Ensure that Azure Defender is set to On for Kubernetes

ID

azure_defender_on_kubernetes

Severity

high

Vendor

Azure

Resource

Azure Defender

Tags

reachable

Description

Azure Defender is a comprehensive cloud workload protection service that employs an agent-based deployment strategy. It scrutinizes data signals stemming from Azure’s network fabric and service control plane to identify potential threats across all Azure resources effectively. Furthermore, Azure Defender’s capabilities extend beyond Azure itself, thanks to its compatibility with Azure Arc. This means it can also safeguard resources located on-premises or within other cloud providers like AWS and GCP, provided they have been integrated into the Azure ecosystem.

Specifically for Kubernetes environments, Azure Defender for Kubernetes offers cluster-level threat protection, leveraging log data gathered by Azure Kubernetes Service (AKS) to proactively monitor and defend AKS-managed services against potential security risks.

Examples

Terraform

resource "azurerm_security_center_subscription_pricing" {
  tier          = "Standard"
  resource_type = "VirtualMachines" (1)
}
1 KubernetesServices is not set as a resource_type. (Paid feature, not in Free tier)

Mitigation / Fix

Buildtime

Terraform

resource "azurerm_security_center_subscription_pricing" "standard_servers" {
tier          = "Standard"
resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"(1)
}
1 Fixed, KubernetesService added as a resource.