< Back to rules searchAzure Security Center is configured to send email notifications about security alerts to subscription owners
Set up the azure.security integration.
Description
Enable security alert emails to subscription owners.
Rationale
Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can quickly mitigate security risks.
From the console
- Go to Security Center
- Click on Pricing and Settings
- Click on the appropriate Management Group, Subscription, or Workspace
- Click on Email notifications
- In the drop down of the All users with the following roles field, select Owner
- Click Save using the Azure Command Line Interface
- Use the below command to set Send email also to subscription owners:
get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c ''curl -X PUT -H "AuthorizationBearer $1" -H "Content-Typeapplication/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"
Where input.json
contains the request body JSON data as mentioned below. Replace validEmailAddress
with email IDs, CSV for multiple.
{ "id""/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", "name""default1", "type""Microsoft.Security/securityContacts", "properties"{ "email""<validEmailAddress>", "alertNotifications""On", "alertsToAdmins""On" } }
References
- https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
- https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list
- https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update
- https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-incident-response#ir-2-preparation--setup-incident-notification
Note: Excluding any of the entries in the recommendations block in input.json
disables the specific setting by default.
CIS Controls
Version 7 3 Continuous Vulnerability Management Storage Accounts: This section covers security recommendations to follow to set storage account policies on an Azure subscription. An Azure storage account provides a unique namespace to store and access Azure Storage data objects.