search

prancer-io / prancer-compliance-test

This repository includes cloud security policies for IaC and live resources.
https://www.prancer.io
39 stars 11 forks source link

Terraform: Add prancer policies for Microsoft defender for cloud #555

Closed rezoan closed 1 year ago

rezoan commented 1 year ago

Test output:

2023-06-21 20:52:05,628 - SNAPSHOTS COMPLETE:
2023-06-21 20:52:05,937 -   TESTID: PR-AZR-TRF-MDC-001
2023-06-21 20:52:05,938 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG44
2023-06-21 20:52:05,939 -       PATHS: 
2023-06-21 20:52:05,940 -            /azure/securitycenterpricing/terraform.tfvars
2023-06-21 20:52:05,940 -            /azure/securitycenterpricing/vars.tf
2023-06-21 20:52:05,940 -            /azure/securitycenterpricing/provider.tf
2023-06-21 20:52:05,940 -            /azure/securitycenterpricing/main.tf
2023-06-21 20:52:05,941 -       TITLE: Azure Microsoft Defender for Cloud Defender plans should be set to On
2023-06-21 20:52:05,941 -       DESCRIPTION: This policy identifies Azure Microsoft Defender for Cloud which has a Defender setting set to Off. Enabling Azure Defender provides advanced security capabilities like providing threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. It is highly recommended to enable Azure Defender for all Azure services.
2023-06-21 20:52:05,942 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:05,942 -       ERROR: Azure Microsoft Defender for Cloud Defender plans is currently not set to On
2023-06-21 20:52:05,942 -       REMEDIATION: In 'azurerm_security_center_subscription_pricing' resource, make sure 'tier' has value 'Standard' to fix the issue. Please visit <a href='https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing#tier' target='_blank'>here</a> for details.
2023-06-21 20:52:05,943 -       RESULT: failed
2023-06-21 20:52:07,018 -   TESTID: PR-AZR-TRF-MDC-006
2023-06-21 20:52:07,020 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG44
2023-06-21 20:52:07,020 -       PATHS: 
2023-06-21 20:52:07,022 -            /azure/securitycenterpricing/terraform.tfvars
2023-06-21 20:52:07,022 -            /azure/securitycenterpricing/vars.tf
2023-06-21 20:52:07,022 -            /azure/securitycenterpricing/provider.tf
2023-06-21 20:52:07,023 -            /azure/securitycenterpricing/main.tf
2023-06-21 20:52:07,024 -       TITLE: Azure Microsoft Defender for Cloud should be set to On for VMs
2023-06-21 20:52:07,025 -       DESCRIPTION: This policy identifies Azure Microsoft Defender for Cloud (previously known as Azure Security Center and Azure Defender) which has defender setting for Azure VM is set to Off. Enabling Microsoft Defender for Cloud provides the tools needed to harden your resources, track your security posture, protect against cyberattacks, and streamline security management. It is highly recommended to enable Microsoft Defender for Azure VM.
2023-06-21 20:52:07,026 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:07,026 -       ERROR: Azure Microsoft Defender for Cloud is currently not set to On for VMs
2023-06-21 20:52:07,026 -       REMEDIATION: In 'azurerm_security_center_subscription_pricing' resource, make sure 'tier' has value 'Standard' for 'resource_type=VirtualMachines' to fix the issue. Please visit <a href='https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing#tier' target='_blank'>here</a> for details.
2023-06-21 20:52:07,027 -       RESULT: failed
2023-06-21 20:52:07,728 -   TESTID: PR-AZR-TRF-MDC-009
2023-06-21 20:52:07,732 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG64
2023-06-21 20:52:07,732 -       PATHS: 
2023-06-21 20:52:07,733 -            /azure/securitycentersettings/terraform.tfvars
2023-06-21 20:52:07,733 -            /azure/securitycentersettings/vars.tf
2023-06-21 20:52:07,733 -            /azure/securitycentersettings/provider.tf
2023-06-21 20:52:07,733 -            /azure/securitycentersettings/main.tf
2023-06-21 20:52:07,733 -       TITLE: Azure Microsoft Defender for Cloud MCAS integration should be enabled
2023-06-21 20:52:07,733 -       DESCRIPTION: This policy identifies Azure Microsoft Defender for Cloud (previously known as Azure Security Center and Azure Defender) which has Microsoft Defender for Cloud Apps (MCAS) integration disabled. Enabling Microsoft Defender for Cloud provides the tools needed to harden your resources, track your security posture, protect against cyberattacks, and streamline security management. It is highly recommended to enable Microsoft Defender for MCAS.
2023-06-21 20:52:07,733 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:07,734 -       ERROR: Azure Microsoft Defender for Cloud MCAS integration is currently not enabled
2023-06-21 20:52:07,734 -       REMEDIATION: In 'azurerm_security_center_setting' resource, make sure property 'enabled' has value 'true' for 'setting_name=MCAS' to fix the issue. Please visit <a href='https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting#setting_name' target='_blank'>here</a> for details.
2023-06-21 20:52:07,734 -       RESULT: failed
2023-06-21 20:52:07,993 -   TESTID: PR-AZR-TRF-MDC-010
2023-06-21 20:52:07,994 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG64
2023-06-21 20:52:07,995 -       PATHS: 
2023-06-21 20:52:07,995 -            /azure/securitycentersettings/terraform.tfvars
2023-06-21 20:52:07,996 -            /azure/securitycentersettings/vars.tf
2023-06-21 20:52:07,996 -            /azure/securitycentersettings/provider.tf
2023-06-21 20:52:07,996 -            /azure/securitycentersettings/main.tf
2023-06-21 20:52:07,996 -       TITLE: Azure Microsoft Defender for Cloud WDATP integration should be enabled
2023-06-21 20:52:07,996 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:07,997 -       RESULT: passed
2023-06-21 20:52:08,310 -   TESTID: PR-AZR-TRF-MDC-011
2023-06-21 20:52:08,311 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG47
2023-06-21 20:52:08,312 -       PATHS: 
2023-06-21 20:52:08,312 -            /azure/securitycenterautoprovisioning/terraform.tfvars
2023-06-21 20:52:08,312 -            /azure/securitycenterautoprovisioning/vars.tf
2023-06-21 20:52:08,313 -            /azure/securitycenterautoprovisioning/provider.tf
2023-06-21 20:52:08,313 -            /azure/securitycenterautoprovisioning/main.tf
2023-06-21 20:52:08,313 -       TITLE: Azure Microsoft Defender for Cloud automatic provisioning of log Analytics agent for Azure VMs should be turned on
2023-06-21 20:52:08,313 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:08,314 -       RESULT: passed
2023-06-21 20:52:08,558 -   TESTID: PR-AZR-TRF-MDC-012
2023-06-21 20:52:08,559 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG63
2023-06-21 20:52:08,559 -       PATHS: 
2023-06-21 20:52:08,559 -            /azure/securitycentercontact/terraform.tfvars
2023-06-21 20:52:08,559 -            /azure/securitycentercontact/vars.tf
2023-06-21 20:52:08,559 -            /azure/securitycentercontact/provider.tf
2023-06-21 20:52:08,559 -            /azure/securitycentercontact/main.tf
2023-06-21 20:52:08,559 -       TITLE: Azure Microsoft Defender for Cloud security alert email notifications should be set to On
2023-06-21 20:52:08,560 -       DESCRIPTION: This policy identifies the Azure Microsoft Defender for Cloud (previously known as Azure Security Center and Azure Defender) which have not set security alert email notifications. Enabling security alert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.
2023-06-21 20:52:08,560 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:08,560 -       ERROR: Azure Microsoft Defender for Cloud security alert email notifications currently not set to On
2023-06-21 20:52:08,560 -       REMEDIATION: In 'azurerm_security_center_contact' resource, make sure property 'email' has valid email address and 'alert_notifications' has value 'true' to fix the issue. Please visit <a href='https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#alert_notifications' target='_blank'>here</a> for details.
2023-06-21 20:52:08,560 -       RESULT: failed
2023-06-21 20:52:08,713 -   TESTID: PR-AZR-TRF-MDC-013
2023-06-21 20:52:08,714 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG63
2023-06-21 20:52:08,714 -       PATHS: 
2023-06-21 20:52:08,715 -            /azure/securitycentercontact/terraform.tfvars
2023-06-21 20:52:08,715 -            /azure/securitycentercontact/vars.tf
2023-06-21 20:52:08,716 -            /azure/securitycentercontact/provider.tf
2023-06-21 20:52:08,716 -            /azure/securitycentercontact/main.tf
2023-06-21 20:52:08,716 -       TITLE: Azure Microsoft Defender for Cloud email notification for subscription owner should be set to On
2023-06-21 20:52:08,717 -       DESCRIPTION: This policy identifies the Azure Microsoft Defender for Cloud (previously known as Azure Security Center and Azure Defender) in which email notification for subscription owners is not set. Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.
2023-06-21 20:52:08,717 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:08,717 -       ERROR: Azure Microsoft Defender for Cloud security alert email notifications for subscription owner currently not set to On
2023-06-21 20:52:08,717 -       REMEDIATION: In 'azurerm_security_center_contact' resource, make sure property 'email' has valid email address and 'alerts_to_admins' has value 'true' to fix the issue. Please visit <a href='https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#alerts_to_admins' target='_blank'>here</a> for details.
2023-06-21 20:52:08,718 -       RESULT: failed
2023-06-21 20:52:08,957 -   TESTID: PR-AZR-TRF-MDC-014
2023-06-21 20:52:08,957 -       SNAPSHOTID: TRF_TEMPLATE_SNAPSHOTHZPDG63
2023-06-21 20:52:08,957 -       PATHS: 
2023-06-21 20:52:08,958 -            /azure/securitycentercontact/terraform.tfvars
2023-06-21 20:52:08,958 -            /azure/securitycentercontact/vars.tf
2023-06-21 20:52:08,958 -            /azure/securitycentercontact/provider.tf
2023-06-21 20:52:08,958 -            /azure/securitycentercontact/main.tf
2023-06-21 20:52:08,958 -       TITLE: Azure Microsoft Defender for Cloud security contact additional email should be set
2023-06-21 20:52:08,958 -       RULE: file(ms_defender_for_cloud.rego)
2023-06-21 20:52:08,958 -       RESULT: passed
2023-06-21 20:52:08,962 - VALIDATION COMPLETE:
2023-06-21 20:52:08,992 -  Run Stats: {
  "start": "2023-06-21 20:50:01",
  "end": "2023-06-21 20:52:08",
  "remote": false,
  "errors": [],
  "host": "ubuntu",
  "timestamp": "2023-06-21 20:50:01",
  "jsonsource": false,
  "database": 0,
  "container": "scenario-terraform-azure",
  "INCLUDESNAPSHOTS": false,
  "SNAPHSHOTIDS": [],
  "INCLUDETESTS": true,
  "TESTIDS": [
    "PR-AZR-TRF-MDC-001",
    "PR-AZR-TRF-MDC-002",
    "PR-AZR-TRF-MDC-003",
    "PR-AZR-TRF-MDC-004",
    "PR-AZR-TRF-MDC-005",
    "PR-AZR-TRF-MDC-006",
    "PR-AZR-TRF-MDC-007",
    "PR-AZR-TRF-MDC-008",
    "PR-AZR-TRF-MDC-009",
    "PR-AZR-TRF-MDC-010",
    "PR-AZR-TRF-MDC-011",
    "PR-AZR-TRF-MDC-012",
    "PR-AZR-TRF-MDC-013",
    "PR-AZR-TRF-MDC-014"
  ],
  "ONLYSNAPSHOTS": false,
  "ONLYSNAPSHOTIDS": [],
  "session_id": "session_1687431001713",
  "run_type": "CRAWL_AND_COMPLIANCE",
  "log": null,
  "duration": "127 seconds"
}