Table: azure_security_center_contact - Query Azure Security Center Contacts using SQL
Azure Security Center Contacts is a feature within Microsoft Azure that allows you to manage and configure the security contact details in Azure Security Center. These contact details are used by Azure to send notifications regarding security alerts, recommendations, and other important security information. It is a crucial component of Azure's security management system, providing a streamlined way to receive and manage security notifications.
Table Usage Guide
The azure_security_center_contact
table provides insights into the contact details configured in Azure Security Center. As a security administrator, explore contact-specific details through this table, including alert notifications, and alert email settings. Utilize it to manage and monitor the communication of security alerts and recommendations from Azure to the designated contacts.
Examples
Basic info
Explore which security center contacts in your Azure environment have alert notifications enabled. This helps to identify who is receiving alerts and whether any necessary contacts are missing from the notifications list.
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contact;
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contact;
List security center contacts not configured with email notifications
Determine areas in which Security Center contacts have been set up without email notifications. This is useful to ensure that all necessary parties are receiving important security alerts and updates.
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contactwhere email != '';
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contactwhere email != '';
Control examples
- All Controls > Security Center > Ensure 'Additional email addresses' is configured with a security contact email
- CIS v1.3.0 > 2 Security Center > 2.13 Ensure 'Additional email addresses' is configured with a security contact email
- CIS v1.3.0 > 2 Security Center > 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
- CIS v1.3.0 > 2 Security Center > 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
- CIS v1.4.0 > 2 Microsoft Defender for Cloud > 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.3 Email notifications > 2.3.1 Ensure That 'All users with the following roles' is set to 'Owner'
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.3 Email notifications > 2.3.2 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- CIS v1.5.0 > 2 Microsoft Defender for Cloud > 2.3 Email notifications > 2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.18 Ensure That 'All users with the following roles' is set to 'Owner'
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.19 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- CIS v2.0.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.17 Ensure That 'All users with the following roles' is set to 'Owner'
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- CIS v2.1.0 > 2 Microsoft Defender > 2.1 Microsoft Defender for Cloud > 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.12 Ensure That 'All users with the following roles' is set to 'Owner'
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- CIS v3.0.0 > 3 Security > 3.1 Microsoft Defender for Cloud > 3.1.14 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- Email notification for high severity alerts should be enabled
- Email notification to subscription owner for high severity alerts should be enabled
- Subscriptions should have a contact email address for security issues
Schema for azure_security_center_contact
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
alert_notifications | text | Whether to send security alerts notifications to the security contact. | |
alerts_to_admins | text | Whether to send security alerts notifications to subscription admins. | |
cloud_environment | text | The Azure Cloud Environment. | |
text | The email of this security contact. | ||
id | text | The resource id. | |
name | text | = | The resource name. |
phone | text | The phone number of this security contact. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
title | text | Title of the resource. | |
type | text | The resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure
You can pass the configuration to the command with the --config
argument:
steampipe_export_azure --config '<your_config>' azure_security_center_contact