azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_bastion_hostazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gateway
Table: azure_security_center_contact - Query Azure Security Center Contacts using SQL
Azure Security Center Contacts is a feature within Microsoft Azure that allows you to manage and configure the security contact details in Azure Security Center. These contact details are used by Azure to send notifications regarding security alerts, recommendations, and other important security information. It is a crucial component of Azure's security management system, providing a streamlined way to receive and manage security notifications.
Table Usage Guide
The azure_security_center_contact table provides insights into the contact details configured in Azure Security Center. As a security administrator, explore contact-specific details through this table, including alert notifications, and alert email settings. Utilize it to manage and monitor the communication of security alerts and recommendations from Azure to the designated contacts.
Examples
Basic info
Explore which security center contacts in your Azure environment have alert notifications enabled. This helps to identify who is receiving alerts and whether any necessary contacts are missing from the notifications list.
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contact;select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contact;List security center contacts not configured with email notifications
Determine areas in which Security Center contacts have been set up without email notifications. This is useful to ensure that all necessary parties are receiving important security alerts and updates.
select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contactwhere email != '';select id, email, alert_notifications, alerts_to_adminsfrom azure_security_center_contactwhere email != '';Control examples
- 2.1.17 Ensure That 'All users with the following roles' is set to 'Owner'
- 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- 2.1.18 Ensure That 'All users with the following roles' is set to 'Owner'
- 2.1.19 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- 2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- 2.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- 2.13 Ensure 'Additional email addresses' is configured with a security contact email
- 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
- 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'
- 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
- 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
- 2.3.1 Ensure That 'All users with the following roles' is set to 'Owner'
- 2.3.2 Ensure 'Additional email addresses' is Configured with a Security Contact Email
- 2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- Email notification for high severity alerts should be enabled
- Email notification to subscription owner for high severity alerts should be enabled
- Ensure 'Additional email addresses' is configured with a security contact email
- Subscriptions should have a contact email address for security issues
Schema for azure_security_center_contact
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| alert_notifications | text | Whether to send security alerts notifications to the security contact. | |
| alerts_to_admins | text | Whether to send security alerts notifications to subscription admins. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| text | The email of this security contact. | ||
| id | text | The resource id. | |
| name | text | = | The resource name. |
| phone | text | The phone number of this security contact. | |
| subscription_id | text | The Azure Subscription ID in which the resource is located. | |
| title | text | Title of the resource. | |
| type | text | The resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_security_center_contact