cloudbeat icon indicating copy to clipboard operation
cloudbeat copied to clipboard
verified publisher icon elastic

[CIS Azure] 2.1.* rules require subscription to Microsoft.Security in order to pull evaluation data

Open jeniawhite opened this issue 1 year ago • 0 comments

Describe the bug There is a requirement from Azure to enroll into the Microsoft.Security in order to pull the data that we need for 2.1.* rules evaluation.

Screenshot 2024-02-20 at 18 29 25

This affects pulling of the following resources:

  • microsoft.security/autoprovisioningsettings
  • microsoft.security/securitycontacts

Due to that users that aren't enrolled won't be able to get evaluations for 2.1.* rules.

Expected behavior We should investigate and try to figure out how to evaluate these rules without any enrollment from the user. If there is no option to evaluate these rules without the enrollment, then we need to document that and reflect to the customer.

Definition of done

  • [ ] Look for a different way to pool the relevant data for evaluation
  • [ ] Document enrollment to Microsoft Security as a prerequisite

jeniawhite avatar Feb 20 '24 16:02 jeniawhite