Detections
Analytics

Ensure virtual network configuration is added for Azure Kusto Cluster

MEDIUM

Description

Azure Kusto Cluster do not have a virtual network configuration and this may lead to insecure network configuration and sensitive data exposure.

Remediation

Data Explorer (Kusto) clusters can only be launched in a virtual network when initially created. To create a new resource with the appropriate settings, follow the steps below. For more information on how to prepare a virtual network for use with Data Explorer clusters, see the Azure documentation.

In Azure Console -

  1. Open the Azure Portal and go to Data Explorer Clusters.
  2. Create a new cluster.
  3. Configure as needed; on the Network tab, for Connectivity method, choose Virtual network injection.
  4. Select the appropriate virtual network and subnet.

In Terraform -

  1. In the azurerm_kusto_cluster resource, create a virtual_network_configuration block.
  2. Add the subnet_id, engine_public_ip_id, and data_management_public_ip_id for the virtual network setup.

References:
https://learn.microsoft.com/en-us/azure/data-explorer/security-network-overview#virtual-network-injection
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kusto_cluster#virtual_network_configuration

Policy Details

Rule Reference ID: AC_AZURE_0255
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_kusto_cluster
Resource Category: Analytics
Resource Type: Kusto Cluster

Frameworks