Page Information

    Page: Azure DDoS Protection Standard Should Be Enabled
    Page: Azure Defender for XYZ Should be Enabled
    Page: Azure Policy Add-on for Kubernetes Should be Installed and Enabled on Your Clusters
    Page: Container Images Should be Deployed from Trusted Registries Only
    Page: Container Registries Should Not Allow Unrestricted Network Access
    Page: Container Registries Should Use Private Link
    Page: Deprecated Accounts Should Be Removed From Your Subscription
    Page: Deprecated Accounts With Owner Permissions Should Be Removed From Your Subscription
    Page: Diagnostic Logs in XYZ Should be Enabled
    Page: Email Notification for High Severity Alerts Should Be Enabled
    Page: Email Notification to Subscription Owner for High Severity Alerts Should be Enabled
    Page: Endpoint Protection Health Failures/Issues Should be Resolved on your Machines
    Page: Enforce SSL Connection Should Be Enabled for MySQL Database Servers
    Page: Enforce SSL Connection Should be Enabled for PostgreSQL Database Servers
    Page: External Accounts With XYZ Permissions Should Be Removed From Your Subscription
    Page: File Integrity Monitoring Should be Enabled on Servers
    Page: Firewall Should be Enabled on Key Vault
    Page: FTPS Should be Required in your Web/Function/API App
    Page: Identical Authentication Credentials
    Page: Install endpoint protection solution on machines/virtual machines
    Page: Internet-Facing Virtual Machines Should Be Protected With Network Security Groups
    Page: IoT Devices - Auditd Process Stopped Sending Events
    Page: IoT Devices - Open Ports on Device
    Page: IoT Devices - Operating System Baseline Validation Failure
    Page: IoT Devices - Permissive Firewall Policy in One of the Chains Was Found
    Page: IoT Devices - Permissive Firewall Rule in the Input Chain Was Found
    Page: IoT Devices - Permissive Firewall Rule in the Output Chain Was Found
    Page: IoT Devices - TLS Cipher Suite Upgrade Needed
    Page: IP Filter Rule Large IP Range
    Page: Java Should Be Updated to the Latest Version for Your App
    Page: Key Vault Keys Should Have an Expiration Date
    Page: Key Vault Secrets Should Have an Expiration Date
    Page: Key Vaults Should Have Soft Delete Enabled
    Page: Kubernetes API Server Should Be Configured With Restricted Access
    Page: Kubernetes Clusters Should Be Accessible Only Over HTTPS
    Page: Kubernetes Clusters Should Disable Automounting API Credentials
    Page: Kubernetes Clusters Should Not Grant CAPSYSADMIN Security Capabilities
    Page: Least Privileged Linux Capabilities Should Be Enforced for Containers
    Page: Log Analytics Agent Should be Installed on XYZ
    Page: Managed Identity Should be Used in Your Web App/Function App
    Page: Management Ports of Virtual Machines Should be Protected with Just-In-Time Network Access Control
    Page: Management Ports Should Be Closed on Your Virtual Machines
    Page: MFA Should be Enabled on Accounts with Owner/Read/Write Permissions on your Subscription
    Page: Monitoring Agent Should Be Installed on Your Machines
    Page: Only Secure Connections to Your Redis Cache Should Be Enabled
    Page: Overriding or Disabling of Containers AppArmor Profile Should Be Restricted
    Page: Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
    Page: Pod Security Policies Should Be Defined to Reduce the Attack Vector by Removing Unnecessary Application Privileges
    Page: Private Endpoint Should be Configured for Key Vault
    Page: Privileged Containers Should be Avoided
    Page: Role-Based Access Control Should Be Used on Kubernetes Services
    Page: Running Containers as Root User Should be Avoided
    Page: Secure Transfer to Storage Accounts Should be Enabled
    Page: Service Fabric Clusters should Have the ClusterProtectionLevel Property Set to EncryptAndSign
    Page: Service Fabric Clusters Should Only Use Azure Active Directory for Client Authentication
    Page: Services Should Listen on Allowed Ports Only
    Page: SQL Databases Should Have Vulnerability Findings Resolved
    Page: SQL Servers on Machines Should Have Vulnerability Findings Resolved
    Page: SSH Access to the Internet should be blocked
    Page: Storage Accounts Should Restrict Network Access Using Virtual Network Rules
    Page: Subnets Should Be Associated With a Network Security Group
    Page: Subscriptions Should Have a Contact Email Address for Security Issues
    Page: System Updates on Virtual Machine Scale Sets Should be Installed
    Page: System updates should be installed on your machines
    Page: The Rules for Web Applications on IaaS NSGs Should be Hardened
    Page: There should be more than one owner assigned to your subscription
    Page: TLS should be Updated to the Latest Version for Your App
    Page: Usage of Host Networking and Ports Should be Restricted
    Page: Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
    Page: Virtual Machines should be Migrated to new Azure Resource Manager
    Page: Virtual Networks Should be Protected by Azure Firewall
    Page: Vulnerabilities in Azure Container Registry Images Should Be Remediated (Powered by Qualys)
    Page: Vulnerabilities in Security Configuration on your Machines Should be Remediated
    Page: Vulnerability Assessment Should Be Enabled on Your SQL Managed Instances
    Page: Vulnerability Assessment Should Be Enabled on Your SQL Servers
    Page: Web Application Should Only be Accessible Over HTTPS
    Page: Web/Function Application Should Only be Accessible Over HTTPS
    Page: Windows Defender Exploit Guard Should be Enabled on Your Machines
    Page: Windows Web Servers Should be Configured to Use Secure Communication Protocols

View Version History