More Info:

Set Send Me Email About Alerts to On.

Risk Level

Low

Address

Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for Azure using Azure console, follow the below steps:
  1. Log in to Azure portal (https://portal.azure.com/)
  2. Navigate to the Security Center by clicking on the Security Center icon from the left-hand side menu.
  3. In the Security Center, click on the “Security policy” option from the left-hand side menu.
  4. Scroll down to the “Email notifications” section and click on the “Edit settings” button.
  5. In the “Email notifications” section, you will see the option “Send email to security contact on alert” which is turned off by default. To remediate this misconfiguration, turn on this option by clicking on the toggle button.
  6. Once you have turned on the “Send email to security contact on alert” option, click on the “Save” button to save the changes.
  7. After saving the changes, Azure will send an email to the security contact on alert whenever an alert is triggered.
By following these steps, you will be able to remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for Azure using the Azure console.

To remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for Azure using Azure CLI, you can follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command:
az login
Step 2: Once you are logged in, set the correct subscription using the command:
az account set --subscription <subscription_id>
Step 3: Check the current status of the “Send email to security contact on alert” setting using the command:
az monitor security-alert list -g <resource_group_name> --query "[].properties.sendEmailNotification"
Step 4: If the setting is set to “false”, then update the setting to “true” using the command:
az monitor security-alert update -g <resource_group_name> --name <security_alert_name> --email <security_contact_email> --status-code Enabled
Note: Replace the <resource_group_name>, <security_alert_name> and <security_contact_email> with the actual values.Step 5: Verify the updated setting using the command:
az monitor security-alert list -g <resource_group_name> --query "[].properties.sendEmailNotification"
After following the above steps, the misconfiguration “Sending Email to Security Contact on Alert Is Off” will be remediated for Azure using Azure CLI.
To remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for AZURE using Python, you can follow these steps:
  1. Import the necessary libraries:
import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import ActionGroup, EmailReceiver
  1. Set the credentials and subscription ID:
credential = DefaultAzureCredential()
subscription_id = 'your-subscription-id'
  1. Initialize the MonitorManagementClient:
monitor_client = MonitorManagementClient(credential, subscription_id)
  1. Get the existing action groups:
action_groups = monitor_client.action_groups.list()
  1. Check if the action group for sending email to security contact on alert exists, if not create it:
for group in action_groups:
    if group.name == 'security-contact':
        break
else:
    email_receiver = EmailReceiver(name='security-contact-email', email_address='[email protected]')
    action_group = ActionGroup(
        group_short_name='security-contact',
        enabled=True,
        receivers=[email_receiver],
        severity_filter='High, Critical'
    )
    monitor_client.action_groups.create_or_update(group_name='security-contact', parameters=action_group)
  1. Enable the action group:
monitor_client.action_groups.enable(group_name='security-contact')
  1. Verify that the action group is enabled:
action_group = monitor_client.action_groups.get(group_name='security-contact')
if action_group.enabled:
    print('Action group is enabled')
else:
    print('Action group is not enabled')
By following these steps, you can remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for AZURE using Python.