standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers with Azure Defender disabled for Resource Manager

Detect Security Centers with Azure Defender disabled for Resource Manager and then enable Azure Defender for Resource Manager.

Query

select
concat(sc.id, ' [', '/', sc.subscription_id, ']') as title,
sc.id as id,
sc.name,
sc.subscription_id,
sc._ctx ->> 'connection_name' as conn
from
azure_security_center_subscription_pricing as sc,
azure_subscription as sub
where
sc.pricing_tier != 'Standard'
and sc.name = 'Arm'
and sub.subscription_id = sc.subscription_id;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter