Skip to main content

lacework-global-606

2.1.9 Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' (Manual)

Profile Applicability

• Level 2

Description

Microsoft Defender for Cosmos DB scans all incoming network requests for changes to your virtual machine.

Rationale

In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.

Impact

Enabling Microsoft Defender for Cosmos requires enabling Microsoft Defender for your subscription. Both will incur additional charges.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. On the Database row click on Select types >
  6. In the list of databases determine if the Cosmos DB radio button is set to On.

From Azure CLI

Ensure the output of the below command is Standard

az security pricing show -n CosmosDbs --query pricingTier

From Azure PowerShell

Get-AzSecurityPricing -Name 'CosmosDbs' | Select-Object Name,PricingTier 

Ensure output of -PricingTier is Standard

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. On the Database row click on Select types >
  6. In the list of databases determine set the Cosmos DB radio button is to On.

From Azure CLI

Run the following command:

az security pricing create -n 'CosmosDbs' --tier 'standard'

From Azure Powershell

Use the below command to enable Standard pricing tier for Cosmos DB

Set-AzSecurityPricing -Name 'CosmosDbs' -PricingTier 'Standard

References

https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/
https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-enhanced-security
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cosmos-db-security-baseline
https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-enable-database-protections
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities