Detections
Analytics

Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to false

HIGH

Description

If malicious actors gain access to an exposed privileged container, they will have root capabilities of a host machine.

Remediation

In Azure Console -

  1. Go to Azure IoT Hub.
  2. Choose a IoT Hub to edit.
  3. In the Defender for IoT, Choose Settings.
  4. Click on the Recommendation Configuration and choose the Privilege Docker options recommendation.
  5. Click Enable.

In Terraform -

  1. In the azurerm_iot_security_solution resource, set recommendations_enabled.privileged_docker_options to true.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iot_security_solution#privileged_docker_options

Policy Details

Rule Reference ID: AC_AZURE_0099
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_iot_security_solution
Resource Category: Management
Resource Type: IoT Hub

Frameworks