|   Trend Micro Cloud One™
Open menu

Security Contact Phone Numbers In Use

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Last updated: 22 September 2020
Risk level: Medium (should be achieved)
Rule ID: SecurityCenter-017

Ensure that a security contact international phone number (including the country code, e.g. +1-425-1234567) is set for the administrator who should be notified when Azure Security Center detects compromised resources.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Security

As best practice, Azure Security Center recommends that you provide valid security contact details for each Microsoft Azure subscription. If appropriate contact information is provided, the Azure Security Center calls the designated security contact in case its security team finds that your cloud resources are compromised in some way. The main purpose of this feature is to ensure that the right people get notified for potential security risks in order to mitigate those risks in a timely fashion.

Note: Make sure that the contact information (i.e. phone number) provided is valid, as the communication is not digitally signed.

Audit

To determine if a valid security contact phone number is defined within Azure Security Center settings, perform the following actions:

Using Azure CLI and PowerShell

01 Run account get-access-token command (Windows/macOS/Linux) using custom query filters to describe the security contact phone number set for alert notifications within the subscription's Azure Security Center settings:

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts?api-version=2017-08-01-preview' | jq '.|.value[1]'|jq '.properties.phone'

02 The command output should return the requested contact information (if any available).

""

If the command output returns an empty string, i.e. "", there are no security contact phone numbers configured for alert notifications in the Azure Security Center configuration settings, within the selected Microsoft Azure subscription.

03 Repeat step no. 1 and 2 for each Microsoft Azure subscription available in your account.

Remediation / Resolution

To set a security contact phone number in order to be notified when Azure Security Center detects compromised resources in your Azure cloud account, perform the following actions:

Using Azure CLI and PowerShell

01 Define the necessary parameters for the account get-access-token command, where <security-phone-number> represents the security contact phone number where you want to be notified when Azure Security Center service detects compromised resources within your Azure cloud account. Save the following content to a JSON file named security-contact-information.json and replace the highlighted details, i.e. <azure-subscription-id>, <security-email-address> and <security-phone-number>, with your own contact information:

{
   "id":"/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/securityContacts/default1",
   "name":"default1",
   "type":"Microsoft.Security/securityContacts",
   "properties":{
  	"email":"<security-email-address>",
  	"phone":"<security-phone-number>",
    "alertNotifications":"Off",
    "alertsToAdmins":"Off"
   }
}

02 Run account get-access-token command (Windows/macOS/Linux) using the parameters defined at the previous step (i.e. security-contact-information.json file) to set the valid international phone number where you want to receive notifications alerts from Azure Security Center, within the selected Microsoft Azure cloud subscription:

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"security-contact-information.json"'

03 If successful, the command output should return the updated Security Center configuration policy, for example:

{
   "id":"/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd/providers/Microsoft.Security/securityContacts/default1",
   "name":"default1",
   "type":"Microsoft.Security/securityContacts",
   "properties":{
  	"email":"notifyme@cloudconformity.com",
  	"phone":"+1-425-1234567",
  	"alertNotifications":"Off",
  	"alertsToAdmins":"Off"
   }
}

04 If required, repeat steps no. 1 – 3 for other Microsoft Azure cloud subscription available.

References

Publication date May 31, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Security Contact Phone Numbers In Use

Risk level: Medium