standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers with Azure Defender disabled for Server

Detect Security Centers with Azure Defender disabled for Server and then enable Azure Defender for Server.

Query

select
concat(sc.id, ' [', '/', sc.subscription_id, ']') as title,
sc.id as id,
sc.name,
sc.subscription_id,
sc._ctx ->> 'connection_name' as conn
from
azure_security_center_subscription_pricing as sc,
azure_subscription as sub
where
sc.pricing_tier != 'Standard'
and sc.name = 'VirtualMachines'
and sub.subscription_id = sc.subscription_id;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter