Control: Azure Defender for servers should be enabled
Description
Azure Defender for servers provides real-time threat protection for server workloads and generates hardening recommendations as well as alerts about suspicious activities.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.compute_vm_azure_defender_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.compute_vm_azure_defender_enabled --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'resource_type') = 'VirtualMachines' and (attributes_std ->> 'tier') = 'Standard' then 'ok' else 'skip' end status, split_part(address, '.', 2) || case when (attributes_std ->> 'resource_type') = 'VirtualMachines' and (attributes_std ->> 'tier') = 'Standard' then ' Azure Defender on for Servers' else ' Azure Defender off for Servers' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_security_center_subscription_pricing';