v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 7.5 Ensure that the endpoint protection for all Virtual Machines is installed

Description

Install endpoint protection for all virtual machines.

Installing endpoint protection systems (like anti-malware for Azure) provides for realtime protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems.

Remediation

Follow Microsoft Azure documentation to install endpoint protection from the security center. Alternatively, you can employ your own endpoint protection tool for your OS.

From Azure Portal

  1. Go to Security Center
  2. Click the Recommendations blade
  3. Ensure that there are no recommendations for Endpoint Protection not installed on Azure VMs

From Azure CLI

az vm show -g MyResourceGroup -n MyVm -d

It should list below or any other endpoint extensions as one of the installed extensions.

EndpointSecurity || TrendMicroDSA* || Antimalware || EndpointProtection ||
SCWPAgent || PortalProtectExtension* || FileSecurity*

Alternatively, you can employ your own endpoint protection tool for your OS.

Default Value

By default Endpoint Protection is disabled.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v150_7_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v150_7_5 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 7.5
cis_level = 2
cis_section_id = 7
cis_type = manual
cis_version = v1.5.0
plugin = azure
service = Azure/Compute