Detections
Analytics

Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false

MEDIUM

Description

Not using 'deny by default' could lead to unauthorized access to the IoT Hub.

Remediation

In Azure Console -

  1. Go to Azure IoT Hub.
  2. Choose a IoT Hub to edit.
  3. In the Defender for IoT, Choose Settings.
  4. Click on the Recommendation Configuration and choose the IP Filter Deny recommendation.
  5. Click Enable.

In Terraform -

  1. In the azurerm_iot_security_solution resource, set recommendations_enabled.ip_filter_deny_all to true.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iot_security_solution#ip_filter_deny_all

Policy Details

Rule Reference ID: AC_AZURE_0100
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_iot_security_solution
Resource Category: Management
Resource Type: IoT Hub

Frameworks