Email Notifications Disabled
- Query id: 79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92
- Query name: Email Notifications Disabled
- Platform: AzureResourceManager
- Severity: Info
- Category: Networking and Firewall
- CWE: 778
- URL: Github
Description¶
Email notifications about new security alerts, should be set to 'On', and be sent to persons with specific RBAC roles on the subscription
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
name: 'security contact'
properties: {
emails: 'sample@email.com'
phone: '9999999'
alertNotifications: {
state: 'Off'
minimalSeverity: 'High'
}
notificationsByRole: {
state: 'On'
roles: ['Owner']
}
}
}
Positive test num. 2 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "Off",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Positive test num. 3 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
name: 'security contact'
properties: {
emails: 'sample@email.com'
phone: '9999999'
alertNotifications: {
state: 'On'
minimalSeverity: 'High'
}
}
}
Positive test num. 4 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 5 - bicep file
Positive test num. 6 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "Off",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 7 - bicep file
Positive test num. 8 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 9 - bicep file
Positive test num. 10 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Positive test num. 11 - bicep file
Positive test num. 12 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Positive test num. 13 - bicep file
Positive test num. 14 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
}
}
}
],
"outputs": {}
}
Positive test num. 15 - bicep file
Positive test num. 16 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "Off",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Positive test num. 17 - bicep file
Positive test num. 18 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Positive test num. 19 - bicep file
Positive test num. 20 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "Off",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 21 - bicep file
Positive test num. 22 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 23 - bicep file
Positive test num. 24 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
name: 'security contact'
properties: {
emails: 'sample@email.com'
phone: '9999999'
alertNotifications: {
state: 'On'
minimalSeverity: 'High'
}
notificationsByRole: {
state: 'On'
roles: ['Owner']
}
}
}
Negative test num. 2 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
}
Negative test num. 3 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
name: 'security contact'
properties: {
emails: 'sample@email.com'
phone: '9999999'
alertNotifications: {
state: 'On'
minimalSeverity: 'High'
}
notificationsByRole: {
state: 'On'
roles: ['Owner']
}
}
}
Negative test num. 4 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "security contact",
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2020-01-01-preview",
"properties": {
"emails": "sample@email.com",
"phone": "9999999",
"alertNotifications": {
"state": "On",
"minimalSeverity": "High"
},
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}