Azure Introduction
Azure Pricing
Azure Threats
Network Watchers Not Enabled
More Info:
Ensure that Network Watcher service is enabled within your Azure account subscriptions to help you monitor and diagnose various conditions at the network level. Microsoft Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources within a virtual network.
Risk Level
Medium
Address
Security
Compliance Standards
CISAZURE, CBP, SOC2, ISO27001, HIPAA, GDPR, NISTCSF, PCIDSS
Triage and Remediation
Remediation
To remediate the “Network Watchers Not Enabled” misconfiguration in Azure using the Azure console, follow these steps:
- Log in to your Azure portal.
- In the left-hand menu, click on “All services” and type “Network Watcher” in the search bar.
- Click on “Network Watcher” to open the service.
- In the left-hand menu of the Network Watcher service, click on “Network Watcher” again.
- Click on the subscription that you want to enable Network Watcher for.
- Click on “Enable Network Watcher” at the top of the page.
- Select the region where you want to enable Network Watcher.
- Click on “Enable” to enable Network Watcher for the selected region.
- Repeat steps 7-8 for all the regions where you want to enable Network Watcher.
- Once you have enabled Network Watcher for all the regions, click on “Network Watcher” in the left-hand menu again.
- Click on “Topology” to verify that Network Watcher is now enabled.
By following these steps, you should be able to remediate the “Network Watchers Not Enabled” misconfiguration in Azure using the Azure console.
To remediate the misconfiguration of Network Watchers not enabled on Azure using Azure CLI, follow these steps:
-
Open the Azure CLI on your local machine or use the Azure Cloud Shell.
-
Run the following command to check if Network Watchers are already enabled on your Azure subscription:
az network watcher list
- If Network Watchers are not enabled, run the following command to enable them:
az feature register --namespace Microsoft.Network --name NetworkWatcher
- After running the above command, you need to wait for a few minutes for the registration to complete. You can check the status of the registration by running the following command:
az feature list -o table --query "[?contains(name, 'Microsoft.Network/NetworkWatcher')].{Name:name,State:properties.state}"
- Once the registration is complete, you can create a Network Watcher in the region of your choice by running the following command:
az network watcher create --location <region>
Note: Replace <region>
with the name of the region where you want to create the Network Watcher.
- Finally, you can verify that Network Watchers are enabled by running the following command:
az network watcher list
This should remediate the misconfiguration of Network Watchers not enabled on Azure using Azure CLI.
To remediate the “Network Watchers Not Enabled” misconfiguration in Azure using Python, follow these steps:
- Import the necessary libraries:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.network import NetworkManagementClient
- Set up the Azure credentials:
subscription_id = 'your_subscription_id'
credentials = ServicePrincipalCredentials(
client_id = 'your_client_id',
secret = 'your_client_secret',
tenant = 'your_tenant_id'
)
- Instantiate the NetworkManagementClient:
network_client = NetworkManagementClient(
credentials,
subscription_id
)
- Check if Network Watcher is enabled:
watcher = network_client.network_watchers.get('your_resource_group', 'your_network_watcher_name')
if watcher.provisioning_state != 'Succeeded':
print("Network Watcher is not enabled.")
- If Network Watcher is not enabled, enable it:
watcher = network_client.network_watchers.create_or_update(
'your_resource_group',
'your_network_watcher_name',
{
'location': 'your_location'
}
)
- Verify that Network Watcher is now enabled:
if watcher.provisioning_state == 'Succeeded':
print("Network Watcher is now enabled.")
Note: Replace the placeholders (your_subscription_id, your_client_id, your_client_secret, your_tenant_id, your_resource_group, your_network_watcher_name, and your_location) with the appropriate values for your Azure environment.