Ensure a security contact phone number is present

Error: No security contact phone number is present

Bridgecrew Policy ID: BC_AZR_GENERAL_3
Checkov Check ID: CKV_AZURE_20
Severity: LOW

No security contact phone number is present

Description

Microsoft reaches out to the designated security contact in case its security team finds that the organization's resources are compromised. This ensures that the correct people are aware of any potential compromise and can mitigate the risk in a timely fashion.

We recommend you provide a security contact phone number, but before taking any action make sure that the information provided is valid because the communication is not digitally signed.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to the Security Center.
  3. Click Security Policy.
  4. For the security policy subscription, click Edit Settings.
  5. Click Email notifications.
  6. Enter a valid security contact Phone Number.
  7. Click Save.

CLI Command

To set a phone number for contact at time of a potential security breach, use the following command:

az account get-access-token 
--query "{subscription:subscription,accessToken:accessToken}" 
--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" 
-H "Content-Type:application/json"
https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/
securityContacts/default1?api-version=2017-08-01-preview [email protected]"*input.json*"'

Where input.json contains the Request body json data, detailed below.
Replace validEmailAddress with email ids csv for multiple.
Replace phoneNumber with the valid phone number.

{   
"id":
"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/
securityContacts/default1",
"name": "default1",
"type": "Microsoft.Security/securityContacts",
"properties": {
"email": "<validEmailAddress>",
"phone": "<phone_number>",
"alertNotifications": "On",
"alertsToAdmins": "On"
}
}

Fix - Buildtime

  • Resource: azurerm_security_center_contact
  • Argument: phone
resource "azurerm_security_center_contact" "example" {
    email = "[email protected]"
    phone = "+1-555-555-5555"
}

Did this page help you?