standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers with Azure Defender disabled for Key Vault

Detect Security Centers with Azure Defender disabled for Key Vault and then enable Azure Defender for Key Vault.

Query

select
concat(sc.id, ' [', '/', sc.subscription_id, ']') as title,
sc.id as id,
sc.name,
sc.subscription_id,
sc._ctx ->> 'connection_name' as conn
from
azure_security_center_subscription_pricing as sc,
azure_subscription as sub
where
sc.pricing_tier != 'Standard'
and sc.name = 'KeyVaults'
and sub.subscription_id = sc.subscription_id;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter