github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go (about) 1 package securitycenter 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckAlertOnSevereNotifications = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AZU-0044", 14 Provider: providers.AzureProvider, 15 Service: "security-center", 16 ShortCode: "alert-on-severe-notifications", 17 Summary: "Send notification emails for high severity alerts", 18 Impact: "The ability to react to high severity notifications could be delayed", 19 Resolution: " Set alert notifications to be on", 20 Explanation: `It is recommended that at least one valid contact is configured for the security center. 21 Microsoft will notify the security contact directly in the event of a security incident using email and require alerting to be turned on.`, 22 Links: []string{ 23 "https://azure.microsoft.com/en-us/services/security-center/", 24 }, 25 Terraform: &scan.EngineMetadata{ 26 GoodExamples: terraformAlertOnSevereNotificationsGoodExamples, 27 BadExamples: terraformAlertOnSevereNotificationsBadExamples, 28 Links: terraformAlertOnSevereNotificationsLinks, 29 RemediationMarkdown: terraformAlertOnSevereNotificationsRemediationMarkdown, 30 }, 31 Severity: severity.Medium, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, contact := range s.Azure.SecurityCenter.Contacts { 35 if contact.Metadata.IsUnmanaged() { 36 continue 37 } 38 if contact.EnableAlertNotifications.IsFalse() { 39 results.Add( 40 "Security contact has alert notifications disabled.", 41 contact.EnableAlertNotifications, 42 ) 43 } else { 44 results.AddPassed(&contact) 45 } 46 } 47 return 48 }, 49 )