Pattern: Disabled KeyVaults in Azure Defender
Issue: -
Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they've been onboarded).
Azure Defender detects unusual and potentially harmful attempts to access or exploit Key Vault accounts. Resource Manager-based Azure Container Registry registries and provide deeper visibility image vulnerabilities.
Resolution: enable KeyVaults in Azure Defender.
Example of incorrect code:
resource "azurerm_security_center_subscription_pricing" "bad_example" {
tier = "Free"
resource_type = "VirtualMachines"
}Example of correct code:
resource "azurerm_security_center_subscription_pricing" "good_example" {
tier = "Standard"
resource_type = "VirtualMachines,KeyVaults"
}