPath": null,
        "selectCondition": {
             
        },
        "query": [
             
        ],
        "shouldExist": null,
        "returnObject": null,
        "removeIfNotExists": null
    },
    "output": {
        "html": {
            "data": {
                "properties": {
                    "name": "Resource Name",
                    "properties.pricingTier": "Pricing Tier"
                },
                "expandObject": null
            },
            "table": "asList",
            "decorate": [
                 
            ],
            "emphasis": [
                "Pricing Tier"
            ],
            "actions": {
                "objectData": {
                    "properties": [
                         
                    ],
                    "expandObject": null,
                    "limit": null
                },
                "showGoToButton": null,
                "showModalButton": null,
                "directLink": null
            }
        },
        "text": {
            "data": {
                "properties": {
                     
                },
                "expandObject": null
            },
            "status": {
                "keyName": [
                     
                ],
                "message": "",
                "defaultMessage": null
            },
            "properties": {
                "resourceName": null,
                "resourceId": null,
                "resourceType": null
            },
            "onlyStatus": false
        }
    },
    "idSuffix": "azure_vulnerability_assessment_for_server_disabled",
    "notes": [
         
    ],
    "categories": [
         
    ],
    "immutable_properties": [
         
    ],
    "id": "azure_161"
}