Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
9Dashboards
1129Controls
407Queries
2Variables
GitHub
Loading controls...

Control: 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected

Description

This setting enables Windows Defender ATP (WDATP) integration with Security Center. WDATP integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within security center. This integration helps to spot abnormalities, detect and respond to advanced attacks on Windows server endpoints monitored by Azure Security Center.

Windows Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription. WDATP works only with Standard Tier subscriptions.

Remediation

From Console

Perform the following action to check Azure Defender is set to On for Key Vault:

  1. Login to Azure console and navigate to Security Center.
  2. Select Pricing & settings blade under Management.
  3. Click on the subscription name, select Threat Detection.
  4. Ensure setting Allow Microsoft Defender ATP to access my data is selected.

Perform the following action to enable Azure Defender for Key Vault:

  1. Login to Azure console and navigate to Security Center.
  2. Select Pricing & settings blade under Management.
  3. Click on the subscription name, select Threat Detection.
  4. Select Allow Microsoft Defender ATP to access my data.
  5. Click Save.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_2_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_2_9 --share

SQL

This control uses a named query:

securitycenter_wdatp_integration

Tags

category = Compliance
cis = true
cis_item_id = 2.9
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.3.0
plugin = azure
service = Azure/SecurityCenter