Loading controls...
Benchmark: Security Center
Description
This benchmark provides a set of controls that detect Terraform Azure Security Center resources deviating from security best practices.
Usage
Browse dashboards and select Security Center:
steampipe dashboard
Or run the benchmarks in your terminal:
steampipe check terraform_azure_compliance.benchmark.securitycenter
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_azure_compliance.benchmark.securitycenter
Controls
- Auto provisioning of the Log Analytics agent should be enabled on your subscription
- Ensure that Azure Defender is set to On for App Service
- Ensure that Azure Defender is set to On for Container Registries
- Ensure that Azure Defender is set to On for Kubernetes
- Ensure that Azure Defender is set to On for Key Vault
- Ensure that Azure Defender is set to On for Servers
- Ensure that Azure Defender is set to On for Azure SQL database servers
- Azure Defender for SQL should be enabled for unprotected SQL Managed Instances
- Ensure that Azure Defender is set to On for Storage
- Subscriptions should have a contact email address for security issues
- Email notification for high severity alerts should be enabled
- Email notification to subscription owner for high severity alerts should be enabled