standard
turbot/azure_cis
Get Involved
Version
Pipeline: 3.1.8.1 Ensure That Microsoft Defender for Key Vault Is Set To 'On'
Description
Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.
Enabling Microsoft Defender for Key Vault allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud. - Under
Management, selectEnvironment Settings. - Click on the subscription name.
- Select the
Defender plansblade. - Select
OnunderStatusforKey Vault. - Select
Save.
From Azure CLI
Enable Standard pricing tier for Key Vault:
az security pricing create -n 'KeyVaults' --tier 'Standard'From Powershell
Enable Standard pricing tier for Key Vault:
Set-AzSecurityPricing -Name 'KeyVaults' -PricingTier 'Standard'Default Value
By default, Microsoft Defender plan is off.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_3_1_8_1Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_3_1_8_1 }Params
| Name | Type | Required | Description | Default |
|---|---|---|---|---|
| database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
| notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
| notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
| approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v3.0.0/3 Security/3.1 Microsoft Defender for Cloud/3.1.8 Defender Plan: Key Vault