Benchmark: Security Center
Description
This section contains recommendations for configuring Security Center resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Security Center.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.all_controls_securitycenterSnapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.all_controls_securitycenter --shareControls
- Ensure Microsoft Defender for APIs is set to 'On'
- Ensure Microsoft Defender CSPM is set to 'On'
- Ensure 'Additional email addresses' is configured with a security contact email
- Ensure any of the ASC Default policy setting is not set to "Disabled"
- Auto provisioning of the Log Analytics agent should be enabled on your subscription
- Azure Defender for App Service should be enabled
- Azure Defender for container registries should be enabled
- Microsoft Defender for Containers should be enabled
- Ensure That Microsoft Defender for Azure Cosmos DB is set to 'On'
- Ensure That Microsoft Defender for Databases is set to 'On'
- Azure Defender for DNS should be enabled
- Azure Defender for Kubernetes should be enabled
- Azure Defender for Key Vault should be enabled
- Ensure That Microsoft Defender for Open-Source Relational Databases is set to 'On'
- Azure Defender for Resource Manager should be enabled
- Azure Defender for servers should be enabled
- Azure Defender for Azure SQL Database servers should be enabled
- Azure Defender for SQL should be enabled for unprotected SQL Managed Instances
- Microsoft Defender for Storage (Classic) should be enabled
- Security Center container image scan should be enabled
- Subscriptions should have a contact email address for security issues
- Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is selected
- Email notification for high severity alerts should be enabled
- Security center pricing should be set to standard
- Email notification to subscription owner for high severity alerts should be enabled
- Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected