Security Center setting 'All users with the following roles' is not set to 'Owner' Affecting Security Center service in Azure

Snyk CCSS

Monitoring / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure

Snyk ID SNYK-CC-00701
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Security Center alerts ensure that the appropriate individuals in an organization are notified via email when issues occur, speeding up time to remediation. Subscription owners should receive these alerts so they can triage and remediate issues appropriately.

How to fix?

Set the alertNotifications and alertsToAdmins attributes to On.

Example Configuration

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Security/securityContacts",
            "apiVersion": "2017-08-01-preview",
            "name": "contact-allowed",
            "location": "[resourceGroup().location]",
            "properties": {
                "email": "contact@example.com",
                "alertNotifications": "On",
                "alertsToAdmins": "On"
            }
        }
    ]
}

ARM

Microsoft.Security securityContacts 2017-08-01-preview

Terraform

azurerm_security_center_contact

References

Quickstart: Configure email notifications for security alerts