Skip to content

Latest commit

 

History

History
134 lines (109 loc) · 7.14 KB

azure_security_center_policy.md

File metadata and controls

134 lines (109 loc) · 7.14 KB
Raw
title platform
About the azure_security_center_policy Resource
azure

azure_security_center_policy

Use the azure_security_center_policy InSpec audit resource to test properties and configuration of an Azure security policy.

Azure REST API version, endpoint and http client parameters

This resource interacts with api versions supported by the resource provider. The api_version can be defined as a resource parameter. If not provided, the latest version will be used. For more information, refer to azure_generic_resource.

Unless defined, azure_cloud global endpoint, and default values for the http client will be used. For more information, refer to the resource pack README.

Availability

Installation

This resource is available in the InSpec Azure resource pack. For an example inspec.yml file and how to set up your Azure credentials, refer to resource pack README.

Syntax

An azure_security_center_policy resource block will lookup the default policy unless resource_group and name or the resource_id parameter is given.

# The default security policy will be interrogated.
describe azure_security_center_policy do
  its('name') { should cmp 'default' }
end
describe azure_security_center_policy(resource_group: 'inspec-resource-group-9', name: 'example_policy') do
  it { should exist }
end
describe azure_security_center_policy(resource_id: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.Security/policies/{policy-name}') do
  it { should exist }
end

Parameters

Name Description
resource_group Azure resource group that the targeted resource resides in. MyResourceGroup
name Name of the security policy to test. policy-name
resource_id The unique resource ID. /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/microsoft.Security/policies/{policy-name}
default_policy_api_version* The endpoint api version for the default_policy property. The latest version will be used unless provided.
auto_provisioning_settings_api_version* The endpoint api version for the auto_provisioning_settings property. The latest version will be used unless provided.

* It will be ignored unless the default policy is tested.

Either one of the parameter sets can be provided for a valid query:

  • resource_id
  • resource_group and name
  • name: 'default': This is for backward compatibility. It is advised not to pass any parameters if the default security policy is tested.

Properties

Property Description
log_collection Indicates if the log collection is enabled (On, Off).
pricing_tier Cost/Feature Model under which the subscription is operating.
patch Indicates if patch scanner notifications are enabled (On, Off).
baseline Indicates if baseline scanner notifications are enabled (On, Off).
anti_malware Indicates if anti-malware protection task notifications are enabled (On, Off).
network_security_groups Indicates if network security group recommendations are enabled are enabled (On, Off).
web_application_firewall Indicates if WAF protection task notifications are enabled (On, Off).
vulnerability_assessment Indicates if vulnerability assessment recommendations are enabled (On, Off).
storage_encryption Indicates if storage encryption recommendations are enabled (On, Off).
just_in_time_network_access Indicates if just in time network access recommendations are enabled (On, Off).
app_whitelisting Indicates if app whitelisting recommendations are enabled (On, Off).
sql_auditing Indicates if sql auditing recommendations are enabled (On, Off).
sql_transparent_data_encryption Indicates if sql transparent data encryption recommendations are enabled (On, Off).
notifications_enabled Indicates if security alerts are emailed to the security contact (true, false).
send_security_email_to_admin Indicates if the subscription admin will receive security alerts (true, false).
contact_emails Contains a list of security email addresses.
contact_phone Contains the security contact phone number.
default_policy* This is the default set of policies monitored by Azure Security Center.
auto_provisioning_settings* This is the default auto provisioning setting for the subscription.

*Only applicable to the default security policy.

For properties applicable to all resources, such as type, name, id, properties, refer to azure_generic_resource.

Any attribute in the response may be accessed with the key names separated by dots (.), eg. properties.<attribute>.

Examples

Test If Log Collection is Enabled

describe azure_security_center_policy(resource_group: 'my-rg', name: 'my_policy') do
  its('log_collection') { should cmp 'On' }
end

Test If Notifications are Enabled

describe azure_security_center_policy(resource_group: 'my-rg', name: 'my_policy') do
  its('notifications_enabled') { should be true }
end

See integration tests for more examples.

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

have_auto_provisioning_enabled

Test if auto provisioning is enabled. This can be used via the default security policy only.

describe azure_security_center_policy do
  it { should have_auto_provisioning_enabled }
end

exists

# If we expect a resource to always exist
describe azure_security_center_policy(resource_group: 'my-rg', server_name: 'my_policy') do
  it { should exist }
end
# If we expect a resource to never exist
describe azure_security_center_policy(resource_group: 'my-rg', server_name: 'my_policy') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.