Security Center default policy setting 'Monitor Vulnerability Assessment' is not enabled Affecting Security Center service in Azure

Snyk CCSS

Monitoring/ Vulnerabilities

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-AzureCSA-CCMHIPAAISO-27001NIST-800-53SOC-2

Snyk IDSNYK-CC-00671
creditSnyk Research Team

Report a new misconfiguration Found a mistake?

Description

When this setting is enabled, it recommends a vulnerability assessment solution be installed on virtual machines.

How to fix?

Set policyDefinitionId to /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9, and set enforcementMode to true or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2019-09-01",
            "name": "policy_assignments_671_allowed",
            "properties": {
                "displayName": "A vulnerability assessment solution should be enabled on your virtual machines",
                "description": "Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.",
                "enforcementMode": "Default",
                "scope": "/subscriptions/5f479449-6df7-4c39-af0f-d8837aa02eec/resourcegroups/snyk_3",
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9"
            }
        }
    ]
}

Set policy_definition_id to /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9, and set enforce to true or remove the attribute.

Example Configuration

resource "azurerm_subscription_policy_assignment" "allowed" { 
  name = "monitor-vulnerability-assessment" 
  subscription_id = data.azurerm_subscription.current.id 
  policy_definition_id = "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9" 
  description = "A vulnerability assessment solution should be enabled on your virtual machines" 
  display_name = "Monitor vulnerability assessment" 
  enforce = true
}