Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Enable Monitoring of Deprecated Accounts” for AZURE using the AZURE console, you can follow the below steps:
- Log in to the AZURE portal (https://portal.azure.com/).
- Click on the “Security Center” option from the left-hand side menu.
- In the Security Center dashboard, click on the “Security policy” option from the top menu.
- In the Security policy page, click on the “Edit” button to edit the policy.
- Scroll down to the “Monitoring of deprecated accounts” policy and ensure that it is set to “Enabled”.
- If it is not enabled, click on the “Enabled” option to turn it on.
- Once enabled, click on the “Save” button to save the changes.
- Verify that the policy is now enabled by checking the “Policy Status” column for the “Monitoring of deprecated accounts” policy. It should show “Compliant”.
Using CLI
Using CLI
To remediate the misconfiguration “Enable Monitoring of Deprecated Accounts” for Azure using Azure CLI, you can follow the below steps:
-
Open Azure CLI and login to your Azure account using the command:
az login -
Once you are logged in, you need to select the subscription for which you want to remediate the misconfiguration using the command:
az account set --subscription <subscription-id>Replace<subscription-id>with the ID of the subscription you want to select. -
After selecting the subscription, you need to enable the monitoring of deprecated accounts by creating an activity log alert. To do this, run the following command:
az monitor activity-log alert create --name <alert-name> --description <alert-description> --condition category=ServiceHealth severity=warning --action email <email-address>Replace<alert-name>with the name of the alert you want to create,<alert-description>with the description of the alert, and<email-address>with the email address where you want to receive the alert notifications. -
Once the activity log alert is created, you need to enable it using the command:
az monitor activity-log alert update --name <alert-name> --enable trueReplace<alert-name>with the name of the alert you created in step 3. -
Finally, you can verify that the activity log alert is enabled by running the following command:
az monitor activity-log alert show --name <alert-name>Replace<alert-name>with the name of the alert you created in step 3.
Using Python
Using Python
To remediate the misconfiguration “Enable Monitoring of Deprecated Accounts” for AZURE using Python, you can follow these steps:These steps will enable monitoring of deprecated accounts in Azure and send alerts to the specified action group when any deprecated accounts are detected.
- Import the necessary libraries:
- Set the credentials to access the Azure account:
- Instantiate the
MonitorManagementClientobject:
- Get the list of action groups:
- Check if there is an action group named “Deprecated Accounts” in the list. If it does not exist, create it:
- Once the action group is created, you can set up the alert rule to monitor the deprecated accounts:
- Finally, you can verify that the alert rule is set up correctly by checking the Azure portal or by running the following command: