- CNS Policies
- Azure Knowledge Base
- Azure Cosmos DB
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
Advanced Threat Protection Disabled
Risk Level: Low
Description
This plugin ensures that the Advanced Threat Protection feature is enabled for Microsoft Azure CosmosDB accounts. Advanced Threat Protection for Azure CosmosDB provides an additional layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit Azure CosmosDB accounts.
About the Service
Azure Cosmos DB: Azure Cosmos DB is a fully managed NoSQL database service for application developments. It provides a single-digit millisecond response time and ensures the full-time availability of the database.
Impact
Advanced threat protection uses threat intelligence and AI to detect suspicious activities within or outside the organisation. Disabling the option will lead to missing out on alerts regarding the activities which might have suspicious intentions.
Steps to Reproduce
- Login to azure portal.
- Click on Azure Cosmos DB under Azure services.
- Select an account for which error has to be detected.
- Click on Advanced security under the Settings section.
- If the Advanced Threat Protection option is set to ‘off’, go to the Steps to remediation section to remediate the problem.
- Repeat the process for other accounts as well.
Steps for Remediation
- Login to azure portal.
- Click on Azure Cosmos DB under Azure services.
- Select an account for which error has to be detected.
- Click on Advanced security under the Settings section.
- Click on the ‘On’ button at Status to set
- Repeat the process for other accounts as well.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support