Framework/Configurations/SVT/ControlSettings.json
|
{
"Diagnostics_RetentionPeriod_Min": 365, "Diagnostics_RetentionPeriod_Forever": 0, "KeyVault": { "KeyRotationDuration_Days": 365, "SecretRotationDuration_Days": 180, "KeyType": "RSA-HSM", "ADAppCredentialTypeCrt": "AsymmetricX509Cert", "ADAppCredentialTypePwd": "Password", "MaxRecommendedVersions": 3 }, "SqlServer": { "AuditRetentionPeriod_Min": 365, "AuditRetentionPeriod_Forever": 0 }, "AnalysisService": { "Max_Admin_Count": 2 }, "ERvNet": { "ResourceLockLevel": "ReadOnly" }, "Databricks": { "Tenant_Domain": "microsoft.com" }, "KubernetesService": { "kubernetesVersion": "1.12.6" }, "APIManagement": { "AllowedIdentityProvider": [ "Aad" ] }, "VirtualMachine": { "Windows": { "SupportedSkuList": [], "ManagementPortList": [ { "Name": "RDP", "Port": 3389 }, { "Name": "WINRM", "Port": 5985 } ], "BaselineIds": [], "ASCRecommendations": [ "EncryptionOnVm", "InstallAntimalware", "VulnerabilityAssessmentDeployment" ], "ASCApprovedPatchingHealthStatuses": [ "Healthy" ], "ASCApprovedBaselineStatuses": [ "Healthy" ], "QueryforBaselineRule": [ "SecurityBaseline | where TimeGenerated >ago(1d) | where ResourceId ==\"{0}\" | summarize arg_max(TimeGenerated,*)by Description| where AnalyzeResult == \"Failed\" " ], "QueryforMissingPatches": [ "Update | where TimeGenerated >ago(1d) |where OSType != \"Linux\" and UpdateState =~ \"Needed\" and iff(isnotnull(toint(Optional)), Optional == false, Optional == \"false\") == true and iff(isnotnull(toint(Approved)), Approved != false, Approved != \"false\") == true and (Classification == \"Security Updates\" or Classification == \"Critical Updates\") and ResourceId ==\"{0}\"| summarize AggregatedValue =dcount(UpdateID) by UpdateID,Title |limit 1000000000 " ], "VulnAssessmentSolution":{ "AgentName": "QualysAgent", "RequiredVersion":"1.6.4.9" }, "GuestExtension": { "Name": "ConfigurationForWindows", "RequiredVersion": "1.11.0.0", "AssignmentName" : "SMSClientStatus", "CheckPolicyAssignment":false }, "RequiredExtensions": [ { "ExtensionType": "ConfigurationForWindows", "Publisher": "Microsoft.GuestConfiguration" }, { "ExtensionType": "QualysAgent", "Publisher": "Qualys" }, { "ExtensionType": "IaaSDiagnostics", "Publisher": "Microsoft.Azure.Diagnostics" }, { "ExtensionType": "MicrosoftMonitoringAgent", "Publisher": "Microsoft.EnterpriseCloud.Monitoring" } ] }, "Linux": { "SupportedSkuList": [], "ManagementPortList": [ { "Name": "RDP", "Port": 3389 }, { "Name": "SSH", "Port": 22 } ], "BaselineIds": [], "ASCRecommendations": [], "ASCApprovedPatchingHealthStatuses": [ "Healthy" ], "ASCApprovedBaselineStatuses": [ "Healthy" ], "QueryforBaselineRule": [ "SecurityBaseline | where TimeGenerated >ago(1d) | where ResourceId ==\"{0}\" | summarize arg_max(TimeGenerated,*)by Description| where AnalyzeResult == \"Failed\" " ], "QueryforMissingPatches": [ "Update | where TimeGenerated >ago(1d) |where OSType == \"Linux\" and UpdateState =~ \"Needed\" and iff(isnotnull(toint(Optional)), Optional == false, Optional == \"false\") == true and iff(isnotnull(toint(Approved)), Approved != false, Approved != \"false\") == true and (Classification == \"Security Updates\" or Classification == \"Critical Updates\") and ResourceId ==\"{0}\"| summarize AggregatedValue =dcount(UpdateID) by UpdateID,Title |limit 1000000000 " ], "QueryForLinuxAntimalwareStatus": ["ProtectionStatus | where TimeGenerated > ago(2d) and TypeofProtection == \"Sophos Anti-Virus\" and ProtectionStatus =~ \"Real Time Protection\" and ResourceId contains \"{0}\" | summarize arg_max(TimeGenerated, *)"], "VulnAssessmentSolution": { "AgentName": "QualysAgentLinux", "RequiredVersion": "1.6.0.96" }, "GuestExtension": { "Name": "ConfigurationForLinux", "RequiredVersion": "1.9.0", "AssignmentName" : "SMSClientStatus", "CheckPolicyAssignment": false }, "RequiredExtensions": [ { "ExtensionType": "ConfigurationForLinux", "Publisher": "Microsoft.GuestConfiguration" }, { "ExtensionType": "QualysAgentLinux", "Publisher": "Qualys" }, { "ExtensionType": "LinuxDiagnostic", "Publisher": "Microsoft.Azure.Diagnostics" }, { "ExtensionType": "OmsAgentForLinux", "Publisher": "Microsoft.EnterpriseCloud.Monitoring" } ] }, "Windows_OS_Baseline_Ids": [], "ASCPolicies": { "PolicyAssignment": { "EndpointProtection": "Install endpoint protection solution on your machines", "EndpointProtectionAssessmentKey": "83f577bd-a1b6-b7e1-0891-12ca19d1e6df", "DiskEncryption": "Apply Disk Encryption on your virtual machines", "DiskEncryptionAssessmentKey": "d57a4221-a804-52ca-3dea-768284f06bb7", "VulnerabilityScan": "Remediate vulnerabilities in security configuration on your machines", "VulnerabilityScanAssessmentKey": "181ac480-f7c4-544b-9865-11b8ffe87f47", "OSUpdates": "Install system updates on your machines", "OSUpdatesAssessmentKey": "4ab6e3c5-74dd-8b35-9ab9-f61b30875b27", "MonitoringAgent": "Install monitoring agent on your machines", "MonitoringAgentAssessmentKey": "d1db3318-01ff-16de-29eb-28b344515626" }, "ResourceDetailsKeys": { "WorkspaceId": "Reporting workspace customer id" } } }, "NoOfApprovedAdmins": 5, "NoOfClassicAdminsLimit": 2, "CriticalPIMRoles": { "Subscription" : [ "Owner", "Contributor", "User Access Administrator" ], "ResourceGroup" : [ "Owner", "User Access Administrator" ] }, "ASCAlertsSeverityLevels": [ "High" ], "ASCAlertsThresholdInDays": 30, "WhitelistedMgmtCerts": { "Thumbprints": [], "ApprovedValidityRangeInDays": 732 }, "WhitelistedPermanentRoles": [ { "DisplayName": "MS-PIM" } ], "WhitelistedCustomRBACRoles": [ { "Id": "21d96096-b162-414a-8302-d8354f9d91b2", "Name": "Azure Service Deploy Release Management Contributor" }, { "Id": "9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc", "Name": "GenevaWarmPathResourceContributor" }, { "Id": "7fd64851-3279-459b-b614-e2b2ba760f5b", "Name": "Office DevOps" }, { "Id": "a48d7796-14b4-4889-afef-fbb65a93e5a2", "Name": "masterreader" } ], "UniversalIPRange": "0.0.0.0-255.255.255.255", "IPRangeStartIP": "0.0.0.0", "IPRangeEndIP": "255.255.255.255", "MetricAlert": { "Actions": { "SendToServiceOwners": true }, "Batch": [ { "Condition": { "DataSource": { "MetricName": "PoolDeleteCompleteEvent" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "01:00:00" }, "IsEnabled": true }, { "Condition": { "DataSource": { "MetricName": "PoolDeleteStartEvent" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "01:00:00" }, "IsEnabled": true } ], "Storage": [ { "Condition": { "DataSource": { "MetricName": "AnonymousSuccess" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "01:00:00" }, "IsEnabled": true } ], "StreamAnalytics": [ { "Condition": { "DataSource": { "MetricName": "AMLCalloutFailedRequests" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "00:05:00" }, "IsEnabled": true }, { "Condition": { "DataSource": { "MetricName": "Errors" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "00:05:00" }, "IsEnabled": true } ], "APIManagement": [ { "Condition": { "DataSource": { "MetricName": "UnauthorizedRequests" }, "OperatorProperty": "GreaterThan", "Threshold": 0, "TimeAggregation": "Total", "WindowSize": "01:00:00" }, "IsEnabled": true } ] }, "StorageKindMapping": [ { "Kind": "BlobStorage", "Services": [ "blob" ], "DiagnosticsLogServices": [ "blob" ] }, { "Kind": "Storage", "Services": [ "blob", "file", "queue", "table" ], "DiagnosticsLogServices": [ "blob", "queue", "table" ] }, { "Kind": "StorageV2", "Services": [ "blob", "file", "queue", "table" ], "DiagnosticsLogServices": [ "blob", "queue", "table" ] } ], "AppService": { "Backup_RetentionPeriod_Min": 365, "Backup_RetentionPeriod_Forever": 0, "LatestDotNetFrameworkVersionNumber": "v4.0", "Minimum_Instance_Count": 2, "TLS_Version" : "1.2", "AADAuthAPIVersion": "2016-08-01", "LoadCertAppSettings": "WEBSITE_LOAD_CERTIFICATES", "NonAADAuthProperties": [ "googleClientId", "facebookAppId", "twitterConsumerKey", "microsoftAccountClientId" ] }, "DataBricksFilters":{ "TagName": "Vendor", "TagValue": "Databricks" }, "StorageDiagnosticsSkuMapping": [ "Standard_GRS", "Standard_LRS", "Standard_RAGRS", "Standard_ZRS" ], "StorageAlertSkuMapping": [ "Standard_GRS", "Standard_LRS", "Standard_RAGRS" ], "StorageGeoRedundantSku": [ "Standard_GRS", "Standard_RAGRS" ], "LockedResourcesTags": [ { "TagName": "application", "TagValue": "databricks" } ], "RedisCache": { "FirewallApplicableSku": [ "Premium" ], "RDBBackApplicableSku": [ "Premium" ] }, "CosmosDb": { "Firewall": { "IpLimitPerDb": 2048, "IpLimitPerRange": 256 } }, "Automation": { "WebhookValidityInDays": 60, "variablesToSkip": ["AppResourceGroupNames", "ReportsStorageAccountName", "UpdateToLatestAzSKVersion", "OMSSharedKey", "OMSWorkspaceId", "AltOMSWorkspaceId", "AltOMSSharedKey", "LAWSId", "LAWSSharedKey", "AltLAWSId", "AltLAWSSharedKey", "WebhookAuthZHeaderName", "WebhookUrl"] }, "AllowedResourceTypesForMetadataCapture":["AppService", "VirtualMachine","DataFactory","DataFactoryV2"], "BaselineControls": { "ResourceTypeControlIdMappingList": [ ], "SubscriptionControlIdList": [], "ExpiryInDays": 2, "SupportedSources": [] }, "PreviewBaselineControls": { "ResourceTypeControlIdMappingList": [ ], "SubscriptionControlIdList": [ ], "ExpiryInDays": 2, "SupportedSources": [] }, "CloudService": { "LatestOSSKUIDs": [ "WA-GUEST-OS-4.44_201707-01" ] }, "AttestationExpiryPeriodInDays": { "Default": 90, "ControlSeverity": { "Critical": 7, "High": 30, "Medium": 60, "Low": 90 } }, "SubscriptionCore": { "EnableV1AlertFailure": false, "ASCTier": "Standard", "credHighTH": 7, "credModerateTH": 30, "NonADIdentitiesPatterns" : ["(.)*#ext#@(.)*.onmicrosoft.com"], "WhitelistedNonADIndentitiesPatterns" : [] }, "HDInsight": { "MinSupportedClusterVersion": "3.6.0" }, "EventHubOutput": { "TokenTimeOut": 1800, "TimeOut": 60, "APIVersion": "2014-01" }, "DefaultValidAttestationStates": [ "NotAnIssue", "WillFixLater", "WillNotFix" ], "NewControlGracePeriodInDays": { "Default": 30, "ControlSeverity": { "Critical": 30, "High": 30, "Medium": 30, "Low": 30 } }, "AttestationPeriodInDays": { "Default": 90, "ControlSeverity": { "Critical": 7, "High": 30, "Medium": 60, "Low": 90 } }, "ResultComplianceInDays": { "DefaultControls": 3, "OwnerAccessControls": 90 }, "ControlSeverity": { "Critical": "Critical", "High": "High", "Medium": "Medium", "Low": "Low" }, "MandatoryTags":[ ], "WhitelistedResourceGroups": [] } |