Azure CSPM

Overview

Using this feature you can run CIS benchmark tests (v1.0.0) for your Azure cloud. This includes CIS level 1 and level 2 checks for Azure as specified here: https://www.cisecurity.org/benchmark/azure/ 

Pre-requisites

Azure CLI is required, please install it by following the steps mentioned here for your Operating System.

Steps involved

  • Open a new shell / terminal.
  • Check that twigs is installed and running properly by running below command:

twigs azure_cis -h

  • Sign in into your Azure instance using Azure CLI as described here on the host where you will be running twigs.
  • You can run the command below:

twigs azure_cis --assetid UNIQUE_ASSET_ID  --assetname NAME_LABEL_FOR_ASSET

  • Asset id is not optional. Use a unique identifier for your Azure cloud instance as an asset.
  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered Azure instance as an asset as well as results of the CIS benchmark tests.
  • Twigs will automatically mark/resolve any fixed issues that were discovered as part of a previous run.

Example

$ twigs azure_cis --assetid prod_azure_cis  --assetname "Production Azure CIS"

Run CIS benchmark checks for Azure CSPM. Note you need to login into Azure CLI first.