Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured

More Info:

Configure ‘Send scan reports to’ with email ids of concerned data owners/stakeholders for a critical SQL servers.

Risk Level

Medium

Address

Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured” for AZURE using AZURE CLI, follow the steps below:

Open the Azure CLI in your terminal or command prompt.
Login to your Azure account using the command “az login”.
Once you are logged in, run the following command to set the “sendScanReportTo” property to a valid email address:
```
az sql vm group update --name <resource-group-name> --sql-management --send-scan-report-to <email-address>
```
Replace <resource-group-name> with the name of the resource group where your SQL Server virtual machine is located and <email-address> with a valid email address where you want to receive the scan reports.
After running the command, the “sendScanReportTo” property will be set and the vulnerability assessment scan reports will be sent to the specified email address.

By following these steps, you can remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured” for AZURE using AZURE CLI.

Using Python

To remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured” for Azure using python, you can follow the below steps:

Import the necessary libraries:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.security import SecurityCenter
from azure.mgmt.security.models import SecurityAssessmentMetadata

Authenticate and create a client object:

credentials = ServicePrincipalCredentials(client_id=<client_id>,
                                          secret=<client_secret>,
                                          tenant=<tenant_id>)

security_center_client = SecurityCenter(credentials, <subscription_id>)

Retrieve the assessment metadata for the specific subscription:

assessment_metadata = security_center_client.assessment_metadata.get(<subscription_id>, "vulnerabilityAssessmentSettings")

Check if the “sendScanReportsTo” property is configured:

if assessment_metadata.send_scan_reports_to is None:
    assessment_metadata.send_scan_reports_to = "<email_address>"

Update the assessment metadata:

security_center_client.assessment_metadata.create_or_update(<subscription_id>, "vulnerabilityAssessmentSettings", assessment_metadata)

By following these steps, you can remediate the misconfiguration “Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured” for Azure using python.

Additional Reading:

https://docs.microsoft.com/en-us/azure/sql-database/sql-vulnerability-assessment

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Ensure That Vulnerability Assessment Setting Send Scan Reports To Is Configured

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: