Prowler HUB

Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'

defender_auto_provisioning_vulnerabilty_assessments_machines_on

Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.

Risk

Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.

Run this check with Prowler CLI

prowler azure --checks defender_auto_provisioning_vulnerabilty_assessments_machines_on

Run in Prowler Cloud

Recommendation

From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Then Environment Settings. 4. Select a subscription. 5. Click on Settings & Monitoring. 6. Ensure that Vulnerability assessment for machines is set to On. Repeat this for any additional subscriptions.

Remediation

Other

https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/automatic-provisioning-vulnerability-assessment-machines.html

Source Code

Resource Type

AzureDefenderPlan

References

https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-va

Check MetadataEdit

Check CodeEdit