Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
Enable automatic provisioning of the monitoring agent to collect security data.
Risk Level: Low
Cloud Entity: Auto Provisioning Settings
CloudGuard Rule ID: D9.AZU.MON.58
Covered by Spectral: No
Category: Security Center
GSL LOGIC
AutoProvisioningSettings should have properties.autoProvision regexMatch /[Oo][Nn]/
REMEDIATION
From Portal
- Go to Microsoft Defender for Cloud
- Click on Environment Settings
- Click on a subscription
- Click on Auto Provisioning in the left column.
- Ensure that Log Analytics agent for Azure VMs is set to On
From TF
Set the 'auto_provision' argument under 'azurerm_security_center_auto_provisioning' to On:
resource "azurerm_security_center_auto_provisioning" "example" {
...
auto_provision = "On"
...
}
From Command Line
Use the below command to set Automatic provisioning of monitoring agent to On.
Run
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/autoProvisioningSettings?default?api-version=2017-08-01-preview -d@'input.json''
Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/autoProvisioningSettings/default',
'name': 'default',
'type': 'Microsoft.Security/autoProvisioningSettings',
'properties': {
'autoProvision': 'On'
}
}
References
- https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-feature
- https://docs.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_auto_provisioning
Auto Provisioning Settings
Auto Provision is used to install the extensions on existing and future machines in the subscription.
Compliance Frameworks
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago