PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard
Azure
Check each Microsoft Defender for Cloud Pricing plan is Standard
Rule request
Any pricing plans deployed for Microsoft Defender for Cloud should use the Standard pricing tier.
Let's create individual rules for each pricing plan to allow customers to granularly suppress as required.
- [x]
Containers - [x]
VirtualMachines - [x]
SqlServers - [x]
AppServices - [x]
StorageAccounts - [x]
SqlServerVirtualMachines - [ ]
KeyVaults - [ ]
Dns - [ ]
Arm - [ ]
OpenSourceRelationalDatabases - [ ]
CosmosDbs
For example:
// Configures Azure Defender for Containers.
resource defenderForContainers 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Containers'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Virtual Machines.
resource defenderForVirtualMachines 'Microsoft.Security/pricings@2022-03-01' = {
name: 'VirtualMachines'
properties: {
pricingTier: 'Standard'
subPlan: 'P2'
}
}
// Configures Azure Defender for Sql Servers.
resource defenderForSqlServers 'Microsoft.Security/pricings@2022-03-01' = {
name: 'SqlServers'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for App Services.
resource defenderForAppServices 'Microsoft.Security/pricings@2022-03-01' = {
name: 'AppServices'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Storage Accounts.
resource defenderForStorageAccounts 'Microsoft.Security/pricings@2022-03-01' = {
name: 'StorageAccounts'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Sql Server Virtual Machines.
resource defenderForSqlServerVirtualMachines 'Microsoft.Security/pricings@2022-03-01' = {
name: 'SqlServerVirtualMachines'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Key Vaults.
resource defenderForKeyVaults 'Microsoft.Security/pricings@2022-03-01' = {
name: 'KeyVaults'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Dns.
resource defenderForDns 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Dns'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Arm.
resource defenderForArm 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Arm'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Open Source Relational Databases.
resource defenderForOpenSourceRelationalDatabases 'Microsoft.Security/pricings@2022-03-01' = {
name: 'OpenSourceRelationalDatabases'
properties: {
pricingTier: 'Standard'
}
}
// Configures Azure Defender for Cosmos Dbs.
resource defenderForCosmosDbs 'Microsoft.Security/pricings@2022-03-01' = {
name: 'CosmosDbs'
properties: {
pricingTier: 'Standard'
}
}
Initial batch of rules part of PR #1676
Remaining rules:
- KeyVaults
- Dns
- Arm
- OpenSourceRelationalDatabases
- CosmosDbs
Thanks @jdewisscher for your progress so far on this issue. Do you think in the next few weeks (so we can target completion for v1.21.0) you would complete the remaining rules or should we plan to reassign this issue.
Hello,
I am not sure if its 100% related to this but since Monday I began to face the issues with Azure.Defender rule. Basicity I am getting Azure.Defender rule failed with message stating that I have pricingTier set to 'Free'. Based on this rule source code I understand that it is expecting to find 'standard' but actually its already set to be 'standard'. Please see a screenshot with few error messages examples.
Also I am attaching a module and a parameters so it would be easier to replicate the issue.
Any ideas why PSrule could see pricingTier as 'Free' instead of 'standard' while using attached module and parameter file?
Hello, @BernieWhite did you had a chance to look into this issue?
@s1mb414 Thanks for the prompt. Sorry I lost track of this one. I've created a separate issue for tracking this bug. #1793
This one should be fairly easy since it is already partially implemented for a number of cases. Use the existing cases defined here https://github.com/Azure/PSRule.Rules.Azure/blob/main/src/PSRule.Rules.Azure/rules/Azure.Defender.Rule.yaml as a guide.