-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
MDC_K8sRuningImagesVulnerabilityAssessmentBasedOnMDVM_Audit.json
55 lines (55 loc) · 1.9 KB
/
MDC_K8sRuningImagesVulnerabilityAssessmentBasedOnMDVM_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"properties": {
"displayName": "Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Container image vulnerability assessment scans your registry for commonly known vulnerabilities (CVEs) and provides a detailed vulnerability report for each image. This recommendation provides visibility to vulnerable images currently running in your Kubernetes clusters. Remediating vulnerabilities in container images that are currently running is key to improving your security posture, significantly reducing the attack surface for your containerized workloads.",
"metadata": {
"version": "1.0.1",
"category": "Security Center"
},
"version": "1.0.1",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "AuditIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"in": [
"Microsoft.ContainerService/managedClusters"
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/assessments",
"name": "c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
}
}
}
},
"versions": [
"1.0.1",
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/17f4b1cc-c55c-4d94-b1f9-2978f6ac2957",
"name": "17f4b1cc-c55c-4d94-b1f9-2978f6ac2957"
}