last sync: 2024-Oct-11 17:51:27 UTC

Microsoft Defender for Azure Cosmos DB should be enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Defender for Azure Cosmos DB should be enabled
Id adbe85b5-83e6-4350-ab58-bf3a4f736e5e
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/pricings/pricingTier Microsoft.Security pricings properties.pricingTier True False
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Microsoft Defender for Azure Cosmos DB should be enabled' (adbe85b5-83e6-4350-ab58-bf3a4f736e5e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 2.1 Ensure That Microsoft Defender for Databases Is Set To 'On' Shared Running Defender on Infrastructure as a service (IaaS) may incur increased costs associated with running the service and the instance it is on. Similarly, you will need qualified personnel to maintain the operating system and software updates. If it is not maintained, security patches will not be applied and it may be open to vulnerabilities. Turning on Microsoft Defender for Databases enables threat detection for the instances running your database software. This provides threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. Instead of being enabled on services like Platform as a Service (PaaS), this implementation will run within your instances as Infrastructure as a Service (IaaS) on the Operating Systems hosting your databases. Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software. Instead of waiting on Microsoft release updates or other similar processes, you can manage them yourself. Threat detection is provided by the Microsoft Security Response Center (MSRC). link 4
CIS_Azure_2.0.0 2.1.9 CIS_Azure_2.0.0_2.1.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.9 2.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' Shared Enabling Microsoft Defender for Azure Cosmos DB requires enabling Microsoft Defender for your subscription. Both will incur additional charges. Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources. In scanning Azure Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced. link 1
New_Zealand_ISM 07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 New_Zealand_ISM_07.1.7.C.02 07. Information Security Incidents Detecting Information Security Incidents - Preventing and detecting information security incidents n/a Processes and procedures for the detection of information security incidents will assist in mitigating attacks using the most common vectors in systems exploits. 16
op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found n/a n/a 63
op.mon.3 Monitoring op.mon.3 Monitoring 404 not found n/a n/a 51
RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration Secure Configuration-5.1 n/a Document and apply baseline security requirements/configurations to all categories of devices (end-points/workstations, mobile devices, operating systems, databases, applications, network devices, security devices, security systems, etc.), throughout the lifecycle (from conception to deployment) and carry out reviews periodically. 8
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-03-11 18:16:48 add adbe85b5-83e6-4350-ab58-bf3a4f736e5e
JSON compare n/a
JSON
api-version=2021-06-01
EPAC