Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Roles Assumable By Security Services” in AZUREIAM using the AZURE console, follow these step-by-step instructions:
- Sign in to the AZURE portal (https://portal.azure.com) using your credentials.
- In the left-hand menu, click on “Azure Active Directory”.
- Under “Manage”, click on “Roles and administrators”.
- On the “Roles and administrators” page, you will see a list of built-in roles. Click on the role that you want to remediate (e.g., “Security Administrator”).
- In the role details page, click on the “Properties” tab.
- Scroll down to the “Permissions” section and click on the “Add permissions” button.
- In the “Add permissions” pane, search for and select the appropriate security service (e.g., “Azure Security Center”).
- Click on the “Add permissions” button to add the security service to the role.
- Review the other properties of the role and make any necessary changes.
- Click on the “Save” button to save the changes to the role.
Using CLI
Using CLI
To remediate the misconfiguration of roles assumable by security services in Azure using Azure CLI, follow these step-by-step instructions:
- Install Azure CLI: If you haven’t already, install Azure CLI on your local machine by following the instructions provided by Microsoft.
-
Login to Azure: Open a command prompt or terminal and log in to your Azure account using the following command:
-
Select the Azure subscription: If you have multiple Azure subscriptions, select the appropriate subscription using the following command:
-
List existing roles: Run the following command to list all the existing roles in your Azure subscription:
- Identify the security service roles: Look for any roles that are assumable by security services, such as “Security Admin” or “Security Reader”. Note down the role names or IDs that need to be remediated.
-
Remove the assumable roles: To remove the assumable roles, use the following command:
Replace
<role_name_or_id>with the name or ID of the role you want to remove, and<service_principal_object_id>with the object ID of the security service principal. Repeat this command for each assumable role that needs to be remediated. -
Verify the changes: Run the following command to verify that the roles have been successfully removed:
Replace
<service_principal_object_id>with the object ID of the security service principal. Ensure that the assumable roles you remediated are no longer listed. - Repeat for other security services: If you have multiple security services, repeat steps 6 and 7 for each security service to remove their assumable roles.
Using Python
Using Python
To remediate the misconfiguration “Roles Assumable By Security Services” in Azure IAM using Python, follow these steps:
-
Install the necessary Python libraries:
-
Authenticate with Azure using the Azure Identity library. You can choose one of the available authentication methods (e.g., interactive login, service principal, managed identity). Here’s an example using interactive login:
-
Retrieve the list of security services’ roles that can be assumed. This can be achieved by listing the built-in roles assigned to the security services. Here’s an example:
-
Remove the roles assigned to the security services. Iterate through the list of roles and delete them one by one. Here’s an example:
- Verify the remediation by re-checking the roles assigned to the security services. Ensure that the roles have been successfully removed.
<your-subscription-id> with your Azure subscription ID, and <your-scope> with the appropriate scope (e.g., resource group, subscription, etc.) where the security services’ roles are assigned.Remember to handle any potential errors and exceptions that may occur during the remediation process.