From 6d4eedd4e8fea2d41f63b3a952eb98165a205eaa Mon Sep 17 00:00:00 2001 From: AkhtarAmir Date: Mon, 26 Aug 2024 12:15:44 +0500 Subject: [PATCH 1/3] updated the category of security center plugins --- exports.js | 44 +++++++++---------- .../appWhitelistingEnabled.js | 8 ++-- .../appWhitelistingEnabled.spec.js | 0 .../autoProvisioningEnabled.js | 6 +-- .../autoProvisioningEnabled.spec.js | 0 .../highSeverityAlertsEnabled.js | 2 +- .../highSeverityAlertsEnabled.spec.js | 0 .../monitorEndpointProtection.js | 10 ++--- .../monitorEndpointProtection.spec.js | 0 .../monitorExternalAccounts.js | 8 ++-- .../monitorExternalAccounts.spec.js | 0 .../monitorIpForwarding.js | 8 ++-- .../monitorIpForwarding.spec.js | 0 .../monitorJitNetworkAccess.js | 10 ++--- .../monitorJitNetworkAccess.spec.js | 0 .../monitorNextGenerationFirewall.js | 10 ++--- .../monitorNextGenerationFirewall.spec.js | 0 .../monitorSubscriptionOwners.js | 8 ++-- .../monitorSubscriptionOwners.spec.js | 0 .../monitorSystemUpdates.js | 10 ++--- .../monitorSystemUpdates.spec.js | 0 .../securityConfigMonitoring.js | 10 ++--- .../securityConfigMonitoring.spec.js | 0 .../securityContactAdditionalEmail.js | 2 +- .../securityContactAdditionalEmail.spec.js | 0 .../securityContactRoleSetToOwner.js | 2 +- .../securityContactRoleSetToOwner.spec.js | 0 .../securityContactsEnabled.js | 8 ++-- .../securityContactsEnabled.spec.js | 0 .../standardPricingEnabled.js | 10 ++--- .../standardPricingEnabled.spec.js | 0 31 files changed, 78 insertions(+), 78 deletions(-) rename plugins/azure/{securitycenter => defender}/appWhitelistingEnabled.js (80%) rename plugins/azure/{securitycenter => defender}/appWhitelistingEnabled.spec.js (100%) rename plugins/azure/{securitycenter => defender}/autoProvisioningEnabled.js (93%) rename plugins/azure/{securitycenter => defender}/autoProvisioningEnabled.spec.js (100%) rename plugins/azure/{securitycenter => defender}/highSeverityAlertsEnabled.js (99%) rename plugins/azure/{securitycenter => defender}/highSeverityAlertsEnabled.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorEndpointProtection.js (72%) rename plugins/azure/{securitycenter => defender}/monitorEndpointProtection.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorExternalAccounts.js (86%) rename plugins/azure/{securitycenter => defender}/monitorExternalAccounts.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorIpForwarding.js (84%) rename plugins/azure/{securitycenter => defender}/monitorIpForwarding.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorJitNetworkAccess.js (73%) rename plugins/azure/{securitycenter => defender}/monitorJitNetworkAccess.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorNextGenerationFirewall.js (78%) rename plugins/azure/{securitycenter => defender}/monitorNextGenerationFirewall.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorSubscriptionOwners.js (87%) rename plugins/azure/{securitycenter => defender}/monitorSubscriptionOwners.spec.js (100%) rename plugins/azure/{securitycenter => defender}/monitorSystemUpdates.js (79%) rename plugins/azure/{securitycenter => defender}/monitorSystemUpdates.spec.js (100%) rename plugins/azure/{securitycenter => defender}/securityConfigMonitoring.js (77%) rename plugins/azure/{securitycenter => defender}/securityConfigMonitoring.spec.js (100%) rename plugins/azure/{securitycenter => defender}/securityContactAdditionalEmail.js (98%) rename plugins/azure/{securitycenter => defender}/securityContactAdditionalEmail.spec.js (100%) rename plugins/azure/{securitycenter => defender}/securityContactRoleSetToOwner.js (98%) rename plugins/azure/{securitycenter => defender}/securityContactRoleSetToOwner.spec.js (100%) rename plugins/azure/{securitycenter => defender}/securityContactsEnabled.js (91%) rename plugins/azure/{securitycenter => defender}/securityContactsEnabled.spec.js (100%) rename plugins/azure/{securitycenter => defender}/standardPricingEnabled.js (89%) rename plugins/azure/{securitycenter => defender}/standardPricingEnabled.spec.js (100%) diff --git a/exports.js b/exports.js index dcbf2a3dbb..c54597ccaa 100644 --- a/exports.js +++ b/exports.js @@ -836,28 +836,13 @@ module.exports = { 'virtualMachinesDeallocateAlert': require(__dirname + '/plugins/azure/logalerts/virtualMachinesDeallocateAlert.js'), 'publicIpAddressLoggingEnabled' : require(__dirname+ '/plugins/azure/logalerts/publicIpAddressLoggingEnabled.js'), - 'monitorEndpointProtection' : require(__dirname + '/plugins/azure/securitycenter/monitorEndpointProtection.js'), - 'monitorBlobEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorBlobEncryption.js'), - 'monitorSystemUpdates' : require(__dirname + '/plugins/azure/securitycenter/monitorSystemUpdates.js'), - 'monitorJitNetworkAccess' : require(__dirname + '/plugins/azure/securitycenter/monitorJitNetworkAccess.js'), - 'monitorVMVulnerability' : require(__dirname + '/plugins/azure/securitycenter/monitorVMVulnerability.js'), - 'monitorSQLEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlEncryption.js'), - 'monitorSQLAuditing' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlAuditing.js'), - 'monitorDiskEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorDiskEncryption.js'), - 'appWhitelistingEnabled' : require(__dirname + '/plugins/azure/securitycenter/appWhitelistingEnabled.js'), - 'securityConfigMonitoring' : require(__dirname + '/plugins/azure/securitycenter/securityConfigMonitoring.js'), - 'autoProvisioningEnabled' : require(__dirname + '/plugins/azure/securitycenter/autoProvisioningEnabled.js'), - 'adminSecurityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/adminSecurityAlertsEnabled.js'), - 'securityContactsEnabled' : require(__dirname + '/plugins/azure/securitycenter/securityContactsEnabled.js'), - 'monitorNsgEnabled' : require(__dirname + '/plugins/azure/securitycenter/monitorNsgEnabled.js'), - 'highSeverityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/highSeverityAlertsEnabled.js'), - 'standardPricingEnabled' : require(__dirname + '/plugins/azure/securitycenter/standardPricingEnabled.js'), - 'monitorExternalAccounts' : require(__dirname + '/plugins/azure/securitycenter/monitorExternalAccounts.js'), - 'monitorIpForwarding' : require(__dirname + '/plugins/azure/securitycenter/monitorIpForwarding.js'), - 'monitorNextGenerationFirewall' : require(__dirname + '/plugins/azure/securitycenter/monitorNextGenerationFirewall.js'), - 'monitorSubscriptionOwners' : require(__dirname + '/plugins/azure/securitycenter/monitorSubscriptionOwners.js'), - 'securityContactAdditionalEmail': require(__dirname + '/plugins/azure/securitycenter/securityContactAdditionalEmail.js'), - 'securityContactRoleSetToOwner' : require(__dirname + '/plugins/azure/securitycenter/securityContactRoleSetToOwner.js'), + 'monitorBlobEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorBlobEncryption.js'), + 'monitorVMVulnerability' : require(__dirname + '/plugins/azure/securitycenter/monitorVMVulnerability.js'), + 'monitorSQLEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlEncryption.js'), + 'monitorSQLAuditing' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlAuditing.js'), + 'monitorDiskEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorDiskEncryption.js'), + 'adminSecurityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/adminSecurityAlertsEnabled.js'), + 'monitorNsgEnabled' : require(__dirname + '/plugins/azure/securitycenter/monitorNsgEnabled.js'), 'resourceAllowedLocations' : require(__dirname + '/plugins/azure/policyservice/resourceAllowedLocations.js'), 'resourceLocationMatch' : require(__dirname + '/plugins/azure/policyservice/resourceLocationMatch.js'), @@ -1097,6 +1082,21 @@ module.exports = { 'enableDefenderForAPIs' : require(__dirname + '/plugins/azure/defender/enableDefenderForAPIs.js'), 'enableDefenderForCosmosDB' : require(__dirname + '/plugins/azure/defender/enableDefenderForCosmosDB.js'), 'enableDefenderForSqlServersVMs': require(__dirname + '/plugins/azure/defender/enableDefenderForSqlServersVMs.js'), + 'highSeverityAlertsEnabled' : require(__dirname + '/plugins/azure/defender/highSeverityAlertsEnabled.js'), + 'standardPricingEnabled' : require(__dirname + '/plugins/azure/defender/standardPricingEnabled.js'), + 'monitorExternalAccounts' : require(__dirname + '/plugins/azure/defender/monitorExternalAccounts.js'), + 'monitorIpForwarding' : require(__dirname + '/plugins/azure/defender/monitorIpForwarding.js'), + 'monitorNextGenerationFirewall' : require(__dirname + '/plugins/azure/defender/monitorNextGenerationFirewall.js'), + 'monitorSubscriptionOwners' : require(__dirname + '/plugins/azure/defender/monitorSubscriptionOwners.js'), + 'securityContactAdditionalEmail': require(__dirname + '/plugins/azure/defender/securityContactAdditionalEmail.js'), + 'securityContactRoleSetToOwner' : require(__dirname + '/plugins/azure/defender/securityContactRoleSetToOwner.js'), + 'appWhitelistingEnabled' : require(__dirname + '/plugins/azure/defender/appWhitelistingEnabled.js'), + 'securityConfigMonitoring' : require(__dirname + '/plugins/azure/defender/securityConfigMonitoring.js'), + 'autoProvisioningEnabled' : require(__dirname + '/plugins/azure/defender/autoProvisioningEnabled.js'), + 'monitorSystemUpdates' : require(__dirname + '/plugins/azure/defender/monitorSystemUpdates.js'), + 'monitorEndpointProtection' : require(__dirname + '/plugins/azure/defender/monitorEndpointProtection.js'), + 'monitorJitNetworkAccess' : require(__dirname + '/plugins/azure/defender/monitorJitNetworkAccess.js'), + 'securityContactsEnabled' : require(__dirname + '/plugins/azure/defender/securityContactsEnabled.js'), 'agWafEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agWafEnabled'), 'applicationGatewayHasTags' : require(__dirname + '/plugins/azure/applicationGateway/applicationGatewayHasTags.js'), diff --git a/plugins/azure/securitycenter/appWhitelistingEnabled.js b/plugins/azure/defender/appWhitelistingEnabled.js similarity index 80% rename from plugins/azure/securitycenter/appWhitelistingEnabled.js rename to plugins/azure/defender/appWhitelistingEnabled.js index 9c6be1a148..9dccca7b50 100644 --- a/plugins/azure/securitycenter/appWhitelistingEnabled.js +++ b/plugins/azure/defender/appWhitelistingEnabled.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Application Whitelisting Enabled', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Security Center Monitor Adaptive Application Whitelisting is enabled', + description: 'Ensures that Microsoft Defender Monitor Adaptive Application Whitelisting is enabled.', more_info: 'Adaptive application controls work in conjunction with machine learning to analyze processes running in a VM and help control which applications can run, hardening the VM against malware.', - recommended_action: 'Enable Adaptive Application Controls for Virtual Machines from the Azure Security Center by ensuring AuditIfNotExists setting is used.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-adaptive-application', + recommended_action: 'Enable Adaptive Application Controls for Virtual Machines from the Microsoft Defender for Cloud by ensuring AuditIfNotExists setting is used.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/appWhitelistingEnabled.spec.js b/plugins/azure/defender/appWhitelistingEnabled.spec.js similarity index 100% rename from plugins/azure/securitycenter/appWhitelistingEnabled.spec.js rename to plugins/azure/defender/appWhitelistingEnabled.spec.js diff --git a/plugins/azure/securitycenter/autoProvisioningEnabled.js b/plugins/azure/defender/autoProvisioningEnabled.js similarity index 93% rename from plugins/azure/securitycenter/autoProvisioningEnabled.js rename to plugins/azure/defender/autoProvisioningEnabled.js index 233572f2e3..fb95ccfe0e 100644 --- a/plugins/azure/securitycenter/autoProvisioningEnabled.js +++ b/plugins/azure/defender/autoProvisioningEnabled.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Auto Provisioning Enabled', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that automatic provisioning of the monitoring agent is enabled', + description: 'Ensures that automatic provisioning of the monitoring agent is enabled.', more_info: 'The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection and provides alerts.', recommended_action: 'Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components', apis: ['autoProvisioningSettings:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/autoProvisioningEnabled.spec.js b/plugins/azure/defender/autoProvisioningEnabled.spec.js similarity index 100% rename from plugins/azure/securitycenter/autoProvisioningEnabled.spec.js rename to plugins/azure/defender/autoProvisioningEnabled.spec.js diff --git a/plugins/azure/securitycenter/highSeverityAlertsEnabled.js b/plugins/azure/defender/highSeverityAlertsEnabled.js similarity index 99% rename from plugins/azure/securitycenter/highSeverityAlertsEnabled.js rename to plugins/azure/defender/highSeverityAlertsEnabled.js index 655a018159..2a13ed372d 100644 --- a/plugins/azure/securitycenter/highSeverityAlertsEnabled.js +++ b/plugins/azure/defender/highSeverityAlertsEnabled.js @@ -5,7 +5,7 @@ const SEVERITY_LEVELS = ['low', 'medium', 'high']; module.exports = { title: 'High Severity Alerts Enabled', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', description: 'Ensures that high severity alerts are enabled and properly configured.', diff --git a/plugins/azure/securitycenter/highSeverityAlertsEnabled.spec.js b/plugins/azure/defender/highSeverityAlertsEnabled.spec.js similarity index 100% rename from plugins/azure/securitycenter/highSeverityAlertsEnabled.spec.js rename to plugins/azure/defender/highSeverityAlertsEnabled.spec.js diff --git a/plugins/azure/securitycenter/monitorEndpointProtection.js b/plugins/azure/defender/monitorEndpointProtection.js similarity index 72% rename from plugins/azure/securitycenter/monitorEndpointProtection.js rename to plugins/azure/defender/monitorEndpointProtection.js index 130943e89c..7c636b7f00 100644 --- a/plugins/azure/securitycenter/monitorEndpointProtection.js +++ b/plugins/azure/defender/monitorEndpointProtection.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor Endpoint Protection', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures Endpoint Protection monitoring is enabled in Security Center', - more_info: 'When this setting is enabled, Security Center audits the Endpoint Protection setting for all virtual machines for malware protection.', - recommended_action: 'Enable Adaptive Application Controls for Endpoint Protection from the Azure Security Center by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + description: 'Ensures Endpoint Protection monitoring is enabled in Microsoft Defender.', + more_info: 'When this setting is enabled, Microsoft Defender for Cloud audits the Endpoint Protection setting for all virtual machines for malware protection.', + recommended_action: 'Enable Adaptive Application Controls for Endpoint Protection from the Microsoft Defender by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorEndpointProtection.spec.js b/plugins/azure/defender/monitorEndpointProtection.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorEndpointProtection.spec.js rename to plugins/azure/defender/monitorEndpointProtection.spec.js diff --git a/plugins/azure/securitycenter/monitorExternalAccounts.js b/plugins/azure/defender/monitorExternalAccounts.js similarity index 86% rename from plugins/azure/securitycenter/monitorExternalAccounts.js rename to plugins/azure/defender/monitorExternalAccounts.js index 841068fc92..e0e54cfc39 100644 --- a/plugins/azure/securitycenter/monitorExternalAccounts.js +++ b/plugins/azure/defender/monitorExternalAccounts.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor External Accounts with Write Permissions', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that External Accounts with Write Permissions are being Monitored in Security Center', + description: 'Ensures that External Accounts with Write Permissions are being Monitored in Microsoft Defender.', more_info: 'External Accounts with Write Permissions should be monitored to meet you organization\'s security compliance requirements.', - recommended_action: 'Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for \'External accounts with write permissions should be removed from your subscription\' from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + recommended_action: 'Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for \'External accounts with write permissions should be removed from your subscription\' from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorExternalAccounts.spec.js b/plugins/azure/defender/monitorExternalAccounts.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorExternalAccounts.spec.js rename to plugins/azure/defender/monitorExternalAccounts.spec.js diff --git a/plugins/azure/securitycenter/monitorIpForwarding.js b/plugins/azure/defender/monitorIpForwarding.js similarity index 84% rename from plugins/azure/securitycenter/monitorIpForwarding.js rename to plugins/azure/defender/monitorIpForwarding.js index 1575065008..91ad78b3b1 100644 --- a/plugins/azure/securitycenter/monitorIpForwarding.js +++ b/plugins/azure/defender/monitorIpForwarding.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor IP Forwarding', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Security Center', + description: 'Ensures that Virtual Machine IP Forwarding Monitoring is enabled in Microsoft Defender.', more_info: 'IP Forwarding feature should be monitored to meet you organization\'s security compliance requirements.', - recommended_action: 'Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for \'IP Forwarding on your virtual machine should be disabled\' from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + recommended_action: 'Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for \'IP Forwarding on your virtual machine should be disabled\' from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorIpForwarding.spec.js b/plugins/azure/defender/monitorIpForwarding.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorIpForwarding.spec.js rename to plugins/azure/defender/monitorIpForwarding.spec.js diff --git a/plugins/azure/securitycenter/monitorJitNetworkAccess.js b/plugins/azure/defender/monitorJitNetworkAccess.js similarity index 73% rename from plugins/azure/securitycenter/monitorJitNetworkAccess.js rename to plugins/azure/defender/monitorJitNetworkAccess.js index 19d98fb555..e3b0b0ccb5 100644 --- a/plugins/azure/securitycenter/monitorJitNetworkAccess.js +++ b/plugins/azure/defender/monitorJitNetworkAccess.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor JIT Network Access', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures Just In Time Network Access monitoring is enabled in Security Center', - more_info: 'When this setting is enabled, Security Center audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest', - recommended_action: 'Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + description: 'Ensures Just In Time Network Access monitoring is enabled in Microsoft Defender.', + more_info: 'When this setting is enabled, Microsoft Defender for Cloud audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest', + recommended_action: 'Ensure JIT Network Access monitoring is configured for compute and apps from Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorJitNetworkAccess.spec.js b/plugins/azure/defender/monitorJitNetworkAccess.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorJitNetworkAccess.spec.js rename to plugins/azure/defender/monitorJitNetworkAccess.spec.js diff --git a/plugins/azure/securitycenter/monitorNextGenerationFirewall.js b/plugins/azure/defender/monitorNextGenerationFirewall.js similarity index 78% rename from plugins/azure/securitycenter/monitorNextGenerationFirewall.js rename to plugins/azure/defender/monitorNextGenerationFirewall.js index 8a6fa27b76..9f3777b882 100644 --- a/plugins/azure/securitycenter/monitorNextGenerationFirewall.js +++ b/plugins/azure/defender/monitorNextGenerationFirewall.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor Next Generation Firewall', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Next Generation Firewall (NGFW) Monitoring is enabled in Security Center', - more_info: 'When this setting is enabled, Security Center will search for deployments where a NGFW is recommended.', - recommended_action: 'Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for \'All network ports should be restricted on network security groups associated to your virtual machine\' from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + description: 'Ensures that Next Generation Firewall (NGFW) Monitoring is enabled in Microsoft Defender.', + more_info: 'When this setting is enabled, Microsoft Defender for Cloud will search for deployments where a NGFW is recommended.', + recommended_action: 'Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for \'All network ports should be restricted on network security groups associated to your virtual machine\' from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorNextGenerationFirewall.spec.js b/plugins/azure/defender/monitorNextGenerationFirewall.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorNextGenerationFirewall.spec.js rename to plugins/azure/defender/monitorNextGenerationFirewall.spec.js diff --git a/plugins/azure/securitycenter/monitorSubscriptionOwners.js b/plugins/azure/defender/monitorSubscriptionOwners.js similarity index 87% rename from plugins/azure/securitycenter/monitorSubscriptionOwners.js rename to plugins/azure/defender/monitorSubscriptionOwners.js index dcd29b4c63..f69c717758 100644 --- a/plugins/azure/securitycenter/monitorSubscriptionOwners.js +++ b/plugins/azure/defender/monitorSubscriptionOwners.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor Total Number of Subscription Owners', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Total Number of Subscription Owners is being Monitored in Security Center', + description: 'Ensures that Total Number of Subscription Owners is being Monitored in Microsoft Defender.', more_info: 'Total Number of Subscription Owners should be monitored to meet you organization\'s security compliance requirements.', - recommended_action: 'Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for \'A maximum of 3 owners should be designated for your subscription\' from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + recommended_action: 'Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for \'A maximum of 3 owners should be designated for your subscription\' from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/monitorSubscriptionOwners.spec.js b/plugins/azure/defender/monitorSubscriptionOwners.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorSubscriptionOwners.spec.js rename to plugins/azure/defender/monitorSubscriptionOwners.spec.js diff --git a/plugins/azure/securitycenter/monitorSystemUpdates.js b/plugins/azure/defender/monitorSystemUpdates.js similarity index 79% rename from plugins/azure/securitycenter/monitorSystemUpdates.js rename to plugins/azure/defender/monitorSystemUpdates.js index d3a33dd8aa..83d36c78bb 100644 --- a/plugins/azure/securitycenter/monitorSystemUpdates.js +++ b/plugins/azure/defender/monitorSystemUpdates.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Monitor System Updates', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Monitor System Updates is enabled in Security Center', - more_info: 'When this setting is enabled, Security Center will audit virtual machines for pending OS or system updates.', - recommended_action: 'Ensure System Update monitoring is configured for virtual machines from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions', + description: 'Ensures that Monitor System Updates is enabled in Microsoft Defender.', + more_info: 'When this setting is enabled, Microsoft Defender for Cloud will audit virtual machines for pending OS or system updates.', + recommended_action: 'Ensure System Update monitoring is configured for virtual machines from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], compliance: { pci: 'PCI requires all system components have the latest updates ' + diff --git a/plugins/azure/securitycenter/monitorSystemUpdates.spec.js b/plugins/azure/defender/monitorSystemUpdates.spec.js similarity index 100% rename from plugins/azure/securitycenter/monitorSystemUpdates.spec.js rename to plugins/azure/defender/monitorSystemUpdates.spec.js diff --git a/plugins/azure/securitycenter/securityConfigMonitoring.js b/plugins/azure/defender/securityConfigMonitoring.js similarity index 77% rename from plugins/azure/securitycenter/securityConfigMonitoring.js rename to plugins/azure/defender/securityConfigMonitoring.js index f4e8336308..739a40b763 100644 --- a/plugins/azure/securitycenter/securityConfigMonitoring.js +++ b/plugins/azure/defender/securityConfigMonitoring.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Security Configuration Monitoring', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that Security Configuration Monitoring is enabled in Security Center', - more_info: 'When this setting is enabled, Security Center will monitor virtual machines for security configurations.', - recommended_action: 'Ensure Security Configuration Monitoring is configured for virtual machines from the Azure Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/governance/policy/overview', + description: 'Ensures that Security Configuration Monitoring is enabled in Microsoft Defender.', + more_info: 'When this setting is enabled, Microsoft Defender for Cloud will monitor virtual machines for security configurations.', + recommended_action: 'Ensure Security Configuration Monitoring is configured for virtual machines from the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['policyAssignments:list'], realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'], diff --git a/plugins/azure/securitycenter/securityConfigMonitoring.spec.js b/plugins/azure/defender/securityConfigMonitoring.spec.js similarity index 100% rename from plugins/azure/securitycenter/securityConfigMonitoring.spec.js rename to plugins/azure/defender/securityConfigMonitoring.spec.js diff --git a/plugins/azure/securitycenter/securityContactAdditionalEmail.js b/plugins/azure/defender/securityContactAdditionalEmail.js similarity index 98% rename from plugins/azure/securitycenter/securityContactAdditionalEmail.js rename to plugins/azure/defender/securityContactAdditionalEmail.js index 874153a103..e669d7302e 100644 --- a/plugins/azure/securitycenter/securityContactAdditionalEmail.js +++ b/plugins/azure/defender/securityContactAdditionalEmail.js @@ -3,7 +3,7 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Security Contact Additional Email', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Low', description: 'Ensure Additional email addresses are configured with security contact email.', diff --git a/plugins/azure/securitycenter/securityContactAdditionalEmail.spec.js b/plugins/azure/defender/securityContactAdditionalEmail.spec.js similarity index 100% rename from plugins/azure/securitycenter/securityContactAdditionalEmail.spec.js rename to plugins/azure/defender/securityContactAdditionalEmail.spec.js diff --git a/plugins/azure/securitycenter/securityContactRoleSetToOwner.js b/plugins/azure/defender/securityContactRoleSetToOwner.js similarity index 98% rename from plugins/azure/securitycenter/securityContactRoleSetToOwner.js rename to plugins/azure/defender/securityContactRoleSetToOwner.js index c1632e7153..aaa5bfb613 100644 --- a/plugins/azure/securitycenter/securityContactRoleSetToOwner.js +++ b/plugins/azure/defender/securityContactRoleSetToOwner.js @@ -3,7 +3,7 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Security Contact Enabled for Subscription Owner', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', description: 'Ensure that security alert emails are enabled to subscription owners.', diff --git a/plugins/azure/securitycenter/securityContactRoleSetToOwner.spec.js b/plugins/azure/defender/securityContactRoleSetToOwner.spec.js similarity index 100% rename from plugins/azure/securitycenter/securityContactRoleSetToOwner.spec.js rename to plugins/azure/defender/securityContactRoleSetToOwner.spec.js diff --git a/plugins/azure/securitycenter/securityContactsEnabled.js b/plugins/azure/defender/securityContactsEnabled.js similarity index 91% rename from plugins/azure/securitycenter/securityContactsEnabled.js rename to plugins/azure/defender/securityContactsEnabled.js index 136650a808..5d868c5ce6 100644 --- a/plugins/azure/securitycenter/securityContactsEnabled.js +++ b/plugins/azure/defender/securityContactsEnabled.js @@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure'); module.exports = { title: 'Security Contacts Enabled', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that security contact phone number and email address are set', + description: 'Ensures that security contact phone number and email address are set.', more_info: 'Setting security contacts ensures that any security incidents detected by Azure are sent to a security team equipped to handle the incident.', - recommended_action: 'Ensure that email notifications are configured for the subscription from the Security Center.', - link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details', + recommended_action: 'Ensure that email notifications are configured for the subscription from the Microsoft Defender for Cloud.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications', apis: ['securityContacts:list'], realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'], diff --git a/plugins/azure/securitycenter/securityContactsEnabled.spec.js b/plugins/azure/defender/securityContactsEnabled.spec.js similarity index 100% rename from plugins/azure/securitycenter/securityContactsEnabled.spec.js rename to plugins/azure/defender/securityContactsEnabled.spec.js diff --git a/plugins/azure/securitycenter/standardPricingEnabled.js b/plugins/azure/defender/standardPricingEnabled.js similarity index 89% rename from plugins/azure/securitycenter/standardPricingEnabled.js rename to plugins/azure/defender/standardPricingEnabled.js index 5df694d463..761752d7a6 100644 --- a/plugins/azure/securitycenter/standardPricingEnabled.js +++ b/plugins/azure/defender/standardPricingEnabled.js @@ -3,13 +3,13 @@ var helpers = require('../../../helpers/azure/'); module.exports = { title: 'Standard Pricing Enabled', - category: 'Security Center', + category: 'Defender', domain: 'Management and Governance', severity: 'Medium', - description: 'Ensures that standard pricing is enabled in the security center', - more_info: 'Enabling standard pricing increases the security posture of the subscription. This enables advanced security monitoring for the services covered under the security center.', - recommended_action: 'Ensure that standard pricing is enabled in the security center.', - link: 'https://azure.microsoft.com/en-us/pricing/details/security-center/', + description: 'Ensures that standard pricing is enabled in the Microsoft Defender.', + more_info: 'Enabling standard pricing increases the security posture of the subscription. This enables advanced security monitoring for the services covered under the Microsoft Defender for Cloud.', + recommended_action: 'Ensure that standard pricing is enabled in the Microsoft Defender.', + link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference', apis: ['pricings:list'], realtime_triggers: ['microsoftsecurity:pricings:write','microsoftsecurity:pricings:delete'], diff --git a/plugins/azure/securitycenter/standardPricingEnabled.spec.js b/plugins/azure/defender/standardPricingEnabled.spec.js similarity index 100% rename from plugins/azure/securitycenter/standardPricingEnabled.spec.js rename to plugins/azure/defender/standardPricingEnabled.spec.js From 6ca6b234ef11d3c6b15ceaac88537858de301aa1 Mon Sep 17 00:00:00 2001 From: AkhtarAmir Date: Mon, 26 Aug 2024 13:33:42 +0500 Subject: [PATCH 2/3] fix lint --- exports.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/exports.js b/exports.js index c54597ccaa..e0913581dd 100644 --- a/exports.js +++ b/exports.js @@ -836,13 +836,13 @@ module.exports = { 'virtualMachinesDeallocateAlert': require(__dirname + '/plugins/azure/logalerts/virtualMachinesDeallocateAlert.js'), 'publicIpAddressLoggingEnabled' : require(__dirname+ '/plugins/azure/logalerts/publicIpAddressLoggingEnabled.js'), - 'monitorBlobEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorBlobEncryption.js'), - 'monitorVMVulnerability' : require(__dirname + '/plugins/azure/securitycenter/monitorVMVulnerability.js'), - 'monitorSQLEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlEncryption.js'), - 'monitorSQLAuditing' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlAuditing.js'), - 'monitorDiskEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorDiskEncryption.js'), - 'adminSecurityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/adminSecurityAlertsEnabled.js'), - 'monitorNsgEnabled' : require(__dirname + '/plugins/azure/securitycenter/monitorNsgEnabled.js'), + 'monitorBlobEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorBlobEncryption.js'), + 'monitorVMVulnerability' : require(__dirname + '/plugins/azure/securitycenter/monitorVMVulnerability.js'), + 'monitorSQLEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlEncryption.js'), + 'monitorSQLAuditing' : require(__dirname + '/plugins/azure/securitycenter/monitorSqlAuditing.js'), + 'monitorDiskEncryption' : require(__dirname + '/plugins/azure/securitycenter/monitorDiskEncryption.js'), + 'adminSecurityAlertsEnabled' : require(__dirname + '/plugins/azure/securitycenter/adminSecurityAlertsEnabled.js'), + 'monitorNsgEnabled' : require(__dirname + '/plugins/azure/securitycenter/monitorNsgEnabled.js'), 'resourceAllowedLocations' : require(__dirname + '/plugins/azure/policyservice/resourceAllowedLocations.js'), 'resourceLocationMatch' : require(__dirname + '/plugins/azure/policyservice/resourceLocationMatch.js'), From 08dbcb8cbc42eaa615bf94735fac166859cf7208 Mon Sep 17 00:00:00 2001 From: AkhtarAmir Date: Mon, 26 Aug 2024 14:07:14 +0500 Subject: [PATCH 3/3] fix test --- plugins/aws/eks/eksKubernetesVersion.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/aws/eks/eksKubernetesVersion.spec.js b/plugins/aws/eks/eksKubernetesVersion.spec.js index b53206f8d2..0997f85358 100644 --- a/plugins/aws/eks/eksKubernetesVersion.spec.js +++ b/plugins/aws/eks/eksKubernetesVersion.spec.js @@ -82,7 +82,7 @@ describe('eksKubernetesVersion', function () { "cluster": { "name": "mycluster", "arn": "arn:aws:eks:us-east-1:012345678911:cluster/mycluster", - "version": "1.27", + "version": "1.29", } } );