Azure Microsoft Defender for Cloud is set to Off for Servers
Description
Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they've been onboarded). Azure Defender for servers adds threat detection and advanced defenses for Windows and Linux machines.
Code Example
go
resource "azurerm_security_center_subscription_pricing" "example" {
tier = "Standard"
resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"
}Remediation
Terraform
- Resource: azurerm_security_center_subscription_pricing
- Arguments: resource_type - (Required) The resource type this setting affects.
Ensure that `SqlServers` is declared to pass this check.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0564 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_55 |