Control: 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
Description
Enables emailing security alerts to the subscription owner or other designated security contact. Enabling security alert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.
Remediation
From Console
- Go to
Microsoft Defender for Cloud - Click on
Environment Settings - Click on the appropriate Management Group, Subscription, or Workspace
- Click on
Email notifications - Under 'Notification types', check the check box next to
Notify about alerts with the following severity (or higher):and selectHighfrom the drop down menu - Click
Save
From Command Line
Use the below command to set Send email notification for high severity alerts to On
az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1 api-version=2017-08-01-preview -d@"input.json"'
Where input.json contains the request body json data as mentioned below
{ "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", "name": "default1", "type": "Microsoft.Security/securityContacts", "properties": { "email": "<validEmailAddress>", "alertNotifications": "On", "alertsToAdmins": "On" } }
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_2_14Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_2_14 --shareSQL
This control uses a named query:
securitycenter_notify_alerts_configured