Security Center default policy setting 'Monitor OS Vulnerabilities' is not enabled Affecting Security Center service in Azure
Severity Framework
Snyk CCSS
Rule category
Monitoring / Vulnerabilities
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CSA-CCM
HIPAA
ISO-27001
NIST-800-53
SOC-2
- Snyk ID SNYK-CC-00665
- credit Snyk Research Team
Description
When this setting is enabled, it analyzes operating system configurations daily to determine issues that could make the virtual machine vulnerable to attack.
How to fix?
Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9 and enforcementMode to Default.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2019-09-01",
"name": "allowed",
"properties": {
"displayName": "A vulnerability assessment solution should be enabled on your virtual machines",
"description": "Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
"enforcementMode": "Default"
}
}
]
}