Framework/Configurations/SVT/ControlSettings.json
|
{
"Diagnostics_RetentionPeriod_Min": 365, "Diagnostics_RetentionPeriod_Forever": 0, "KeyVault": { "KeyRotationDuration_Days": 365, "SecretRotationDuration_Days": 180, "KeyType": "RSA-HSM", "ADAppCredentialTypeCrt": "AsymmetricX509Cert", "ADAppCredentialTypePwd": "Password" }, "SqlServer": { "AuditRetentionPeriod_Min": 365, "AuditRetentionPeriod_Forever": 0 }, "AnalysisService": { "Max_Admin_Count": 2 }, "VirtualMachine": { "Windows": { "SupportedSkuList": [ { "Offer":"WindowsServer", "Sku": [ "2016-Datacenter-smalldisk", "2016-Datacenter", "2012-Datacenter" ] } ], "ManagementPortList": [ { "Name": "RDP", "Port": 3389 }, { "Name": "WINRM", "Port": 5985 } ], "BaselineIds": [] }, "Linux": { "SupportedSkuList": [ { "Offer": "UbuntuServer", "Sku": [ "16.04-LTS" ] } ], "ManagementPortList": [ { "Name": "RDP", "Port": 3389 }, { "Name": "SSH", "Port": 22 } ], "BaselineIds": [] }, "Windows_OS_Baseline_Ids": [] }, "NoOfApprovedAdmins": 5, "NoOfClassicAdminsLimit": 2, "WhitelistedMgmtCerts": { "Thumbprints": [], "ApprovedValidityRangeInDays": 732 }, "WhitelistedCustomRBACRoles": [ { "Id": "21d96096-b162-414a-8302-d8354f9d91b2", "Name": "Azure Service Deploy Release Management Contributor" }, { "Id": "9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc", "Name": "GenevaWarmPathResourceContributor" }, { "Id": "7fd64851-3279-459b-b614-e2b2ba760f5b", "Name": "Office DevOps" } ], "RequiredSecurityCenterRecommendations": ["NetworkSecurityGroupMissingOnVm","EncryptionOnVm","InstallAntimalware","VirtualMachinesNsgShouldRestrictTrafficTaskParameters","VulnerabilityAssessmentDeployment"], "UniversalIPRange": "0.0.0.0-255.255.255.255", "IPRangeStartIP": "0.0.0.0", "IPRangeEndIP": "255.255.255.255", "MetricAlert": { "Batch": [ { "Condition": { "DataSource": { "MetricName": "PoolDeleteCompleteEvent" }, "Operator": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowsSize": "01:00:00" }, "Status": "Enabled", "Actions": { "SendToServiceOwners": true } }, { "Condition": { "DataSource": { "MetricName": "PoolDeleteStartEvent" }, "Operator": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowsSize": "01:00:00" }, "Status": "Enabled", "Actions": { "SendToServiceOwners": true } } ], "Storage": [ { "Condition": { "DataSource": { "MetricName": "AnonymousSuccess" }, "Operator": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowsSize": "01:00:00" }, "Status": "Enabled", "Actions": { "SendToServiceOwners": true } } ], "StreamAnalytics": [ { "Condition": { "DataSource": { "MetricName": "AMLCalloutFailedRequests" }, "Operator": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowsSize": "00:05:00" }, "Status": "Enabled", "Actions": { "SendToServiceOwners": true } }, { "Condition": { "DataSource": { "MetricName": "Errors" }, "Operator": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowsSize": "00:05:00" }, "Status": "Enabled", "Actions": { "SendToServiceOwners": true } } ] }, "StorageKindMapping": [ { "Kind": "BlobStorage", "Services": [ "blob" ], "DiagnosticsLogServices": [ "blob" ] }, { "Kind": "Storage", "Services": [ "blob", "file", "queue", "table" ], "DiagnosticsLogServices": [ "blob", "queue", "table" ] } ], "AppService": { "Backup_RetentionPeriod_Min": 365, "Backup_RetentionPeriod_Forever": 0, "LatestDotNetFrameworkVersionNumber": "v4.0", "Minimum_Instance_Count": 2, "AADAuthAPIVersion": "2016-08-01", "LoadCertAppSettings": "WEBSITE_LOAD_CERTIFICATES" }, "StorageDiagnosticsSkuMapping": [ "StandardGRS", "StandardLRS", "StandardRAGRS" ], "StorageAlertSkuMapping": [ "StandardGRS", "StandardLRS", "StandardRAGRS" ], "StorageGeoRedundantSku": [ "StandardGRS", "StandardRAGRS" ], "RedisCache": { "FirewallApplicableSku": [ "Premium" ], "RDBBackApplicableSku": [ "Premium" ] }, "CosmosDb": { "Firewall": { "IpLimitPerDb": 2048, "IpLimitPerRange": 256 } }, "Automation": { "WebhookValidityInDays": 60 }, "BaselineControls": { "ResourceTypeControlIdMappingList": [ { "ResourceType": "VirtualMachine", "ControlIds": [ "Azure_VirtualMachine_SI_Missing_OS_Patches", "Azure_VirtualMachine_SI_Enable_Antimalware_Windows", "Azure_VirtualMachine_NetSec_Dont_Open_Management_Ports" ] }, { "ResourceType": "SQLDatabase", "ControlIds": [ "Azure_SQLDatabase_DP_Enable_TDE", "Azure_SQLDatabase_Audit_Enable_Threat_Detection_Server", "Azure_SQLDatabase_Audit_Enable_Threat_Detection_DB" ] }, { "ResourceType": "AppService", "ControlIds": [ "Azure_AppService_DP_Dont_Allow_HTTP_Access" ] }, { "ResourceType": "Storage", "ControlIds": [ "Azure_Storage_AuthN_Dont_Allow_Anonymous", "Azure_Storage_DP_Encrypt_At_Rest_Blob", "Azure_Storage_DP_Encrypt_At_Rest_File", "Azure_Storage_DP_Encrypt_In_Transit" ] }, { "ResourceType": "CloudService", "ControlIds": [ "Azure_CloudService_DP_DontAllow_HTTP_Access_InputEndpoints", "Azure_CloudService_SI_Auto_OSUpdate", "Azure_CloudService_SI_Enable_AntiMalware", "Azure_CloudService_SI_Disable_RemoteDesktop_Access" ] }, { "ResourceType": "AppService", "ControlIds": [ "Azure_AppService_DP_Dont_Allow_HTTP_Access" ] }, { "ResourceType": "ERvNet", "ControlIds": [ "Azure_ERvNet_NetSec_Dont_Use_PublicIPs", "Azure_ERvNet_NetSec_Dont_Enable_IPForwarding_for_NICs", "Azure_ERvNet_NetSec_Dont_Add_UDRs_on_Subnets", "Azure_ERvNet_NetSec_Dont_Add_VPN_Gateways", "Azure_ERvNet_NetSec_Dont_Use_VNet_Peerings", "Azure_ERvNet_NetSec_Use_Only_Internal_Load_Balancers" ] } ], "SubscriptionControlIdList": [ "Azure_Subscription_AuthZ_Add_Required_Central_Accounts", "Azure_Subscription_AuthZ_Remove_Deprecated_Accounts", "Azure_Subscription_AuthZ_Dont_Use_NonAD_Identities", "Azure_Subscription_AuthZ_Remove_Management_Certs", "Azure_Subscription_Config_Azure_Security_Center", "Azure_Subscription_Config_ARM_Policy", "Azure_Subscription_Audit_Configure_Critical_Alerts" ], "ExpiryInDays": 6, "SupportedSources": [ "CC" ] }, "CloudService": { "LatestOSSKUIDs": [ "WA-GUEST-OS-4.44_201707-01" ] }, "AttestationExpiryPeriodInDays": { "Default": 90, "ControlSeverity": { "Critical": 7, "High": 30, "Medium": 60, "Low": 90 } } } |