Pipeline: 3.1.10 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
Description
Ensure that the latest OS patches for all virtual machines are applied.
Windows and Linux virtual machines should be kept updated to:
- Address a specific bug or flaw
- Improve an OS or application’s general stability
- Fix a security vulnerability
Microsoft Defender for Cloud retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. The security center also checks for the latest updates in Linux systems. If a VM is missing a system update, the security center will recommend system updates be applied.
Remediation
Follow Microsoft Azure documentation to apply security patches from the security center. Alternatively, you can employ your own patch assessment and management tool to periodically assess, report, and install the required security patches for your OS.
Default Value
By default, patches are not automatically deployed.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_3_1_10Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_3_1_10 }Params
| Name | Type | Required | Description | Default |
|---|---|---|---|---|
| database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
| notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
| notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
| approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.