Resource Type: Azure > Security Center > Security Center
Security Center in Azure Security Center
Resource Context
Security Center is a part of the Security Center service.
Each Security Center lives under a Subscription.
Controls
The primary controls for Azure > Security Center > Security Center are:
It is also targeted by these controls:
- Azure > CIS v1 > 2 Security Center > 2.01 Ensure that standard pricing tier is selected (Scored)
- Azure > CIS v1 > 2 Security Center > 2.02 Ensure that "Automatic provisioning of monitoring agent" is set to "On" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.03 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.04 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.05 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.06 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.07 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.08 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.09 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.16 Ensure that 'Security contact emails' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.17 Ensure that security contact 'Phone number' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' (Scored)
- Azure > CIS v1 > 2 Security Center > 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' (Scored)
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/azure-securitycenter#/resource/types/securityCenter
- tmod:@turbot/turbot#/resource/categories/security
- turbot graphql resource --id "tmod:@turbot/azure-securitycenter#/resource/types/securityCenter"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-securitycenter#/resource/types/securityCenter';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-securitycenter#/resource/types/securityCenter"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-securitycenter#/resource/types/securityCenter' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query