standard
turbot/azure_cis
Get Involved
Version
Pipeline: 3.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On'
Description
File Integrity Monitoring (FIM) is a feature that monitors critical system files in Windows or Linux for potential signs of attack or compromise.
FIM provides a detection mechanism for compromised files. When FIM is enabled, critical system files are monitored for changes that might indicate a threat actor is attempting to modify system files for lateral compromise within a host operating system.
Remediation
From Azure Portal
- From the Azure Portal
Home
page, selectMicrosoft Defender for Cloud
. - Under
Management
selectEnvironment Settings
. - Select a subscription.
- Under
Settings
>Defender Plans
, clickSettings & monitoring
. - Under the Component column, locate the row for
File Integrity Monitoring
. - Select
On
. - Click
Continue
in the top left.
Repeat the above for any additional subscriptions.
Default Value
By default, File Integrity Monitoring is Off
.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_3_1_3_5
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_3_1_3_5 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v3.0.0/3 Security/3.1 Microsoft Defender for Cloud/3.1.3 Defender Plan: Servers