Azure-SecurityCenter-Security-Configuration-Monitoring
Severity : High
Description: This control ensures that Vulnerabilities in security configuration on your machines should be remediated' is enabled for at least one policy assignment with policy definition "Enable Monitoring in Azure Security Center". When this setting is not disabled, it analyzes operating system configurations daily to determine issues that could make the virtual machine vulnerable to attack. The policy also recommends configuration changes to address these vulnerabilities.
Remediation Steps:
Perform following to update parameters:
Login to Azure Portal using https://portal.azure.com.
Go to Policy service.
On Policy overview, Click onDefault/Custom Policy.
Click on Edit Assignments.
In Basics menu, check there are no exclusions added for resource Group.
Set Policy Enforcement to Enabled.
Goto Parameters and set Vulnerabilities in security configuration on your machines should be remediated to AuditIfNotExist.
Click Review + save.
Important:
Along with ASC Default assignment, there could be custom policy assignments with the policy definition "Enable Monitoring in Azure Security Center". 'Monitor missing Endpoint Protection in Azure Security Center' should be enabled for at least one of such assignments
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-policies
https://docs.microsoft.com/en-us/azure/security-center/security-center-remediate-os-vulnerabilities
https://gallery.technet.microsoft.com/Azure-Security-Center-a789e335
https://docs.microsoft.com/en-us/rest/api/resources/policyassignments/get
https://docs.microsoft.com/en-us/rest/api/resources/policyassignments/create
Blue Hexagon Proprietary