π Azure Subscription Security Alert Notifications for attack path with Critical severity are not configured π’
- Contextual name: π Security Alert Notifications for attack path with Critical severity is not configured π’
- ID:
/ce/ca/azure/subscription/security-alert-notifications-for-attack-paths-with-critical-severity - Located in: π Azure Subscription
Flagsβ
- π’ Impossible policy
- π’ Policy with categories
- π’ Policy with type
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Descriptionβ
Descriptionβ
Enables emailing attack paths to the subscription owner or other designated security contact.
Rationaleβ
Enabling attack path emails ensures that attack path emails are sent by Microsoft. This ensures that the right people are aware of any potential security issues and can mitigate the risk.
Impactβ
Enabling attack path emails can cause alert fatigue, increasing the risk of missing important alerts. Select an appropriate risk level to manage notifications. Azure aims to reduce alert fatigue by limiting the daily email volume per risk level. Learn more: https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications#email-frequency.
Auditβ
From Azure Portalβ
- From Azure Home select the Portal Menu.
- Select
Microsoft Defender for Cloud.- Under
Management, selectEnvironment settings.- Click on the appropriate Subscription.
- Click on
Email notifications.- Under Notification types, ensure that the box next to
Notify about attack paths with the following risk level (or higher)is checked, and an appropriate risk level is selected.... see more
Remediationβ
Remediationβ
From Azure Portalβ
- From Azure Home select the Portal Menu.
- Select
Microsoft Defender for Cloud.- Under
Management, selectEnvironment settings.- Click on the appropriate Subscription.
- Click on
Email notifications.- Under Notification types, check the box next to
Notify about attack paths with the following risk level (or higher), and select an appropriate risk level from the drop-down menu.- Repeat steps 1-6 for each Subscription.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS Azure v4.0.0 β πΌ 9.1.15 Ensure that 'Notify about attack paths with the following risk level (or higher)' is enabled (Automated) | 1 | |||
| πΌ Cloudaware Framework β πΌ Microsoft Defender Configuration | 26 |