Azure Introduction
Azure Pricing
Azure Threats
Ensure That Defender For Cloud Integration Is Enabled.
More Info:
Ensure that Defender for Endpoint – Defender for Cloud integration is enabled.
Risk Level
Medium
Address
Operational Maturity
Compliance Standards
CISAZURE, CBP
Triage and Remediation
Remediation
To remediate the misconfiguration “Ensure That Defender For Cloud Integration Is Enabled” in Azure using the Azure console, follow the steps below:
- Login to the Azure portal using your credentials.
- Navigate to the Security Center dashboard.
- Click on the “Security policy” option from the left-hand side menu.
- Select the subscription for which you want to enable the Defender for Cloud integration.
- Click on the “Edit” button to edit the security policy.
- Scroll down to the “Data Collection” section and click on the “Edit” button.
- In the “Data Collection” section, ensure that the “Defender for Cloud” option is enabled.
- Click on the “Save” button to save the changes.
After following these steps, the Defender for Cloud integration will be enabled, and the misconfiguration “Ensure That Defender For Cloud Integration Is Enabled” will be remediated in Azure.
To remediate the misconfiguration “Ensure That Defender For Cloud Integration Is Enabled” for Azure using Azure CLI, follow the below steps:
-
Open the Azure CLI on your system.
-
Login to your Azure account using the below command:
az login -
Once you are logged in, set the default subscription using the below command:
az account set --subscription <subscription-id>Replace
<subscription-id>with the ID of the Azure subscription that you want to use. -
Now, enable the Defender for Cloud integration using the below command:
az security auto-provisioning-setting update --name 'default' --auto-provision 'On'This command will update the auto-provisioning setting to ‘On’ for the default policy.
-
Verify that the Defender for Cloud integration is enabled using the below command:
az security auto-provisioning-setting show --name 'default'This command will show the details of the auto-provisioning setting for the default policy.
Once you have completed the above steps, the misconfiguration “Ensure That Defender For Cloud Integration Is Enabled” will be remediated for Azure using Azure CLI.
To remediate the misconfiguration “Ensure That Defender For Cloud Integration Is Enabled” for Azure using Python, you can use the Azure SDK for Python to enable the integration of Defender for Cloud. Here are the step-by-step instructions:
- Install the Azure SDK for Python using the following command:
pip install azure-mgmt-security
-
Create an Azure Active Directory (AD) application and service principal. You can follow the instructions in this Microsoft document to create the application and service principal.
-
Create an Azure credential object using the service principal credentials. Here’s an example code snippet:
from azure.common.credentials import ServicePrincipalCredentials
subscription_id = '<your-subscription-id>'
client_id = '<your-client-id>'
client_secret = '<your-client-secret>'
tenant_id = '<your-tenant-id>'
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=client_secret,
tenant=tenant_id
)
- Use the Azure SDK for Python to enable the Defender for Cloud integration. Here’s an example code snippet:
from azure.mgmt.security import SecurityCenter
security_center_client = SecurityCenter(credentials, subscription_id)
defender_for_cloud = security_center_client.settings.get('defenderForCloud')
defender_for_cloud.properties['status'] = 'On'
security_center_client.settings.create('defenderForCloud', defender_for_cloud)
This code snippet retrieves the current Defender for Cloud settings, sets the status to “On”, and updates the settings.
- Run the Python script to remediate the misconfiguration.
After running the script, the Defender for Cloud integration will be enabled for your Azure environment.