Ensure That Microsoft Defender for Key Vault Is Set To 'On'
Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Risk Level: High
Cloud Entity: Defender Plans
CloudGuard Rule ID: D9.AZU.MON.71
Covered by Spectral: No
Category: Security Center
GSL LOGIC
DefenderPlans where name='KeyVaults' should have properties.pricingTier='Standard'
REMEDIATION
From Portal
- Go to 'Microsoft Defender for Cloud'.
- Click on 'Environment Settings' blade.
- Click on the subscription name.
- Select the Defender plans blade.
- On the line in the table for 'Key Vault' Select 'On' under Plan.
- Click Save.
From TF
Set the 'tier' and 'resource_type' arguments under 'azurerm_security_center_subscription_pricing' as below:
resource "azurerm_security_center_subscription_pricing" "example" {
...
tier = "Standard"
resource_type = "KeyVaults"
...
}
From Command Line
Use the below command to enable Azure Defender for Key Vaults
Run
az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/KeyVaults?api-version=2018-06-01 -d@'input.json''
Where input.json contains the Request body json data as mentioned below.
{
'id': '/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/pricings/KeyVaults',
'name': 'KeyVaults',
'type': 'Microsoft.Security/pricings',
'properties': {
'pricingTier': 'Standard'
}
}
References
- https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
- https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing
Defender Plans
The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for the compute, data, and service layers of your environment
Compliance Frameworks
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago