standard
turbot/azure_compliance

Trigger: Detect & correct Security Center settings without MCAS integration

Detect Security Center settings without MCAS integration.

Query

select
concat(sc_sett.id, ' [', sc_sett.subscription_id, ']') as title,
sc_sett.subscription_id,
sc_sett._ctx ->> 'connection_name' as conn,
enabled
from
azure_security_center_setting sc_sett
right join azure_subscription sub on sc_sett.subscription_id = sub.subscription_id
where
name = 'MCAS'
and (
not enabled
or enabled is null
);

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter