Azure Security

Overview
Critical
0
High
1
Medium
6
Low
2
Informational
0
Security issues (9)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Low eastus prevasio-key-vault-2 Key Vault has no diagnostic settings. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault. More info
High CIS 8.5 eastus prevasio-key-vault-2 Key Vault has no Purge Protection and therefore, is not recoverable. To prevent permanent deletion/purging of encryption keys, secrets and certificates stored within the Key Vaults, ensure that all Key Vaults have Purge Protection enabled. More info
Medium PCI DSS 4.2 HIPAA (Encryption) eastus prevasio-key-vault-2 Key Vault has Soft Delete retention period set to 7 days, while the recommended limit is 90 days. To fulfill HIPAA requirements on protecting all encryption mechanisms against loss of modification, ensure that Key Vaults have a recommended Soft Delete retention period, i.e. 90 days. More info
Medium eastus prevasio-key-vault-2 Key Vault does not grant vault access to trusted Microsoft services. To allow trusted Azure cloud services to work as intended and be able to access your vault resources, enable "Allow trusted Microsoft services to bypass this firewall" exception in your Key Vault network firewall configuration. More info
Medium eastus prevasio-key-vault-2 Key Vault allows access to traffic from all networks, including the public Internet. To add a layer of security by limiting access to trusted networks and/or IP addresses, change the Key Vault firewall default action from "Allow" to "Deny" and configure the appropriate access. More info
Low CIS 5.1.5 PCI DSS 10.2 HIPAA (Audit) eastus prevasio-key-vault Key Vault has no AuditEvent logging enabled. To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault. More info
Medium CIS 2.3.1 westeurope test-domain.com Security Contact is not configured to send security alerts to administrators. To notify subscription owners/administrators about detected vulnerabilities and other security issues, ensure that security alerts are configured to be sent to subscription owners/administrators. More info
Medium CIS 2.3.3 westeurope test-domain.com Security Contact is not configured to receive high severity alert notifications. To notify the Security Contact about potential security issues, ensure that high severity alert notificationss are properly configured. More info
Medium CIS 2.2 CIS 2.2.1 global Security Automatic Provisioning of the Monitoring Agent is not enabled. To collect security data and events from your cloud compute resources in order to help you prevent, detect, and respond effectively to security issues, ensure that automatic provisioning of the monitoring agent is enabled in your Microsoft Azure account. More info
Key vaults (2)
Name Location SKU name Resource group Status Security issues
prevasio-key-vault-2East USStandardMC_test-clust_group_test-cluster_westus2 Succeeded 1 High + 4 others (details)
prevasio-key-vaultEast USStandardtest-scale-set_group Succeeded 1 Low (details)
Defender for Cloud: Email notifications security (3)
Email notification Location Email Notify about alerts Send alerts to administrators Security issues
contact-prevasio.comWest Europecontact@prevasio.comOnOn
admin-prevasio.comWest Europeadmin@prevasio.comOnOn
test-domain.comWest Europetest@domain.comOffOff 2 Medium (details)