Security Center default policy setting 'Monitor Vulnerability Assessment' is not enabled Affecting Security Center service in Azure
Severity Framework
Snyk CCSS
Rule category
Monitoring / Vulnerabilities
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CSA-CCM
HIPAA
ISO-27001
NIST-800-53
SOC-2
- Snyk ID SNYK-CC-00671
- credit Snyk Research Team
Description
When this setting is enabled, it recommends a vulnerability assessment solution be installed on virtual machines.
How to fix?
Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9, and set enforcementMode to true or remove the attribute.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2019-09-01",
"name": "policy_assignments_671_allowed",
"properties": {
"displayName": "A vulnerability assessment solution should be enabled on your virtual machines",
"description": "Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.",
"enforcementMode": "Default",
"scope": "/subscriptions/5f479449-6df7-4c39-af0f-d8837aa02eec/resourcegroups/snyk_3",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9"
}
}
]
}