Low severity CSPM issues (62)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Kubernetes / Registries Low eastus prevasio Container Registry has Admin user enabled. To avoid sharing confidential admin credentials, ensure that the Admin user, normally designed for testing, is disabled for Container Registry. More info
Kubernetes / Registries Low westus2 test-cluster Kubernetes Service Cluster has the version of Kubernetes 1.21.9, while there are new upgrades available: 1.22.4, 1.22.6. Upgrade the version of Kubernetes on all Service Clusters to the latest version of Kubernetes. More info
Monitor Low global Monitor No activity log alert found for "Create Policy Assignment" events. To enable insights into the changes made within the "Policy Assignment" policy, create an activity log alert for "Create Policy Assignment" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Policy Assignment" events. To enable insights into the changes made within the "Policy Assignment" policy, create an activity log alert for "Delete Policy Assignment" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Load Balancer" events. To mitigate any accidental or intentional deletion of Load Balancers available within your Azure cloud account, create an activity log alert for "Delete Load Balancer" events. More info
Monitor Low global Monitor No activity log alert found for "Create/Update Network Security Group" events. To enable insights into the changes made at the Azure Network Security Group (NSG) level, create an activity log alert for "Create/Update Network Security Group" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Network Security Group" events. To enable insights into the changes made at the Azure Network Security Group (NSG) level, create an activity log alert for "Delete Network Security Group" events. More info
Monitor Low global Monitor No activity log alert found for "Create or Update Security Solution" events. To enable insights into the changes made for your Azure Security Solutions, create an activity log alert for "Create or Update Security Solution" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Security Solution" events. To enable insights into the changes made for your Azure Security Solutions, create an activity log alert for "Delete Security Solution" events. More info
Monitor Low global Monitor No activity log alert found for "Update Key Vault" events. To enable insights into the changes made at the Azure Key Vault level, create an activity log alert for "Update Key Vault" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Key Vault" events. To mitigate any accidental or intentional deletion of Key Vaults available within your Azure cloud account, create an activity log alert for "Delete Key Vault" events. More info
Monitor Low global Monitor No activity log alert found for "Create or Update Virtual Machine" events. To enable insights into the changes made within your cloud environment regarding Azure virtual machines (VMs), create an activity log alert for "Create or Update Virtual Machine" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Virtual Machine" events. To mitigate any accidental or intentional deletion of virtual machines (VMs) available within your Azure cloud account, create an activity log alert for "Delete Virtual Machine" events. More info
Monitor Low global Monitor No activity log alert found for "Deallocate Virtual Machine" events. To mitigate any security issues in case a virtual machine (VM) was accidentally or intentionally stopped, create an activity log alert for "Deallocate Virtual Machine" events. More info
Monitor Low global Monitor No activity log alert found for "Power Off Virtual Machine" events. To mitigate any security issues in case a virtual machine (VM) was accidentally or intentionally powered off, create an activity log alert for "Power Off Virtual Machine" events. More info
Monitor Low global Monitor No activity log alert found for "Create/Update Storage Account" events. To enable insights into the changes made at the Azure Storage account level, create an activity log alert for "Create/Update Storage Account" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Storage Account" events. To mitigate any accidental or intentional deletion of storage accounts available within your Azure cloud account, create an activity log alert for "Delete Storage Account" events. More info
Monitor Low global Monitor No activity log alert found for "Create/Update Azure SQL Database" events. To enable insights into the changes made within your cloud environment regarding Azure SQL database resources, create an activity log alert for "Create/Update Azure SQL Database" events. More info
Monitor Low global Monitor No activity log alert found for "Delete Azure SQL Database" events. To mitigate any accidental or intentional deletion of SQL Databases available within your Azure cloud account, create an activity log alert for "Delete Azure SQL Database" events. More info
Monitor Low global Monitor No activity log alert found for "Rename Azure SQL Database" events. To mitigate any security issues in case an SQL database was accidentally or intentionally renamed, create an activity log alert for "Rename Azure SQL Database" events. More info
Monitor Low PCI DSS 10.2 HIPAA (Audit) global default Log Profile does not archive your activity log from Australia, Brazil. To fulfill HIPAA and PCI requirements on secure audit record for environments containing sensitive data, ensures the Log Profile is configured to export all activities from all Azure locations. More info
Monitor Low PCI DSS 10.2 HIPAA (Audit) global default Log Profile does not collect logs for "Delete" event categories. To fulfill HIPAA and PCI requirements on secure audit record for environments containing sensitive data, ensure the Log Profile is configured to collect logs for "Write", "Delete" and "Action" event categories. More info
Compute Low eastus test-vm Virtual Machine is not launched from an Azure managed VM image. To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images. More info
Compute Low eastus test-vm Virtual Machine has instant restore backups configured to be retained for 2 days, while the recommended limit is 5 days. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. More info
Compute Low eastus test-vm Virtual Machine has daily backup retention period configured as 21 days, while the recommended limit is 30 days. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. More info
Compute Low eastus my-disk-snapshot VM Disk Snapshot was created 779 days ago. To eliminate unnecessary costs and meet compliance requirements regarding unused resources, ensure there are no undesired old VM Disk Snapshots. More info
Compute Low westus2 test-vm2 Virtual Machine is not launched from an Azure managed VM image. To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images. More info
Compute Low westus2 test-vm2 Virtual Machine has no backup policies configured. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. More info
Compute Low westus2 test-vm2 Virtual Machine has no daily backup retention period configured. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. More info
Compute Low westus2 test-vm3 Virtual Machine uses Premium SSD Disk Volume. For cost-effective storage that fits a broad range of workloads from web servers to enterprise applications, consider using Standard SSD disk volumes instead of Premium SSD volumes for your VMs. More info
Compute Low westus2 test-vm3 Virtual Machine has no backup policies configured. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. More info
Compute Low westus2 test-vm3 Virtual Machine has no daily backup retention period configured. To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. More info
Compute Low westus2 empty-scale-set Virtual Machine Scale Set has no VM instances attached. To eliminate unnecessary costs and meet compliance requirements regarding unused resources, delete VM Scale Sets that have no VM instances attached. More info
Compute Low westus2 test-scale-set2 Virtual Machine Scale Set has no VM instances attached. To eliminate unnecessary costs and meet compliance requirements regarding unused resources, delete VM Scale Sets that have no VM instances attached. More info
Web Low CIS 9.9 eastus prevasio-web-app App Service is not using the latest version of the HTTP protocol (HTTP 2.0). To make your web applications load faster, enable HTTP 2.0 for your App Services. More info
Web Low eastus prevasio-web-app App Service uses Java 8u232, while the latest version of Java is 11. To take advantage of the latest security fixes, performance improvements, and new functionalities and features, ensure that all App Service web applications developed with Java use the latest available version of Java. More info
Web Low eastus prevasio-web-app App Service does not have a managed identity assigned. To allow your app to easily access other AD-protected resources such as Azure Key Vault, assign a managed identity for your App Services. More info
SQL Low eastus master SQL Database is not configured to be zone redundant. To avoid a single point of failure for all systems relying on SQL Databases, ensure that all SQL Database instances are created in multiple availability zones. More info
SQL Low westus master SQL Database is not configured to be zone redundant. To avoid a single point of failure for all systems relying on SQL Databases, ensure that all SQL Database instances are created in multiple availability zones. More info
SQL Low CIS 4.1.2 westus prevasio-sql-server2 SQL Server has no private endpoints configured. To connect your virtual network to services in Azure without a public IP address at the source or destination, ensure the SQL Servers are accessible only through private endpoints. More info
Networking Low centralus my-virtual-network Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low centralus my-virtual-network Virtual Network has only one subnet. To take advantage of an N-tier architecture, where each tier resides in its own subnet, consider creating multiple subnets in each Virtual Network. More info
Networking Low eastus test-vm-nsg Network Security Group (NSG) has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG. More info
Networking Low eastus test-scale-set_group-vnet Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low eastus test-scale-set_group-vnet Virtual Network has only one subnet. To take advantage of an N-tier architecture, where each tier resides in its own subnet, consider creating multiple subnets in each Virtual Network. More info
Networking Low eastus test-virt-network Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low eastus test-virt-network Virtual Network has only one subnet. To take advantage of an N-tier architecture, where each tier resides in its own subnet, consider creating multiple subnets in each Virtual Network. More info
Networking Low eastus test-vm_group-vnet Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low eastus test-vm_group-vnet Virtual Network has only one subnet. To take advantage of an N-tier architecture, where each tier resides in its own subnet, consider creating multiple subnets in each Virtual Network. More info
Networking Low eastus my-load-balancer Network Load Balancer has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each Load Balancer. More info
Networking Low westus2 aks-agentpool-28249642-nsg Network Security Group (NSG) has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG. More info
Networking Low westus2 open-to-all Network Security Group (NSG) has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG. More info
Networking Low westus2 test-vm2-nsg Network Security Group (NSG) has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG. More info
Networking Low westus2 aks-vnet-28249642 Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low westus2 virt-network-4 Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low westus2 testscaleset_groupvnet421 Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low westus2 testscaleset_groupvnet421 Virtual Network has only one subnet. To take advantage of an N-tier architecture, where each tier resides in its own subnet, consider creating multiple subnets in each Virtual Network. More info
Networking Low ukwest test-virt-netowrk Virtual Network has DDoS Standard Protection disabled. To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature). More info
Networking Low global CDN Profile endpoint has request logging disabled. To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile. More info
Networking Low global CDN Profile endpoint has no diagnostic settings. To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile. More info
Security Low eastus prevasio-key-vault-2 Key Vault has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault. More info
Security Low CIS 5.1.5 PCI DSS 10.2 HIPAA (Audit) eastus prevasio-key-vault Key Vault has no AuditEvent logging enabled. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault. More info
Low severity private container images (0)
Repository Image tag Region Image size Pushed at Latest Vulnerabilities Alerts Action
Low severity public container images (0)
Repository Image tag Region Image size Pushed at Latest Vulnerabilities Alerts Action