Control: 3.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On'
Description
Turning on Microsoft Defender for Containers enables threat detection for Container Registries including Kubernetes, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud. The following services will be enabled for container instances:
- Defender agent in Azure
- Azure Policy for Kubernetes
- Agentless discovery for Kubernetes
- Agentless container vulnerability assessment
Enabling Microsoft Defender for Container Registries allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud
. - Under
Management
, selectEnvironment Settings
. - Click on the subscription name.
- Select
Defender plans
. - Set
Status
toOn
forContainers
. - Click
Save
.
From Azure CLI
(Note: 'ContainerRegistry' has been deprecated and is replaced by 'Containers')
Use the below command to enable Standard pricing tier for Containers.
az security pricing create -n 'Containers' --tier 'standard'
From Powershell
(Note: 'ContainerRegistry' has been deprecated and is replaced by 'Containers')
Use the below command to enable Standard pricing tier for Containers.
Set-AzSecurityPricing -Name 'Containers' -PricingTier 'Standard'
Default Value
By default, Microsoft Defender for Containers is off.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v300_3_1_4_1
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v300_3_1_4_1 --share
SQL
This control uses a named query:
securitycenter_azure_defender_on_for_containerregistry