Skip to content

Azure alerts

Azure resources created by Sophos Cloud Optix can cause alerts for non-compliance with CIS rules.

This table shows the relevant Center for Internet Security (CIS) rules for Azure, which alerts they raise, and why the alerts happen. See CIS Benchmarks - Securing Azure.

You can suppress the alert for a rule. In many cases you can change your Azure configuration to prevent the alert occuring.

To change your configuration, follow the instructions in the relevant Sophos Cloud Optix alert.

CIS rule AZ-2108

Label Description
Rule description Ensure default network access rule for Storage Accounts is set to deny.
Severity Low
Resource type Storage account
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/avidflowlogsgroup/providers/Microsoft.Storage/storageAccounts/avidact<uniqueId>
Reason for non-compliance Microsoft's approach means that if functions belong to a consumption plan, you need to turn off your firewall to access storage accounts.

CIS rule AZ-2904

Label Description
Rule description Scan all Azure storage accounts to check they are accessible from all networks.
Severity Low
Resource type Storage account
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/avidflowlogsgroup/
providers/Microsoft.Storage/storageAccounts/avidact<uniqueId>
Reason for non-compliance Microsoft's approach means that if functions belong to a consumption plan, you need to turn off your firewall to access storage accounts.

CIS rule AZ-2267

Label Description
Rule description Ensure that you have encrypted the storage account that has the container with your activity logs with Bring Your Own Key (BYOK).
Severity Low
Resource type Storage account
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/avidflowlogsgroup/
providers/Microsoft.Storage/storageAccounts/avidact<uniqueId>
Reason for non-compliance You must use your own keys to comply with this rule.

CIS rule AZ-2252

Label Description
Rule description Ensure that Activity Log Retention is set to 365 days or more.
Severity High
Resource type Activity log
Affected Azure resources /subscriptions/<subscriptionId>
Reason for non-compliance Sophos retains logs for one day to avoid extra charges.

CIS rule AZ-2304

Label Description
Rule description Ensure that Network Security Group Flow Log retention period is more than 90 days.
Severity Medium
Resource type NSG flow logs
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/
providers/Microsoft.Network/networkSecurityGroups/<networkSecurityGroup>
Reason for non-compliance Sophos retains logs for one day to avoid extra charges.

CIS rule AZ-2101

Label Description
Rule description Ensure that Secure transfer required is set to Enabled.
Severity High
Resource type Storage account
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/avidflowlogsgroup/
providers/Microsoft.Storage/storageAccounts/avidact<uniqueId>
Reason for non-compliance This is a legacy error which has been fixed. Adding the environment to Sophos Cloud Optix again resolves the alert.

CIS rule AZ-3208

Label Description
Rule description Ensure the web app has Client Certificates (Incoming client certificates) set to On
Severity Medium
Resource type Web app
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/ avidflowlogsgroup/providers/Microsoft.Web/ sites/AvidActivityLogs<uniqueId>,
subscriptions/<subscriptionId>/resourceGroups/ avidflowlogsgroup/providers/Microsoft.Web/ sites/AvidFlowLogs<uniqueId>
Reason for non-compliance This is a legacy error which has been fixed. Adding the environment to Sophos Cloud Optix again resolves the alert.

CIS rule AZ-3029

Label Description
Rule description Ensure that Register with Azure Active Directory is turned on in App Service.
Severity Medium
Resource type Web app
Affected Azure resources subscriptions/<subscriptionId>/resourceGroups/ avidflowlogsgroup/providers/Microsoft.Web/ sites/AvidActivityLogs<uniqueId>,
subscriptions/<subscriptionId>/resourceGroups/ avidflowlogsgroup/providers/Microsoft.Web/ sites/AvidFlowLogs<uniqueId>
Reason for non-compliance This is a legacy error which has been fixed. Adding the environment to Sophos Cloud Optix again resolves the alert.