Detections
Analytics

Ensure advanced threat protection is enabled for Azure CosmosDB Account

MEDIUM

Description

Advanced Threat Protection is disabled for Azure Cosmos Db. This increases the likelihood of missing detection of anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.

Remediation

In Azure Console -

  1. In Azure portal, navigate to Cosmos DB account.
  2. Select advanced security, and turn 'Advanced Threat Protection' On.

In Terraform -

  1. For each azurerm_cosmosdb_account and azurerm_cosmos_db resource, create an azurerm_advanced_threat_protection resource.
  2. Configure target_resource_id to the relevant azurerm_cosmos_db database and set enabled to true.

References:
https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/defender-for-cosmos-db
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/advanced_threat_protection

Policy Details

Rule Reference ID: AC_AZURE_0227
CSP: Azure
Remediation Available: Yes
Domain: Configuration and Vulnerability Analysis
Resource: azurerm_cosmosdb_account
Resource Category: Database
Resource Type: Cosmos DB Account

Frameworks