lacework-global-606
2.1.9 Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' (Manual)
Profile Applicability
• Level 2
Description
Microsoft Defender for Cosmos DB scans all incoming network requests for changes to your virtual machine.
Rationale
In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.
Impact
Enabling Microsoft Defender for Cosmos requires enabling Microsoft Defender for your subscription. Both will incur additional charges.
Audit
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - On the
Database
row click onSelect types >
- In the list of databases determine if the
Cosmos DB
radio button is set toOn
.
From Azure CLI
Ensure the output of the below command is Standard
az security pricing show -n CosmosDbs --query pricingTier
From Azure PowerShell
Get-AzSecurityPricing -Name 'CosmosDbs' | Select-Object Name,PricingTier
Ensure output of -PricingTier
is Standard
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - On the
Database
row click onSelect types >
- In the list of databases determine set the
Cosmos DB
radio button is toOn
.
From Azure CLI
Run the following command:
az security pricing create -n 'CosmosDbs' --tier 'standard'
From Azure Powershell
Use the below command to enable Standard pricing tier for Cosmos DB
Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard
References
https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cosmos-db-security-baseline
https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities