Ensure Vulnerability Assessment Setting To Send Email Notifications To Admins And Subscription Owners Is Set

More Info:

Enable Vulnerability Assessment (VA) setting Also send email notifications to admins and subscription owners

Risk Level

Medium

Address

Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

Using Python

To remediate the misconfiguration “Ensure Vulnerability Assessment Setting To Send Email Notifications To Admins And Subscription Owners Is Set” for Azure using Python, follow the below steps:

Import the required libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.security import SecurityCenter
from azure.mgmt.security.models import SecurityAssessmentMetadata, SecurityAssessmentStatus, EmailNotificationSubscription

Authenticate to Azure using the DefaultAzureCredential:

credential = DefaultAzureCredential()
security_center_client = SecurityCenter(credential, "your_subscription_id")

Get the current email notification settings:

email_notification_settings = security_center_client.settings.get("emailNotificationSettings")

Check if the email notification settings are configured to send notifications to admins and subscription owners:

if email_notification_settings.send_to_admins_and_subscription_owners is False:
    email_notification_settings.send_to_admins_and_subscription_owners = True
    security_center_client.settings.create_or_update("emailNotificationSettings", email_notification_settings)

Create a new email notification subscription:

email_notification_subscription = EmailNotificationSubscription(
    name="Your Subscription Name",
    email_addresses=["[email protected]", "[email protected]"],
    assessment_metadata=SecurityAssessmentMetadata(
        display_name="Security Assessment",
        description="This email notification is sent when a new security assessment is available.",
        severity="High"
    ),
    status=SecurityAssessmentStatus(
        new_assessment=True,
        updated_assessment=True,
        resolved_assessment=True
    )
)

security_center_client.notifications.create_email_subscription(email_notification_subscription)

Verify that the email notification subscription was created successfully:

email_notification_subscriptions = security_center_client.notifications.list_email_subscriptions()
for subscription in email_notification_subscriptions:
    print(subscription.name)

By following these steps, you can remediate the misconfiguration “Ensure Vulnerability Assessment Setting To Send Email Notifications To Admins And Subscription Owners Is Set” for Azure using Python.

Additional Reading:

https://docs.microsoft.com/en-us/azure/sql-database/sql-vulnerability-assessment

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Ensure Vulnerability Assessment Setting To Send Email Notifications To Admins And Subscription Owners Is Set

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: