Homepage

Security Center default policy setting 'Monitor System Updates' is not enabled Affecting Security Center service in Azure

Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Monitoring/ Operating System

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-AzureCSA-CCMHIPAA
  • Snyk IDSNYK-CC-00664
  • creditSnyk Research Team
Report a new misconfiguration Found a mistake?

Description

When enabled, Security Center audits virtual machines for pending OS or system updates to determine if they could become vulnerable to attack.

How to fix?

Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60 and set enforcementMode to Default or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2019-09-01",
            "name": "policy_664_allowed",
            "properties": {
                "displayName": "Security Center default policy setting 'Monitor System Updates' should be enabled",
                "description": "Security Center default policy setting 'Monitor System Updates' should be enabled. When this setting is enabled, it analyzes operating system configurations daily to determine issues that could make the virtual machine vulnerable to attack",
                "enforcementMode": "Default",
                "scope": "/subscriptions/5f479449-6df7-4c39-af0f-d8837aa02eec/resourcegroups/snyk_3",
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60"
            }
        }
    ]
}