Control: Email notification for high severity alerts should be enabled
Description
To ensure the relevant people in your organization are notified when there is a potential security breach in one of your subscriptions, enable email notifications for high severity alerts in Security Center.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.securitycenter_notify_alerts_configuredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.securitycenter_notify_alerts_configured --shareSQL
This control uses a named query:
with contact_info as ( select count(*) filter (where alert_notifications = 'On') as notification_alert_count, subscription_id from azure_security_center_contact group by subscription_id limit 1)select sub.subscription_id as resource, case when notification_alert_count > 0 then 'ok' else 'alarm' end as status, case when notification_alert_count > 0 then '"Notify about alerts with the following severity" set to High.' else '"Notify about alerts with the following severity" not set to High.' end as reason , sub.display_name as subscriptionfrom azure_subscription sub left join contact_info ci on sub.subscription_id = ci.subscription_id;