azure-security-center-alert-on-severe-notifications.md

Pattern: Disabled Azure security center alert notifications

Issue: -

Description

It is recommended that at least one valid contact is configured for the security center. Microsoft will notify the security contact directly in the event of a security incident using email and require alerting to be turned on.

Resolution: Set alert notifications to be on.

Examples

The following example will fail the azure-security-center-alert-on-severe-notifications check.

resource "azurerm_security_center_contact" "bad_example" {
	email = "bad_example@example.com"
	phone = "+1-555-555-5555"

	alert_notifications = false
	alerts_to_admins = false
}

The following example will pass the azure-security-center-alert-on-severe-notifications check.

resource "azurerm_security_center_contact" "good_example" {
	email = "good_example@example.com"
	phone = "+1-555-555-5555"

	alert_notifications = true
	alerts_to_admins = true
}

Further reading

• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#alert_notifications
• https://azure.microsoft.com/en-us/services/security-center/