Control: 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
Description
Enables emailing security alerts to the subscription owner or other designated security contact. Enabling security alert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.
Remediation
From Console
- Login to Azure console and navigate to Security Center.
- Select
Pricing & settingsblade under Management. - Click on the appropriate Management Group, Subscription, or Tenant.
- Click on
Email notifications. - Enter a valid security contact email address in the
Additional email addressesfield. - Under
Notification types, check the check box next toNotify about alerts with the following severity (or higher), and selectHighfrom the drop down menu. - Click Save.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v130_2_14Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v130_2_14 --shareSQL
This control uses a named query:
with contact_info as ( select count(*) filter (where alert_notifications = 'On') as notification_alert_count, subscription_id from azure_security_center_contact group by subscription_id limit 1)select sub.subscription_id as resource, case when notification_alert_count > 0 then 'ok' else 'alarm' end as status, case when notification_alert_count > 0 then '"Notify about alerts with the following severity" set to High.' else '"Notify about alerts with the following severity" not set to High.' end as reason , sub.display_name as subscriptionfrom azure_subscription sub left join contact_info ci on sub.subscription_id = ci.subscription_id;