Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Monitoring/ Policy
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AzureHIPAAISO-27001PCI-DSS
- Snyk IDSNYK-CC-00678
- creditSnyk Research Team
Description
Monitoring for "Create Policy Assignment" events may reduce the time it takes to detect unsolicited changes.
How to fix?
Set field operationName to Microsoft.Authorization/policyAssignments/write and set enabled to true.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "default",
"location": "global",
"properties": {
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.Authorization/policyAssignments/Write"
}
]
},
"actions": {
"actionGroups": []
}
}
}
]
}
Set criteria.operation_name to Microsoft.Authorization/policyAssignments/write and set enabled to true or remove the attribute.
Example Configuration
resource "azurerm_monitor_activity_log_alert" "allowed" {
name = "example678"
resource_group_name = azurerm_resource_group.example678.name
scopes = ["${azurerm_resource_group.example678.id}"]
criteria {
operation_name = "Microsoft.Authorization/policyAssignments/write"
category = "Administrative"
}
}