Skip to content

Commit

Permalink
Merge pull request #2078 from AkhtarAmir/Security-center-category-change
Browse files Browse the repository at this point in the history
updated the category of security center plugins
  • Loading branch information
alphadev4 authored Sep 18, 2024
2 parents 4d24cf8 + 08dbcb8 commit 6a27334
Show file tree
Hide file tree
Showing 31 changed files with 71 additions and 71 deletions.
30 changes: 15 additions & 15 deletions exports.js
Original file line number Diff line number Diff line change
Expand Up @@ -848,28 +848,13 @@ module.exports = {
'virtualMachinesDeallocateAlert': require(__dirname + '/plugins/azure/logalerts/virtualMachinesDeallocateAlert.js'),
'publicIpAddressLoggingEnabled' : require(__dirname+ '/plugins/azure/logalerts/publicIpAddressLoggingEnabled.js'),

'monitorEndpointProtection' : require(__dirname + '/plugins/azure/securitycenter/monitorEndpointProtection.js'),
'monitorBlobEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorBlobEncryption.js'),
'monitorSystemUpdates' : require(__dirname + '/plugins/azure/securitycenter/monitorSystemUpdates.js'),
'monitorJitNetworkAccess' : require(__dirname + '/plugins/azure/securitycenter/monitorJitNetworkAccess.js'),
'monitorVMVulnerability' : require(__dirname + '/plugins/azure/securitycenter/monitorVMVulnerability.js'),
'monitorSQLEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlEncryption.js'),
'monitorSQLAuditing' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlAuditing.js'),
'monitorDiskEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorDiskEncryption.js'),
'appWhitelistingEnabled' : require(__dirname + '/plugins/azure/securitycenter/appWhitelistingEnabled.js'),
'securityConfigMonitoring' : require(__dirname + '/plugins/azure/securitycenter/securityConfigMonitoring.js'),
'autoProvisioningEnabled' : require(__dirname + '/plugins/azure/securitycenter/autoProvisioningEnabled.js'),
'adminSecurityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/adminSecurityAlertsEnabled.js'),
'securityContactsEnabled' : require(__dirname + '/plugins/azure/securitycenter/securityContactsEnabled.js'),
'monitorNsgEnabled' : require(__dirname + '/plugins/azure/securitycenter/monitorNsgEnabled.js'),
'highSeverityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/highSeverityAlertsEnabled.js'),
'standardPricingEnabled' : require(__dirname + '/plugins/azure/securitycenter/standardPricingEnabled.js'),
'monitorExternalAccounts' : require(__dirname + '/plugins/azure/securitycenter/monitorExternalAccounts.js'),
'monitorIpForwarding' : require(__dirname + '/plugins/azure/securitycenter/monitorIpForwarding.js'),
'monitorNextGenerationFirewall' : require(__dirname + '/plugins/azure/securitycenter/monitorNextGenerationFirewall.js'),
'monitorSubscriptionOwners' : require(__dirname + '/plugins/azure/securitycenter/monitorSubscriptionOwners.js'),
'securityContactAdditionalEmail': require(__dirname + '/plugins/azure/securitycenter/securityContactAdditionalEmail.js'),
'securityContactRoleSetToOwner' : require(__dirname + '/plugins/azure/securitycenter/securityContactRoleSetToOwner.js'),

'resourceAllowedLocations' : require(__dirname + '/plugins/azure/policyservice/resourceAllowedLocations.js'),
'resourceLocationMatch' : require(__dirname + '/plugins/azure/policyservice/resourceLocationMatch.js'),
Expand Down Expand Up @@ -1110,6 +1095,21 @@ module.exports = {
'enableDefenderForAPIs' : require(__dirname + '/plugins/azure/defender/enableDefenderForAPIs.js'),
'enableDefenderForCosmosDB' : require(__dirname + '/plugins/azure/defender/enableDefenderForCosmosDB.js'),
'enableDefenderForSqlServersVMs': require(__dirname + '/plugins/azure/defender/enableDefenderForSqlServersVMs.js'),
'highSeverityAlertsEnabled' : require(__dirname + '/plugins/azure/defender/highSeverityAlertsEnabled.js'),
'standardPricingEnabled' : require(__dirname + '/plugins/azure/defender/standardPricingEnabled.js'),
'monitorExternalAccounts' : require(__dirname + '/plugins/azure/defender/monitorExternalAccounts.js'),
'monitorIpForwarding' : require(__dirname + '/plugins/azure/defender/monitorIpForwarding.js'),
'monitorNextGenerationFirewall' : require(__dirname + '/plugins/azure/defender/monitorNextGenerationFirewall.js'),
'monitorSubscriptionOwners' : require(__dirname + '/plugins/azure/defender/monitorSubscriptionOwners.js'),
'securityContactAdditionalEmail': require(__dirname + '/plugins/azure/defender/securityContactAdditionalEmail.js'),
'securityContactRoleSetToOwner' : require(__dirname + '/plugins/azure/defender/securityContactRoleSetToOwner.js'),
'appWhitelistingEnabled' : require(__dirname + '/plugins/azure/defender/appWhitelistingEnabled.js'),
'securityConfigMonitoring' : require(__dirname + '/plugins/azure/defender/securityConfigMonitoring.js'),
'autoProvisioningEnabled' : require(__dirname + '/plugins/azure/defender/autoProvisioningEnabled.js'),
'monitorSystemUpdates' : require(__dirname + '/plugins/azure/defender/monitorSystemUpdates.js'),
'monitorEndpointProtection' : require(__dirname + '/plugins/azure/defender/monitorEndpointProtection.js'),
'monitorJitNetworkAccess' : require(__dirname + '/plugins/azure/defender/monitorJitNetworkAccess.js'),
'securityContactsEnabled' : require(__dirname + '/plugins/azure/defender/securityContactsEnabled.js'),

'agWafEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agWafEnabled'),
'applicationGatewayHasTags' : require(__dirname + '/plugins/azure/applicationGateway/applicationGatewayHasTags.js'),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Application Whitelisting Enabled',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Security Center Monitor Adaptive Application Whitelisting is enabled',
description: 'Ensures that Microsoft Defender Monitor Adaptive Application Whitelisting is enabled.',
more_info: 'Adaptive application controls work in conjunction with machine learning to analyze processes running in a VM and help control which applications can run, hardening the VM against malware.',
recommended_action: 'Enable Adaptive Application Controls for Virtual Machines from the Azure Security Center by ensuring AuditIfNotExists setting is used.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-adaptive-application',
recommended_action: 'Enable Adaptive Application Controls for Virtual Machines from the Microsoft Defender for Cloud by ensuring AuditIfNotExists setting is used.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Auto Provisioning Enabled',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that automatic provisioning of the monitoring agent is enabled',
description: 'Ensures that automatic provisioning of the monitoring agent is enabled.',
more_info: 'The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.',
recommended_action: 'Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components',
apis: ['autoProvisioningSettings:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const SEVERITY_LEVELS = ['low', 'medium', 'high'];

module.exports = {
title: 'High Severity Alerts Enabled',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that high severity alerts are enabled and properly configured.',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor Endpoint Protection',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures Endpoint Protection monitoring is enabled in Security Center',
more_info: 'When this setting is enabled, Security Center audits the Endpoint Protection setting for all virtual machines for malware protection.',
recommended_action: 'Enable Adaptive Application Controls for Endpoint Protection from the Azure Security Center by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
description: 'Ensures Endpoint Protection monitoring is enabled in Microsoft Defender.',
more_info: 'When this setting is enabled, Microsoft Defender for Cloud audits the Endpoint Protection setting for all virtual machines for malware protection.',
recommended_action: 'Enable Adaptive Application Controls for Endpoint Protection from the Microsoft Defender by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor External Accounts with Write Permissions',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that External Accounts with Write Permissions are being Monitored in Security Center',
description: 'Ensures that External Accounts with Write Permissions are being Monitored in Microsoft Defender.',
more_info: 'External Accounts with Write Permissions should be monitored to meet you organization\'s security compliance requirements.',
recommended_action: 'Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for \'External accounts with write permissions should be removed from your subscription\' from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
recommended_action: 'Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for \'External accounts with write permissions should be removed from your subscription\' from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor IP Forwarding',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Security Center',
description: 'Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Microsoft Defender.',
more_info: 'IP Forwarding feature should be monitored to meet you organization\'s security compliance requirements.',
recommended_action: 'Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for \'IP Forwarding on your virtual machine should be disabled\' from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
recommended_action: 'Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for \'IP Forwarding on your virtual machine should be disabled\' from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor JIT Network Access',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures Just In Time Network Access monitoring is enabled in Security Center',
more_info: 'When this setting is enabled, Security Center audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest',
recommended_action: 'Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
description: 'Ensures Just In Time Network Access monitoring is enabled in Microsoft Defender.',
more_info: 'When this setting is enabled, Microsoft Defender for Cloud audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest',
recommended_action: 'Ensure JIT Network Access monitoring is configured for compute and apps from Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor Next Generation Firewall',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Next Generation Firewall (NGFW) Monitoring is enabled in Security Center',
more_info: 'When this setting is enabled, Security Center will search for deployments where a NGFW is recommended.',
recommended_action: 'Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for \'All network ports should be restricted on network security groups associated to your virtual machine\' from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
description: 'Ensures that Next Generation Firewall (NGFW) Monitoring is enabled in Microsoft Defender.',
more_info: 'When this setting is enabled, Microsoft Defender for Cloud will search for deployments where a NGFW is recommended.',
recommended_action: 'Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for \'All network ports should be restricted on network security groups associated to your virtual machine\' from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor Total Number of Subscription Owners',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Total Number of Subscription Owners is being Monitored in Security Center',
description: 'Ensures that Total Number of Subscription Owners is being Monitored in Microsoft Defender.',
more_info: 'Total Number of Subscription Owners should be monitored to meet you organization\'s security compliance requirements.',
recommended_action: 'Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for \'A maximum of 3 owners should be designated for your subscription\' from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
recommended_action: 'Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for \'A maximum of 3 owners should be designated for your subscription\' from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Monitor System Updates',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Monitor System Updates is enabled in Security Center',
more_info: 'When this setting is enabled, Security Center will audit virtual machines for pending OS or system updates.',
recommended_action: 'Ensure System Update monitoring is configured for virtual machines from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
description: 'Ensures that Monitor System Updates is enabled in Microsoft Defender.',
more_info: 'When this setting is enabled, Microsoft Defender for Cloud will audit virtual machines for pending OS or system updates.',
recommended_action: 'Ensure System Update monitoring is configured for virtual machines from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
compliance: {
pci: 'PCI requires all system components have the latest updates ' +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');

module.exports = {
title: 'Security Configuration Monitoring',
category: 'Security Center',
category: 'Defender',
domain: 'Management and Governance',
severity: 'Medium',
description: 'Ensures that Security Configuration Monitoring is enabled in Security Center',
more_info: 'When this setting is enabled, Security Center will monitor virtual machines for security configurations.',
recommended_action: 'Ensure Security Configuration Monitoring is configured for virtual machines from the Azure Security Center.',
link: 'https://learn.microsoft.com/en-us/azure/governance/policy/overview',
description: 'Ensures that Security Configuration Monitoring is enabled in Microsoft Defender.',
more_info: 'When this setting is enabled, Microsoft Defender for Cloud will monitor virtual machines for security configurations.',
recommended_action: 'Ensure Security Configuration Monitoring is configured for virtual machines from the Microsoft Defender.',
link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference',
apis: ['policyAssignments:list'],
realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],

Expand Down
Loading

0 comments on commit 6a27334

Please sign in to comment.