Azure – You can now get notification when your Secure Score downgrade

After releasing a Power BI dashboard to follow up on the evolution of your Azure Secure Score (see https://t.co/U1I15FSuBP), you can now get an email notification if your Secure Score is reducing.

The playbook is available for deployment in the Azure Security Center Github repository here https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score/Secure%20Score%20Reduction%20Alerts

Connect to the above URL and use the Deploy to Azure button

image

Then you may be asked to authenticate against your Azure tenant.

Once authenticated, fill up the deployment details as below:

  • Select the subscription where the playbook will be deployed
  • As well as the resource group
  • The region will be set automatically based on the above selection
  • Provide the Log Analytics name, resource group and subscription ID
  • Update (if needed) the frequency of reviewing the Secure Score and the percentage threshold reduction (meaning if the Secure Score reduces by x%)
  • The notification email

image

Now you can complete the deployment

image

A Logic App called Send-SecureScoreReductionAlert with 2 API Connection called office365 and azuremonitorlogs been deployed.

You then need to grant Reader permission to the subscription(s) you want to get monitored for Secure Score reduction by accessing the Subscription Access Control blade

image

Then select the Reader role to be assigned to a Logic App and then select the Send-SecureScoreReductionAlert

image

Then go back to the resource group where the playbook has been deployed to edit the office365 API connection

image

Access the Edit API connection and then hit the blue ribbon to Authorize the connection; an authentication prompt may appear to ask you to sign in

image

You should then see a blue notification on top if the authorization has been successful; you can now save the modification

 image  image

Repeat the same with the other API connection azuremonitorlogs

You can review above operations has been successful by accessing the Send-SecureScoreReductionAlert Logic app and then looking at the Run query and list results action available within the For Each loop using the Logic app designer blade; you should see the Connected to azuremonitorlogs information

image  image image

Then you can force an initial run using the Run Trigger

image

Then if the reduction threshold is reached you will get the following type of notification

image

Leave a Comment

Your email address will not be published. Required fields are marked *