standard
turbot/azure_cis
Get Involved
Version
Pipeline: 3.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On'
Description
File Integrity Monitoring (FIM) is a feature that monitors critical system files in Windows or Linux for potential signs of attack or compromise.
FIM provides a detection mechanism for compromised files. When FIM is enabled, critical system files are monitored for changes that might indicate a threat actor is attempting to modify system files for lateral compromise within a host operating system.
Remediation
From Azure Portal
- From the Azure Portal
Homepage, selectMicrosoft Defender for Cloud. - Under
ManagementselectEnvironment Settings. - Select a subscription.
- Under
Settings>Defender Plans, clickSettings & monitoring. - Under the Component column, locate the row for
File Integrity Monitoring. - Select
On. - Click
Continuein the top left.
Repeat the above for any additional subscriptions.
Default Value
By default, File Integrity Monitoring is Off.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_3_1_3_5Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_3_1_3_5 }Params
| Name | Type | Required | Description | Default |
|---|---|---|---|---|
| database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
| notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
| notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
| approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v3.0.0/3 Security/3.1 Microsoft Defender for Cloud/3.1.3 Defender Plan: Servers