High Severity Alerts Disabled

Risk Level: Low

Description:

This plugin makes sure that high-severity notifications are set up correctly. Enabling high severity alerts means that Microsoft alerts for potential security concerns are provided and that the risks are quickly mitigated. For this configuration, make sure at least one security contact email address is provided.

Recommended Action: Ensure that high severity alerts are configured to be sent.

About the Service :

Microsoft Azure Security Center is a collection of tools for monitoring and managing the security of virtual machines and other cloud computing resources in Microsoft's public cloud. The Azure Security Center is accessed through the Azure management interface by administrators. Policy Configuration, Data Collection, Recommendation, Alerts, etc. features are some of the most important elements of Azure Security Center.

Impact: 

If the configuration for notifying about high severity alerts is disabled, the Azure Security Center will not notify you regarding high severity alerts like Remote Desktop Protocol (RDP) attacks or customer data accessed by an unauthorized party, etc.

Steps to reproduce :

1. Sign in to your Azure management console.
2. Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
3. On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading. 
4. Select the subscription that you want to examine.
   
5. In the navigation panel, select Email Notification.
6. In the Notification Types settings section, check if the option Notify about alerts with the following severity (or higher) is set on High and the checkbox is checked.
   
7. If not, then your Azure Security Center is not configured to send you high severity alerts.
8. Repeat steps for each Microsoft Azure subscription available in your account.

Steps for remediation :

1. Sign in to your Azure management console.
2. Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
3. On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading. 
4. Select the subscription that you want to examine.
   
5. In the navigation panel, select Email Notification.
6. In the Notification Types settings section, select the option of Notify about alerts with the following severity (or higher) and select High from the dropdown menu.
   
7. Click Save to save the changes.
8. Repeat steps to reconfigure each Microsoft Azure subscription that is misconfigured in your account.

References:

• https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
• https://azure.microsoft.com/mediahandler/files/resourcefiles/cis-microsoft-azure-foundations-security-benchmark/CIS_Microsoft_Azure_Foundations_Benchmark_v1.0.0.pdf

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support