Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
Automated Azure security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across Azure subscriptions and tenants.
| Category | Services |
|---|---|
| Identity | Azure AD, PIM, Conditional Access |
| Compute | VMs, App Services, Functions, AKS |
| Storage | Storage Accounts, Blobs, Files |
| Database | SQL Database, Cosmos DB, PostgreSQL |
| Network | VNets, NSGs, Azure Firewall, WAF |
| Security | Defender, Key Vault, Sentinel |
| Monitoring | Monitor, Log Analytics, Application Insights |
{
"type": "object",
"properties": {
"scanType": {
"type": "string",
"enum": ["full", "cis", "pci", "hipaa", "iso27001", "custom"],
"description": "Type of security scan"
},
"subscriptions": {
"type": "array",
"items": { "type": "string" },
"description": "Azure subscription IDs to scan"
},
"resourceGroups": {
"type": "array",
"items": { "type": "string" },
"description": "Specific resource groups to scan"
},
"services": {
"type": "array",
"items": { "type": "string" },
"description": "Specific services to scan"
},
"severityThreshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "PCI-DSS", "HIPAA", "ISO27001", "SOC2", "NIST"]
}
},
"includeAzureAD": {
"type": "boolean",
"description": "Include Azure AD security checks"
}
},
"required": ["scanType"]
}
{
"type": "object",
"properties": {
"scanId": {
"type": "string"
},
"scanTimestamp": {
"type": "string",
"format": "date-time"
},
"subscriptionsScanned": {
"type": "array"
},
"secureScore": {
"type": "object",
"properties": {
"current": { "type": "number" },
"max": { "type": "number" },
"percentage": { "type": "number" }
}
},
"summary": {
"type": "object",
"properties": {
"totalChecks": { "type": "integer" },
"passed": { "type": "integer" },
"failed": { "type": "integer" },
"warnings": { "type": "integer" }
}
},
"findingsBySeverity": {
"type": "object",
"properties": {
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"checkId": { "type": "string" },
"severity": { "type": "string" },
"service": { "type": "string" },
"resourceId": { "type": "string" },
"description": { "type": "string" },
"remediation": { "type": "string" },
"complianceMapping": { "type": "array" }
}
}
},
"azureAdFindings": {
"type": "array"
},
"policyCompliance": {
"type": "object"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}