last sync: 2024-May-24 18:03:04 UTC

[Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys)

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys)
Id 5f0f936f-2f01-4bf5-b6be-d423792fa562
Version 2.1.0-deprecated
Details on versioning
Category Security Center
Microsoft Learn
Description As outlined in the unified vulnerability assessment solution strategy blog (https://aka.ms/MDCUnifiedVAblog), we have made a strategic decision to unify all vulnerability assessment solutions in Defender for Cloud to use Defender vulnerability management. As part of this change, the built-in Qualys offering is now retired. See https://aka.ms/TransitionToMDVM4Containers for more information and transition guidelines.
Mode All
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code false
Rule resource types IF (1)
Microsoft.ContainerRegistry/registries
Compliance
The following 1 compliance controls are associated with this Policy definition '[Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys)' (5f0f936f-2f01-4bf5-b6be-d423792fa562)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Posture and Vulnerability Management Perform software vulnerability assessments Customer Follow recommendations from Azure Security Center for performing vulnerability assessments on your Azure virtual machines, container images, and SQL servers. Azure Security Center has a built-in vulnerability scanner for virtual machine scan. Use a third-party solution for performing vulnerability assessments on network devices and web applications. When conducting remote scans, do not use a single, perpetual, administrative account. Consider implementing JIT (Just In Time) provisioning methodology for the scan account. Credentials for the scan account should be protected, monitored, and used only for vulnerability scanning. Export scan results at consistent intervals and compare the results with previous scans to verify that vulnerabilities have been remediated. When using vulnerability management recommendations suggested by Azure Security Center, you can pivot into the selected scan solution's portal to view historical scan data. How to implement Azure Security Center vulnerability assessment recommendations: https://docs.microsoft.com/azure/security-center/security-center-vulnerability-assessment-recommendations Integrated vulnerability scanner for virtual machines: https://docs.microsoft.com/azure/security-center/built-in-vulnerability-assessment SQL vulnerability assessment: https://docs.microsoft.com/azure/azure-sql/database/sql-vulnerability-assessment Exporting Azure Security Center vulnerability scan results: https://docs.microsoft.com/azure/security-center/built-in-vulnerability-assessment#exporting-results n/a link 5
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-15 22:15:34 change Minor, new suffix: deprecated (2.0.2 > 2.1.0-deprecated)
2024-01-12 18:35:06 change Patch (2.0.1 > 2.0.2)
2022-01-07 18:14:35 change Patch (2.0.0 > 2.0.1)
2021-01-05 16:06:49 change Major (1.0.0 > 2.0.0)
2020-08-19 13:49:29 add 5f0f936f-2f01-4bf5-b6be-d423792fa562
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC