Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check Defender for Azure Cosmos DB provided by Microsoft Defender for Cloud is using Standard plan #2204

Closed
BenjaminEngeset opened this issue May 12, 2023 · 0 comments · Fixed by #2210
Closed

Check Defender for Azure Cosmos DB provided by Microsoft Defender for Cloud is using Standard plan #2204

BenjaminEngeset opened this issue May 12, 2023 · 0 comments · Fixed by #2210
Assignees
@BenjaminEngeset
Labels
pillar: security Aligned to the Security pillar. rule: defender-for-cloud Rules for Microsoft Defender for Cloud
Milestone
v1.27.0

Comments

@BenjaminEngeset
Copy link
Contributor

BenjaminEngeset commented May 12, 2023
edited
Loading

Existing rule

No response

Suggested rule

Cosmos DBs should use Microsoft Defender for Azure Cosmos DB which is a feature of Microsoft Defender for Cloud.

Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitation of databases through compromised identities, or malicious insiders.

When enabling the Defender pricing plan for Cosmos DB it is automatically enabled for all Azure Cosmos DB for NoSQL accounts within the subscription.

This is done by enabling the Cosmos DB pricing plan (section) under the parent databases pricing plan in MDfC.

With infrastructure as code, PowerShell this or CLI this is done by is it done by setting a Standard CosmosDbs pricing plan.

Related to #1632

Pillar

Security

Additional context

https://learn.microsoft.com/azure/defender-for-cloud/concept-defender-for-cosmos
https://learn.microsoft.com/azure/defender-for-cloud/defender-for-databases-enable-cosmos-protections
https://learn.microsoft.com/azure/templates/microsoft.security/advancedthreatprotectionsettings
@BenjaminEngeset BenjaminEngeset added Needs: Triage 🔍 rule The issue relates to a rule labels May 12, 2023
@BenjaminEngeset BenjaminEngeset mentioned this issue May 13, 2023
Merged
11 tasks
@BernieWhite BernieWhite added rule: defender-for-cloud Rules for Microsoft Defender for Cloud pillar: security Aligned to the Security pillar. and removed rule The issue relates to a rule Needs: Triage 🔍 labels May 15, 2023
@BernieWhite BernieWhite added this to the v1.27.0 milestone May 21, 2023
@BernieWhite BernieWhite mentioned this issue May 21, 2023
Merged
4 tasks
@BernieWhite BernieWhite mentioned this issue May 30, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BenjaminEngeset BenjaminEngeset

Labels
pillar: security Aligned to the Security pillar. rule: defender-for-cloud Rules for Microsoft Defender for Cloud
Projects
None yet
Milestone
v1.27.0
Development

Successfully merging a pull request may close this issue.

Added Azure.Defender.CosmosDb BenjaminEngeset/PSRule.Rules.Azure
2 participants
@BernieWhite @BenjaminEngeset