Table: azure_security_center_auto_provisioning - Query Azure Security Center Auto Provisioning Settings using SQL
Azure Security Center Auto Provisioning is a feature within Microsoft Azure that allows for the automatic deployment of security services and controls. It plays a crucial role in ensuring that the necessary security services are in place across all Azure resources, making it easier to maintain and monitor the security posture of your Azure environment. It promotes consistency and reduces the chance of misconfiguration or oversight in security controls deployment.
Table Usage Guide
The azure_security_center_auto_provisioning
table provides insights into the automatic deployment of security services and controls within Azure Security Center. As a Security or DevOps engineer, explore the details of auto provisioning settings through this table, including the target resource type and auto provisioning status. Utilize it to maintain optimal and consistent security posture across your Azure resources, and to ensure that all necessary security services are automatically deployed as needed.
Examples
Basic info
Determine the areas in which automatic provisioning is enabled in your Azure Security Center to enhance your security posture and reduce manual configuration efforts.
select id, name, type, auto_provisionfrom azure_security_center_auto_provisioning;
select id, name, type, auto_provisionfrom azure_security_center_auto_provisioning;
List subscriptions that have automatic provisioning of VM monitoring agent enabled
Discover the segments that have automatic virtual machine monitoring agent provisioning enabled. This can be beneficial to assess the elements within your system that are being automatically monitored, ensuring system performance and security.
select id, name, type, auto_provisionfrom azure_security_center_auto_provisioningwhere auto_provision = 'On';
select id, name, type, auto_provisionfrom azure_security_center_auto_provisioningwhere auto_provision = 'On';
Control examples
- Auto provisioning of the Log Analytics agent should be enabled on your subscription
- CIS v1.3.0 > 2 Security Center > 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On'
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.2 Auto Provisioning > 2.2.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.14 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.1 Microsoft Cloud Security Posture Management (CSPM) > 3.1.1.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
Schema for azure_security_center_auto_provisioning
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
auto_provision | text | Describes what kind of security agent provisioning action to take. Possible values include: On, Off | |
cloud_environment | text | The Azure Cloud Environment. | |
id | text | The resource id. | |
name | text | = | The resource name. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
title | text | Title of the resource. | |
type | text | The resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure
You can pass the configuration to the command with the --config
argument:
steampipe_export_azure --config '<your_config>' azure_security_center_auto_provisioning