Provider Id Version

Azure azr-001-003 1.1.0

Azure azr-001-023 1.1.0
Azure azr-002-001 1.1.0
Azure azr-002-002 1.1.0
Azure azr-002-003 1.1.0
Azure azr-002-004 1.1.0
Azure azr-002-005 1.1.0
Azure azr-002-006 1.1.0
Azure azr-002-007 1.1.0
Azure azr-002-008 1.1.0
Azure azr-002-009 1.1.0
Azure azr-002-010 1.1.0
Azure azr-002-011 1.1.0
Azure azr-002-012 1.1.0
Azure azr-002-013 1.1.0
Azure azr-002-014 1.1.0
Azure azr-002-015 1.1.0
Azure azr-002-016 1.1.0
Azure azr-002-017 1.1.0
Azure azr-002-018 1.1.0
Azure azr-002-019 1.1.0
Azure azr-003-001 1.1.0
Azure azr-003-002 1.1.0
Azure azr-003-003 1.1.0
Azure azr-003-006 1.1.0
Azure azr-003-007 1.1.0
Azure azr-003-008 1.1.0
Azure azr-004-001 1.1.0
Azure azr-004-002 1.1.0
Azure azr-004-003 1.1.0
Azure azr-004-004 1.1.0
Azure azr-004-005 1.1.0
Azure azr-004-006 1.1.0
Azure azr-004-007 1.1.0
Azure azr-004-008 1.1.0
Azure azr-004-009 1.1.0
Azure azr-004-010 1.1.0
Azure azr-004-011 1.1.0
Azure azr-004-012 1.1.0
Azure azr-004-013 1.1.0
Azure azr-004-014 1.1.0
Azure azr-004-015 1.1.0
Azure azr-004-016 1.1.0
Azure azr-004-017 1.1.0
Azure azr-004-018 1.1.0
Azure azr-005-101 1.1.0
Azure azr-005-102 1.1.0
Azure azr-005-103 1.1.0
Azure azr-005-104 1.1.0
Azure azr-005-105 1.1.0
Azure azr-005-106 1.1.0
Azure azr-005-107 1.1.0
Azure azr-005-201 1.1.0
Azure azr-005-202 1.1.0
Azure azr-005-203 1.1.0
Azure azr-005-204 1.1.0
Azure azr-005-205 1.1.0
Azure azr-005-206 1.1.0
Azure azr-005-207 1.1.0
Azure azr-005-208 1.1.0
Azure azr-005-209 1.1.0
Azure azr-006-001 1.1.0
Azure azr-006-002 1.1.0
Azure azr-006-003 1.1.0
Azure azr-006-004 1.1.0
Azure azr-006-005 1.1.0
Azure azr-007-001 1.1.0
Azure azr-007-002 1.1.0
Azure azr-007-003 1.1.0
Azure azr-007-006 1.1.0
Azure azr-008-001 1.1.0
Azure azr-008-002 1.1.0
Azure azr-008-003 1.1.0
Azure azr-008-004 1.1.0
Azure azr-008-005 1.1.0
Azure azr-009-001 1.1.0
Azure azr-009-002 1.1.0
Azure azr-009-003 1.1.0
Azure azr-009-004 1.1.0
Azure azr-009-005 1.1.0
Azure azr-009-006 1.1.0
Azure azr-009-007 1.1.0
Azure azr-009-008 1.1.0
Azure azr-009-009 1.1.0
Azure azr-009-010 1.1.0
Azure azr-100-001 1.1.0
Azure azr-100-002 1.1.0
Azure azr-100-003 1.1.0
Azure azr-100-004 1.1.0
Azure azr-100-005 1.1.0
Azure azr-100-006 1.1.0
Azure azr-100-007 1.1.0
Azure azr-100-008 1.1.0
Azure azr-100-009 1.1.0
Azure azr-100-010 1.1.0
Azure azr-100-011 1.1.0
Azure azr-100-012 1.1.0
Azure azr-100-013 1.1.0
Azure azr-100-014 1.1.0
Azure azr-100-015 1.1.0
Azure azr-100-016 1.1.0
Azure azr-100-017 1.1.0
Azure azr-100-018 1.1.0
Azure azr-100-019 1.0.0
Azure azr-100-020 1.0.0
Azure azr-100-021 1.1.0
Azure azr-100-022 1.1.0
Azure azr-100-023 1.1.0
Azure azr-100-024 1.1.0
Azure azr-100-025 1.1.0
Azure azr-100-026 1.1.0
Azure azr-100-027 1.1.0
Azure azr-100-028 1.1.0
Azure azr-100-029 1.1.0
Azure azr-100-030 1.1.0
Azure azr-100-031 1.1.0
Azure azr-100-032 1.1.0
Azure azr-100-033 1.1.0
Azure azr-100-034 1.1.0
Azure azr-100-035 1.1.0
Azure azr-200-001 1.1.0
Name
Ensure there are no guest users configured in Azure AD
Ensure custom owner roles are not created for Azure Subscriptions
Ensure that standard pricing tier is selected for Azure Security Center (ASC)
Ensure 'Automatic provisioning of monitoring agent' is set to 'On' in Azure Security Center (ASC)
Ensure Azure Security Center (ASC) default policy setting 'Monitor System Updates' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor OS Vulnerabilities' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor Endpoint Protection' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor Disk Encryption' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor Network Security Groups' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor Web Application Firewall' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Enable Next Generation Firewall(NGFW) Monitoring' is not 'Disabled
Ensure Azure Security Center (ASC) default policy setting 'Monitor Vulnerability Assessment' is not 'Disabled'
Ensure Azure Security Centeer (ASC) Default policy setting 'Monitor Storage Blob Encryption' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor JIT Network Access' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor Adaptive Application Whitelisting' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor SQL Auditing' is not 'Disabled'
Ensure Azure Security Center (ASC) default policy setting 'Monitor SQL Encryption' is not 'Disabled'
Set 'Security contact emails' in Azure Security Center (ASC)
Ensure security contact 'Phone number' is set in Azure Security Center (ASC)
Ensure that 'Send email notification for high severity alerts' is set to 'On' in Azure Security Center (ASC)
Ensure that 'Send email also to subscription owners' is set to 'On' in Azure Security Center (ASC)
Ensure that 'Secure transfer required' is set to 'Enabled' for Azure Storage Accounts
Ensure that Azure Storage Account access keys are periodically regenerated
Ensure 'Storage Logging' is enabled for read, write, and delete requests to Azure Storage Accounts
Ensure that 'Public access level' is set to Private for blob containers in Azure Storage Accounts
Restrict network access for Azure Storage Accounts with default 'deny' rule
Ensure 'Trusted Microsoft Services' is enabled for Azure Storage Account access
Ensure Azure SQL Server 'Auditing' is set to 'On'
Ensure Azure SQL Server 'auditing' policy includes critical activities via 'AuditActionGroups'
Ensure Azure SQL Server 'Auditing' retention is set to desired number of days
Ensure Azure SQL Servers set 'Advanced Data Security' to 'On'
Enable all 'Threat Detection Types' for Azure SQL Servers
Provide contact info to which Azure SQL Servers will 'Send alerts to'
Ensure Azure SQL Servers enable alerts for 'Email service and co-administrators'
Specify an Azure Active Directory Authentication admin user for each Azure SQL Server
Ensure that 'Data encryption' is set to 'On' for each Azure SQL Database
Use BYOK (Bring your own key) to encrypt TDE protector for Azure SQL Server
Encrypt data-in-transit for Azure MySQL Database Servers with 'Enforce SSL connection' config
Ensure Azure PostgreSQL Database Server parameter 'log_checkpoints' is set to 'ON'
Encrypt data-in-transit for Azure PostgreSQL Database Servers by setting 'Enforce SSL connection' to 'ENABLED'
Azure PostgreSQL Database Servers should set 'log_connections' to 'ON'
Ensure server parameter 'log_disconnections' is set to 'ON' for Azure PostgreSQL Database Servers
Ensure server parameter 'log_duration' is set to 'ON' for Azure PostgreSQL Database Servers
Ensure server parameter 'connection_throttling' is set to 'ON' for Azure PostgreSQL Database Servers
Ensure Azure PostgreSQL Database Servers set 'log_retention_days' to desired number of days
Ensure that a Log Profile exists
Ensure that Activity Log Retention is set
Ensure audit profile captures all the activities
Ensure the log profile captures activity logs for all regions including global
Ensure the storage container storing the activity logs is not publicly accessible
Ensure the Storage Account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)
Ensure that logging for Azure KeyVault is 'Enabled'
Ensure that Activity Log Alert exists for Create Policy Assignment
Ensure that Activity Log Alert exists for Create or Update Network Security Group
Ensure that Activity Log Alert exists for Delete Network Security Group
Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule
Ensure that Activity Log Alert exists for Delete Network Security Group Rule
Ensure that Activity Log Alert exists for Create or Update Security Solution
Ensure that Activity Log Alert exists for Delete Security Solution
Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule
Ensure that Activity Log Alert exists for Update Security Policy
Ensure that RDP access is restricted from the internet
Ensure that SSH access is restricted from the internet
Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)
Ensure that Network Security Group Flow Log retention period is set
Ensure that Network Watcher is Enabled
Ensure that 'OS disks' are encrypted for Azure Virtual Machines (VMs)
Ensure that 'Data disks' are encrypted for Azure Virtual Machines (VMs)
Ensure that 'Unattached disks' are encrypted in Azure Subscriptions and Virtual Machines (VMs)
Ensure Endpoint Protection is installed for all Azure Virtual Machines (VMs)
Ensure that the expiration date is set on all keys in Azure Key Vault
Ensure that the expiration date is set on all Secrets in Azure Key Vault
Ensure that Resource Locks are set for mission critical Azure resources
Ensure the Azure Key Vault is recoverable for each Subscription
Enable role-based access control (RBAC) within Azure Kubernetes Services (AKS)
Require App Service Authentication for all HTTP requests to Azure App Service
Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service
Ensure Azure App Service 'Web App' is using the latest version of TLS encryption
Ensure each Azure App Service 'Web App' sets 'Client Certificates (Incoming client certificates)' to 'On'
Enable secure registration of Azure App Service apps via Azure Active Directory (AD)
Ensure Azure App Service Web Apps require latest version of '.Net Framework', if used
Ensure Azure App Service Web Apps require the latest 'PHP version', if used
Ensure Azure App Service Web Apps require the latest 'Python version', if used
Ensure Azure App Service Web Apps require latest 'Java version', if used
Ensure Azure App Service Web Apps require latest 'HTTP version', if used
Azure Virtual Machines (VMs) exposed to the Internet
Ensure rotation of Azure Key Vault encryption keys for Azure SQL Servers
Ensure removal of unused Azure Network Security Groups (NSGs)
Enforce encryption of data-in-transit for Azure Redis Cache by requiring SSL/TLS connections
Ensure Azure Redis Cache does not allow access to public IP address(es)
Prohibit unrestricted access to Azure Redis Cache
Ensure Azure SQL Servers are not accessible to entire Azure infrastructure
Ensure Azure Virtual Machines (VMs) are attached to at least one Network Security Group (NSG)
Ensure geo-redundancy is enabled for Azure Cosmos DB
Enable multi-region writes for Azure Cosmos DBs
Ensure Azure Cosmos DBs are not publicaly accessible
Set desired consistency model for Azure Cosmos DBs
Enable automatic failover for Azure Cosmos DB accounts with multiple read regions and a single write region
Avoid allowing access from a large network scope to Azure Cosmos DBs
Ensure monitoring is enabled for Azure Kubernetes Service (AKS) Instances
Ensure pod security policy is enabled for Azure Kubernetes Service (AKS) clusters
Ensure HTTP application routing is not enabled for Azure Kubernetes Service (AKS) clusters
Ensure Azure DNS Zones are used for hosted DNS domains
Enforce encryption of data-in-transit by requiring HTTPS communications for Azure (serverless) Functions
Authenticate and encrypt client communications with Azure Function Apps via client certificates
Ensure Azure API Management (APIM) service has an authorizer configured
Ensure policy 'Statements' are configured in Azure API Management (APIM)
Ensure Azure API Management (APIM) service uses managed identities from Azure AD
Ensure Azure Subscription cost does not exceed specified maximum
Ensure Geo-Redundant Backups for Azure PostgreSQL Database Server
Ensure Azure IoT Hub certiticate is not expired
Configure retention period for Azure IoT Hub device to cloud events
Configure Azure IoT Hub to enable diagnostic log for device telemetry
Configure Azure IoT Hub to enable diagnostic log for connections
Ensure Azure IoT Hub DPS certiticate is not expired or expiring soon
Ensure diagnostic log is enabled for device operations on Azure IoT Hub Devices
Ensure diagnostic log is enabled for service operations within Azure IoT Hub Devices
Disable admin user for Azure Kubernetes Service (AKS) Container Registry
Ensure no Azure Kubernetes Serevice (AKS) Container Registry allows access from all networks
Ensure the Azure Kubernetes Service (AKS) API Server is only accessible from a limited set of IP address ranges
Notify if nodes are running more than specified number of days
Description
Azure AD is extended to include Azure AD B2B collaboration, allowing you to invite people from outside your organization to be
Subscription ownership should not include permission to create custom owner roles. The principle of least privilege should be fo
Standard pricing tier enables threat detection for networks and virtual machines, providing threat intelligence, anomaly detectio
Enable Automatic provisioning of monitoring agent to collect securitydata for analysis via Azure Security Center (ASC).
Enable system update recommendations for Azure Virtual Machines (VMs) in order to help ensure that internal systems are up
Enable 'Monitor OS Vulnerabilities' recommendations for Azure Virtual Machines (VMs) in order to help ensure that internal sys
Enable endpoint protection recommendations for Azure Virtual Machines (VMs) in order to help ensure that internal systems ar
Enable Azure Security Center (ASC) disk encryption recommendations for Azure Virtual Machines (VMs) in order to help ensur
Enable Azure Security Center (ASC) Network Security Group (NSG) recommendations for Azure Virtual Machines (VMs) in ord
Enable Azure Security Center (ASC) Web Application Firewall (WAF) recommendations for Azure Virtual Machines (VMs). This
Enable Azure Security Center (ASC) next generation firewall recommendations for Azure Virtual Machines (VMs).
Enable Azure Security Center (ASC) vulnerability assessment recommendations for Azure Virtual Machines (VMs).
Enable Azure Security Center (ASC) encryption recommendations for blob storage.
Enable Azure Security Center (ASC) monitoring for Just-In-Time (JIT) Network Access for Azure Virtual Machines (VMs).
Enable Azure Security Center (ASC) monitoring of adaptive application controls which help to enforce the concept of least-privi
Enable Azure Security Center (ASC) SQL auditing recommendations in order help ensure that administrative access to sensitiv
Enable Azure Security Center (ASC) recommendations for encrypting Azure SQL communications.
Provide at least one email address for security contact(s) in Azure Security Center (ASC), which will recommend that you provid
Provide a phone number for the authorized security contact in Azure Security Center (ASC), which will recommend that you pro
Enable emailing security alerts to authorized security contact in Azure Security Center (ASC).
Enable Azure Security Center (ASC) to also send security alert emails to the owner(s) of a given Azure Subscription, in addition
The secure transfer option enhances the security of your storage account by only allowing requests to the Storage Account by
Regenerate Azure Storage Account access keys periodically in order to mitigate risks associated with compromized access key
The Storage Queue service stores messages that may be read by any client who has access to the Storage Account. A queue
Disable anonymous/public access to blob containers in Azure Storage Accounts in order to preserve the confidentiality of their
Restricting default network access helps to provide a new layer of security, since Azure Storage Accounts accept connections f
Some Microsoft services that interact with Storage Accounts operate from networks that cannot be granted access through netw
Enable auditing on Azure SQL Servers in order to generate and make-searchable the audit trail of administrative actions assoc
Configure the 'AuditActionGroups' property to appropriate groups to capture all the critical activities on the SQL Server and all t
Azure SQL Server Audit Retention should be configured to be greater than 90 days (CSP default)'
Enable 'Advanced Data Security' on critical Azure SQL Servers.
Enable all types of threat detection on Azure SQL Servers.
Provide the email address where alerts will be sent when anomalous activities are detected on Azure SQL Servers.
Enable service and co-administrators to receive security alerts from the Azure SQL Server.
Use Azure Active Directory Authentication for authentication with SQL Database.
Enable Transparent Data Encryption on every instance of Azure SQL Database.
TDE with BYOK support provides increased transparency and control over the TDE Protector, increased security with an HSM-
Require SSL (actually TLS) connection for Azure MySQL Database Servers in order to enforce the encryption of data-in-transit
Enable log_checkpoints on Azure PostgreSQL Database Servers.
Enable SSL connection on PostgreSQL Servers.
Enable log_connections on Azure PostgreSQL Database Servers.
Enable log_disconnections on Azure PostgreSQL Database Servers.
Enable log_duration on Azure PostgreSQL Database Servers.
Enable connection_throttling on Azure PostgreSQL Database Servers.
Ensure log_retention_days is set to the desired number of days for each Azure PostgreSQL Database Server.
A Log Profile controls how your Activity Log is exported. By default, activity logs are retained only for 90 days. It is thus recomm
A Log Profile controls how your Activity Log is exported and retained. Since the average time to detect a breach is 210 days, it
The log profile should be configured to export all activities from the control/management plane.
Configure the log profile to export activities from all Azure supported regions/locations including global.
The Storage Account container containing the activity log export should not be publicly accessible.
Ensure the Storage Account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)
Enable AuditEvent logging for Key Vault instances to ensure interactions with key vaults are logged and available.
Monitoring for create policy assignment events gives insight into changes done in azure policy - assignments and may reduce t
Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the
Monitoring for Delete Network Security Group events gives insight into network access changes and may reduce the time it tak
Monitoring for Create or Update Network Security Group Rule events gives insight into network access changes and may reduc
Monitoring for Delete Network Security Group Rule events gives insight into network access changes and may reduce the time
Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may red
Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the tim
Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce th
Monitoring for Update Security Policy events gives insight into changes to the Security Policy and may reduce the time it takes
Disable RDP access on Network Security Groups from Internet.
Disable SSH access on Network Security Groups from the Internet.
Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).
Network Security Group Flow Logs should be enabled and retention period is set to greater than or equal to 90 days (CSP defa
Enable Network Watcher for Azure Subscriptions.
Encrypting your IaaS VM's OS disk (boot volume) ensures that its entire contents are fully unrecoverable without a key and thu
Encrypting your IaaS VM's Data disks (non-boot volume) ensures that its entirecontents are fully unrecoverable without a key a
Ensure that unattached disks in an Azure Subscription are also encrypted, separate from ensuring the same for OS and data d
Install Endpoint Protection for all Azure Virtual Machines (VMs).
Ensure that all keys in Azure Key Vault have an expiration time set.
Ensure that all Secrets in the Azure Key Vault have an expiration time set.
Resource Manager Locks provide a way for administrators to lock down Azure resources to prevent deletion of, or modification
The key vault contains object keys, secrets and certificates. Accidental unavailability of a key vault can cause immediate data lo
Ensure that RBAC is enabled on all Azure Kubernetes Services (AKS) Instances, which assists in enforcing the concept of leas
Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authe
Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non
The TLS(Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technolog
Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be
Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in
Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional funct
Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Usin
Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. U
Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Usi
Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the la
VMs exposed to the Internet can be a security risk, if not properly protected. This check will identify VMs attached to a network
By default, Azure Key Vault keys never expire. It is recommended to rotate your keys in the key vault and set an explicit expiry
It is important to ensure that any unused Network Security Groups (NSGs), i.e., the ones not attached to any instances, virtual
Azure Redis Cache supports SSL/TLS connections. It is recommended that Redis Cache should allow only encrypted (SSL/TLS
Redis Cache should not allow public access to the service. It is recommended to limit firewall rules to only private IP addresses
Azure Redis Cache should not allow unlimited access. If a firewall rule is configured to allow Start IP and End IP addresses bot
Azure SQL Servers include a firewall to block access to unauthorized sources. This allows you to specify which IP addresses c
Azure Virtual Machines (VMs) which are not attached to a Network Security Group (NSG) through a network interface or subne
Azure Cosmos DB is a globally distributed database service that is designed to provide low latency and high availability. You ca
Multi-master capability allows you to take advantage of the provisioned throughput for your databases and containers across th
The default configuration for Azure Cosmos DBs has a firewall configuration which allows access from all networks. Instead, it i
With Azure Cosmos DB, developers can choose from five well-defined consistency models on the consistency spectrum. From
Azure Cosmos DB supports enabling automatic failover for multi-region accounts with a single write region. It is recommended
Access to Azure Cosmos DB accounts should be limited to applications and servers which require access to the database. This
Ensure monitoring is enabled for Azure Kubernetes Service (AKS) Instances
To improve the security of your AKS cluster, you can limit what pods can be scheduled. Pods which request resources that you
Ensure HTTP application routing is not enabled for Azure Kubernetes Service (AKS) clusters.
A domain name is just a name. A DNS zone is a data resource that contains the DNS records for a domain name. You can use
By default, anyone can access your Azure Function using HTTP. Azure allows you to enforce HTTPS connections, thereby red
You can restrict access to your Azure Function Apps by enabling different types of authentication. One way is to require the app
Configured an authorizer to protect APIs managed via Azure API Management service (APIM).
In Azure API Management (APIM), policies are a powerful capability of the system that allow the publisher to change the behav
A managed identity generated by Azure Active Directory (Azure AD) allows your API Management instance to easily and secur
Azure Cost Management is useful to know how much money your services cost, and in support of which environments and sys
Ensure Geo-Redundant Backups for PostgreSQL Database Server by setting 'Backup Redundancy Options' to 'Geo-Redundan
An expired certificate should not be used after it expires and doing so may result in a loss of availability for IoT servers and/or c
This property specifies how long in days events are retained by IoT Hub. The default is one day, but it can be increased to seve
If a problem occurs in your Azure IoT Hub solution while running in production, you may want to enable diagnostic logs becaus
If a problem occurs in your Azure IoT Hub solution while running in production, you may want to enable diagnostic logs becaus
An expired certificate should not be used after it expires and doing so may result in a loss of availability for IoT servers and/or c
If a problem occurs in your IoT Hub Device Provisioning Services solution while running in production, you may want to enable
If a problem occurs in your IoT Hub Device Provisioning Services solution while running in production, you may want to enable
Each container registry includes an admin user account, which is disabled by default. You can enable the admin user and mana
An Azure container registry by default accepts connections over the internet from hosts on any network. With a virtual network,
In Kubernetes, the API server receives requests to perform actions in the Kubernetes cluster such as to create resources or sca
Notify if nodes are running more than specified number of days
Category DefaultSeverity
IAM HIGH
IAM CRITICAL
SECURITY LOW
SECURITY LOW
SECURITY LOW
SECURITY HIGH
SECURITY HIGH
SECURITY CRITICAL
SECURITY HIGH
SECURITY HIGH
SECURITY MEDIUM
SECURITY HIGH
SECURITY CRITICAL
SECURITY MEDIUM
SECURITY LOW
SECURITY CRITICAL
SECURITY CRITICAL
SECURITY HIGH
SECURITY HIGH
SECURITY MEDIUM
SECURITY MEDIUM
STORAGE HIGH
STORAGE HIGH
STORAGE HIGH
STORAGE CRITICAL
STORAGE HIGH
STORAGE HIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceMEDIUM
Database ServiceHIGH
Database ServiceHIGH
Database ServiceMEDIUM
Database ServiceMEDIUM
Database ServiceLOW
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
Database ServiceHIGH
LOGGING MEDIUM
LOGGING MEDIUM
LOGGING MEDIUM
LOGGING MEDIUM
LOGGING MEDIUM
LOGGING MEDIUM
LOGGING CRITICAL
MONITORING HIGH
MONITORING CRITICAL
MONITORING HIGH
MONITORING CRITICAL
MONITORING HIGH
MONITORING HIGH
MONITORING HIGH
MONITORING HIGH
MONITORING CRITICAL
NETWORKING CRITICAL
NETWORKING CRITICAL
NETWORKING CRITICAL
NETWORKING HIGH
NETWORKING HIGH
VM CRITICAL
VM CRITICAL
VM CRITICAL
VM HIGH
SECURITY CRITICAL
SECURITY CRITICAL
SECURITY HIGH
SECURITY CRITICAL
SECURITY CRITICAL
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
AppService HIGH
NETWORKING (Sec
CRITICAL
SQL SERVERS HIGH
NETWORKING MEDIUM
STORAGE HIGH
NETWORKING HIGH
NETWORKING HIGH
NETWORKING HIGH
NETWORKING HIGH
STORAGE HIGH
STORAGE HIGH
STORAGE MEDIUM
STORAGE LOW
STORAGE HIGH
STORAGE MEDIUM
AKS HIGH
AKS HIGH
AKS HIGH
DNS MEDIUM
Serverless HIGH
Serverless HIGH
API Management HIGH
API Management HIGH
API Management HIGH
BILLING HIGH
Database ServiceHIGH
IoT HIGH
IoT MEDIUM
IoT MEDIUM
IoT MEDIUM
IoT HIGH
IoT MEDIUM
IoT MEDIUM
AKS HIGH
AKS HIGH
AKS HIGH
ALL MEDIUM