Best practice rules for Security Center
Trend Micro Cloud One™ – Conformity monitors Security Center with the following rules:
- Check for Azure Security Center Recommendations
Ensure that Microsoft Azure Security Center recommendations are examined and resolved.
- Enable Adaptive Application Safelisting Monitoring
Enable adaptive application safelisting monitoring for Microsoft Azure virtual machines.
- Enable Alert Notifications for Subscription Owners
Ensure that "Also send email notification to subscription owners" feature is enabled within Azure Security Center.
- Enable Automatic Provisioning of the Monitoring Agent
Ensure that "Automatic provisioning of monitoring agent" feature is enabled to enhance security at the virtual machine (VM) level.
- Enable DDoS Protection Standard Monitoring for Public Virtual Networks
Ensure that monitoring of DDoS protection at the Azure virtual network level is enabled.
- Enable Disk Encryption Monitoring
Enable disk encryption monitoring for Microsoft Azure virtual machines (VMs).
- Enable Email Notification for Alerts
Ensure that "Email Notification for Alerts" security feature is enabled within Azure Security Center.
- Enable Endpoint Protection Monitoring
Enable endpoint protection monitoring and recommendations for Microsoft Azure virtual machines.
- Enable JIT Network Access Monitoring
Ensure that JIT network access monitoring for Azure virtual machines (VMs) is enabled.
- Enable Monitoring for OS Vulnerabilities
Enable OS vulnerability monitoring for Microsoft Azure virtual machines (VMs).
- Enable Monitoring of Deprecated Accounts
Ensure that monitoring of deprecated accounts within your Azure subscription(s) is enabled.
- Enable Network Security Group Monitoring
Enable network security group recommendations for Microsoft Azure virtual machines (VMs).
- Enable Next Generation Firewall (NGFW) Monitoring
Ensure that next generation firewall monitoring for Azure virtual machines (VMs) is enabled.
- Enable SQL Auditing Monitoring
Enable SQL auditing and threat detection monitoring for Microsoft Azure SQL servers.
- Enable SQL Encryption Monitoring
Enable SQL encryption monitoring and recommendations for Microsoft Azure SQL servers.
- Enable Standard Pricing Tier
Ensure that Security Center standard pricing tier is enabled in your Microsoft Azure account.
- Enable Storage Encryption Monitoring
Enable storage encryption monitoring and recommendations for Azure Storage resources.
- Enable System Updates Monitoring
Enable system updates recommendations for Microsoft Azure virtual machines (VMs).
- Enable Virtual Machine IP Forwarding Monitoring
Ensure that IP forwarding enabled on your Azure virtual machines (VMs) is being monitored.
- Enable Vulnerability Assessment Monitoring
Ensure that vulnerability assessment monitoring for Azure virtual machines (VMs) is enabled.
- Enable Web Application Firewall Monitoring
Enable web application firewall monitoring for Microsoft Azure virtual machines (VMs).
- Monitor External Accounts with Write Permissions
Ensure that the external accounts with write permissions are monitored using Azure Security Center.
- Monitor the Total Number of Subscription Owners
Ensure that the total number of subscription owners within your Azure account is monitored.
- Security Contact Emails In Use
Ensure that one or more security contact email addresses are defined within Azure Security Center settings.
- Security Contact Phone Numbers In Use
Ensure that a security contact phone number is provided in the Azure Security Center settings.