Risk Level: Low
Description:
This plugin makes sure that security contacts are set up correctly. Enabling high severity alerts means that Microsoft alerts for potential security concerns are provided and that the risks are quickly mitigated.
Recommended Action: Ensure that high severity alerts are configured.
About the Service :
Microsoft Azure Security Center is a collection of tools for monitoring and managing the security of virtual machines and other cloud computing resources in Microsoft's public cloud. The Azure Security Center is accessed through the Azure management interface by administrators. Policy Configuration, Data Collection, Recommendation, Alerts, etc. features are some of the most important elements of Azure Security Center.
Impact:
If there is no valid security contact (either phone number or email address ) available for each Microsoft Azure subscription that you own, Security Center will not be able to reach out to you if it identifies any breaches or compromises in your Aure Cloud resources.
Steps to reproduce ( Using Azure CLI ):
- Sign in to your Azure CLI.
- Run the following command to describe current security configurations:
az security contact list
- It should give the following output:
- If there is no security contact phone number and email address defined, then there are no security contacts configured in the Azure Security Center configuration for the selected Microsoft Azure subscription.
- Repeat step no. 2-4 for each Microsoft Azure subscription available in your account.
Steps for remediation :
- Sign in to your Azure CLI.
- Type the following command to set up phone contact for security alerts in your Microsoft Azure subscription:
-
az security contact create -n "<alert_user_name>" --email '<your_email>' --phone '<your_contact_number>' --alert-notifications 'on' --alerts-admins 'on'
- Replace the values of -n attribute with name, add a security email address in the –email attribute and a security contact phone number in the –phone attribute according to your choice.
- Repeat steps no. 2 and 4 to reconfigure each Microsoft Azure subscription that is misconfigured in your account.
References:
- https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
- https://azure.microsoft.com/mediahandler/files/resourcefiles/cis-microsoft-azure-foundations-security-benchmark/CIS_Microsoft_Azure_Foundations_Benchmark_v1.0.0.pdf
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support