Azure Security Center Defender set to Off for Kubernetes
Description
Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they've been onboarded). Azure Defender for Kubernetes provides cluster-level threat protection by monitoring your AKS-managed services through the logs retrieved by Azure Kubernetes Service (AKS).
Code Example
go
resource "azurerm_security_center_subscription_pricing" "example" {
tier = "Standard"
resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"
}Remediation
Terraform
- Resource: azurerm_security_center_subscription_pricing
- Arguments: resource_type - (Required) The resource type this setting affects.
Ensure that `KubernetesService` is declared to pass this check.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0593 |
| Severity | HIGH |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_85 |