Microsoft Antimalware is not configured to automatically update Virtual Machines
Description
This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures.
Code Example
go
{
"resource "azurerm_virtual_machine" "virtual_machine_good_1" {
name = "acctvm"
location = "location"
resource_group_name = "group"
network_interface_ids = ["id"]
vm_size = "Standard_F2"
storage_os_disk {
name = "myosdisk1"
caching = "ReadWrite"
create_option = "FromImage"
}
}
resource "azurerm_virtual_machine_extension" "extension_good_1" {
name = "hostname"
+ virtual_machine_id = azurerm_virtual_machine.virtual_machine_good_1.id
publisher = "Microsoft.Azure.Security"
type = "IaaSAntimalware"
type_handler_version = "2.0"
auto_upgrade_minor_version = true
}
",
}Remediation
Terraform
- Resource: azurerm_virtual_machine, azurerm_virtual_machine_extension
- Arguments: virtual_machine_id (of * azurerm_virtual_machine_extension* )
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0768 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_10 |