Skip to content

Latest commit

 

History

History
28 lines (24 loc) · 3.12 KB

security-configuration-monitoring.md

File metadata and controls

28 lines (24 loc) · 3.12 KB
Raw

CloudSploit

AZURE / Security Center / Security Configuration Monitoring

Quick Info
Plugin Title Security Configuration Monitoring
Cloud AZURE
Category Security Center
Description Ensures that Security Configuration Monitoring is enabled in Security Center
More Info When this setting is enabled, Security Center will monitor virtual machines for security configurations.
AZURE Link https://docs.microsoft.com/en-us/azure/governance/policy/overview
Recommended Action Ensure Security Configuration Monitoring is configured for virtual machines from the Azure Security Center.

Detailed Remediation Steps

  1. Log in to the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for "Microsoft Defender for Cloud".
  3. Scroll down the left navigation panel and select the "Environment Settings" under "Management".
  4. On the "Microsoft Defender for Cloud | Environment settings" page under "Name" column select the "Subscription Name" that needs to be verified by clicking on its Name.
  5. On the "Settings" page scroll down the "Policy settings" section and select "Security Policy".
  6. On the "Settings | Security policy" page, Select the "Subscription" link under the "Security policy" at the top to get into the configuration settings.
  7. On the Settings page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters.
  8. In the list search for the setting "Vulnerabilities in security configuration on your machines should be remediated". If it's set to "Disabled" then "Security Configuration Monitoring" is not enabled on the selected "Subscription".
  9. To enable "Security Configuration Monitoring" click to open the dropdown of "Vulnerabilities in security configuration on your machines should be remediated" and select the "AuditIfNotExists" option. Click on the "Review + save" button at the bottom.
  10. On the "Review + save" page, click on "Save" button to make the necessary changes.
  11. Repeat step number 3 - 10 to ensure Security Configuration Monitoring is configured from the Azure Security Center.