Control: 2.1 Ensure that Azure Defender is set to On for Servers
Description
Enabling Azure Defender threat detection for Server, provides threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.
Remediation
From Console
Perform the following action to check Azure Defender is set to On for Servers:
- Login to Azure console and navigate to Security Center.
- Select
Pricing & settingsblade under Management. - Click on the subscription name,
Azure Defender plansblade got selected. - For the
Serversresource typePlanshould be set to On.
Perform the following action to enable Azure Defender for Servers:
- Login to Azure console and navigate to Security Center.
- Select
Pricing & settingsblade under Management. - Click on the subscription name,
Azure Defender plansblade got selected. - For the
Serversresource typePlanset it to On.
From Command Line
Command to enable Azure defender for servers
az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pr icings/VirtualMachines?api-version=2018-06-01 -d@"input.json"'
Where input.json contains the request body json data as mentioned below
{ "id":"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/pricings/ VirtualMachines", "name":"VirtualMachines", "type":"Microsoft.Security/pricings", "properties":{ "pricingTier":"Standard" }}
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v130_2_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v130_2_1 --shareSQL
This control uses a named query:
securitycenter_azure_defender_on_for_server