More Info:
Enable security alert emails to subscription owners.Risk Level
MediumAddress
Operational Maturity, SecurityCompliance Standards
CISAZURE, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Ensure Security Alert Emails Set To Subscription Owners” in Azure using the Azure console, follow the below steps:
- Log in to the Azure portal (https://portal.azure.com/).
- Navigate to the Security Center by clicking on the “Security Center” icon in the left-hand menu.
- In the Security Center, click on the “Security policy” tab in the left-hand menu.
- In the Security policy tab, click on the “Edit” button to edit the security policy.
- Scroll down to the “Email notification settings” section and ensure that the “Send email notifications to subscription owners” option is enabled.
- If the option is not enabled, click on the toggle switch to enable it.
- Once enabled, click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration “Ensure Security Alert Emails Set To Subscription Owners” for Azure using Azure CLI, follow these steps:
- Open the Azure CLI command prompt.
-
Run the following command to set the security alert email to the subscription owner:
Replace
{alert_name}
with the name of the security alert that you want to update, and{resource_group_name}
with the name of the resource group that contains the alert. -
Verify that the security alert email has been set to the subscription owner by running the following command:
This command will display the details of the security alert, including the email settings.
Using Python
Using Python
To remediate the misconfiguration “Ensure Security Alert Emails Set To Subscription Owners” for Azure using Python, you can use the Azure Python SDK to programmatically configure security alerts.Here are the step-by-step instructions to remediate this misconfiguration:This code creates a new action group with an email receiver for the subscription owner’s email address, and then updates the default security alert action group to use the new action group.Make sure to replace the placeholders in the code with your own values before running it.
- Install the Azure Python SDK by running the following command:
- Authenticate with Azure by creating a Service Principal. You can follow the instructions in this Microsoft documentation to create a Service Principal: https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate?tabs=cmd#create-a-service-principal
- Once authenticated, you can use the following Python code to configure security alerts to be sent to subscription owners: