Standard Price Is Not Selected
- Query id: 2081c7d6-2851-4cce-bda5-cb49d462da42
- Query name: Standard Price Is Not Selected
- Platform: AzureResourceManager
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Azure Security Center provides more features for standard pricing mode, so it must be activated.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "webApp1",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/appServicePlan1')]": "Resource",
"displayName": "webApp1"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
],
"properties": {
"name": "webApp1",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "Princing",
"properties": {
"pricingTier": "Free"
}
}
]
}
Positive test num. 2 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "webApp1",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/appServicePlan1')]": "Resource",
"displayName": "webApp1"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
],
"properties": {
"name": "webApp1",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "Princing",
"properties": {
"pricingTier": "Free"
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 3 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"virtualMachineTier": {
"type": "string",
"defaultValue": "Free",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specifiy whether you want to enable Standard tier for Virtual Machine resource type"
}
}
},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "VirtualMachines",
"properties": {
"pricingTier": "[parameters('virtualMachineTier')]"
}
}
],
"outputs": {
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "webApp1",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/appServicePlan1')]": "Resource",
"displayName": "webApp1"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
],
"properties": {
"name": "webApp1",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "Princing",
"properties": {
"pricingTier": "Standard"
}
}
]
}
Negative test num. 2 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "webApp1",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/appServicePlan1')]": "Resource",
"displayName": "webApp1"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
],
"properties": {
"name": "webApp1",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'appServicePlan1')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "Princing",
"properties": {
"pricingTier": "Standard"
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Negative test num. 3 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"workspaceName": {
"type": "string",
"defaultValue": "az-security-workspace",
"allowedValues": [
"az-security-workspace"
],
"metadata": {
"description": "Name of the central Log Analytics workspace that stores security event and data collected by Azure Security Center"
}
},
"workspaceRgName": {
"type": "string",
"defaultValue": "azsec-security-rg",
"allowedValues": [
"azsec-security-rg"
],
"metadata": {
"description": "Name of the resource group where the central log analytics workspace belongs to"
}
},
"autoProvisionSetting": {
"type": "string",
"defaultValue": "On",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Specify whether Auto Provisoning is turned on or off"
}
},
"ascOwnerEmail": {
"type": "string",
"metadata": {
"description": "Email of the administrator who should be notified about Azure Security Center alert"
}
},
"ascOwnerContact": {
"type": "string",
"metadata": {
"description": "Phone number of the administrator should be notified about Azure Security Center alert"
}
},
"highSeverityAlertNotification": {
"type": "string",
"defaultValue": "On",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Specify whether you want to notify high severity alert to ASC administrator"
}
},
"subscriptionOwnerNotification": {
"type": "string",
"defaultValue": "On",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Specifiy whether you want to notify high severity alert to subscription owner"
}
},
"virtualMachineTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specifiy whether you want to enable Standard tier for Virtual Machine resource type"
}
},
"appServiceTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for Azure App Service resource type"
}
},
"paasSQLServiceTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for PaaS SQL Service resource type"
}
},
"sqlServerOnVmTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for SQL Server on VM resource type"
}
},
"storageAccountTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for Storage Account resource type"
}
},
"kubernetesServiceTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for Kubernetes service resource type"
}
},
"containerRegistryTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for Container Registry resource type"
}
},
"keyvaultTier": {
"type": "string",
"defaultValue": "Standard",
"allowedValues": [
"Standard",
"Free"
],
"metadata": {
"description": "Specify whether you want to enable Standard tier for Key Vault resource type"
}
},
"integrationName": {
"type": "string",
"allowedValues": [
"MCAS",
"MDATP"
],
"metadata": {
"description": "Select integration name to enable. Only MCAS or MDATP is supported."
}
},
"integrationEnabled": {
"type": "bool",
"allowedValues": [
true,
false
],
"metadata": {
"description": "Specify whether you want to enable or not."
}
}
},
"resources": [
{
"type": "Microsoft.Security/workspaceSettings",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
"scope": "[subscription().id]",
"workspaceId": "[concat(subscription().id,'/resourceGroups/',parameters('workspaceRgName'),'/providers/Microsoft.OperationalInsights/workspaces/',parameters('workspaceName'))]"
}
},
{
"type": "Microsoft.Security/autoProvisioningSettings",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
"autoProvision": "[parameters('autoProvisionSetting')]"
}
},
{
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2017-08-01-preview",
"name": "default1",
"properties": {
"emails": "[parameters('ascOwnerEmail')]",
"phone": "[parameters('ascOwnerContact')]",
"alertNotifications": {
"state": "On",
"minimalSeverity": "[parameters('highSeverityAlertNotification')]"
},
"notificationsByRole": {
"state": "On",
"roles": "[parameters('subscriptionOwnerNotification')]"
}
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "VirtualMachines",
"properties": {
"pricingTier": "[parameters('virtualMachineTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "AppServices",
"dependsOn": [
"[concat('Microsoft.Security/pricings/VirtualMachines')]"
],
"properties": {
"pricingTier": "[parameters('appServiceTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "SqlServers",
"dependsOn": [
"[concat('Microsoft.Security/pricings/AppServices')]"
],
"properties": {
"pricingTier": "[parameters('paasSQLServiceTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "SqlServerVirtualMachines",
"dependsOn": [
"[concat('Microsoft.Security/pricings/SqlServers')]"
],
"properties": {
"pricingTier": "[parameters('sqlServerOnVmTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "StorageAccounts",
"dependsOn": [
"[concat('Microsoft.Security/pricings/SqlServerVirtualMachines')]"
],
"properties": {
"pricingTier": "[parameters('storageAccountTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "KubernetesService",
"dependsOn": [
"[concat('Microsoft.Security/pricings/StorageAccounts')]"
],
"properties": {
"pricingTier": "[parameters('kubernetesServiceTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "ContainerRegistry",
"dependsOn": [
"[concat('Microsoft.Security/pricings/KubernetesService')]"
],
"properties": {
"pricingTier": "[parameters('containerRegistryTier')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "KeyVaults",
"dependsOn": [
"[concat('Microsoft.Security/pricings/ContainerRegistry')]"
],
"properties": {
"pricingTier": "[parameters('keyvaultTier')]"
}
},
{
"type": "Microsoft.Security/settings",
"apiVersion": "2019-01-01",
"name": "[parameters('integrationName')]",
"kind": "DataExportSettings",
"properties": {
"enabled": "[parameters('integrationEnabled')]"
}
}
],
"outputs": {
}
}