Sending Email to Security Contact on Alert Is Off

Using Console

Using CLI

To remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for Azure using Azure CLI, you can follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command:

az login

Step 2: Once you are logged in, set the correct subscription using the command:

az account set --subscription <subscription_id>

Step 3: Check the current status of the “Send email to security contact on alert” setting using the command:

az monitor security-alert list -g <resource_group_name> --query "[].properties.sendEmailNotification"

Step 4: If the setting is set to “false”, then update the setting to “true” using the command:

az monitor security-alert update -g <resource_group_name> --name <security_alert_name> --email <security_contact_email> --status-code Enabled

Note: Replace the <resource_group_name>, <security_alert_name> and <security_contact_email> with the actual values.Step 5: Verify the updated setting using the command:

az monitor security-alert list -g <resource_group_name> --query "[].properties.sendEmailNotification"

After following the above steps, the misconfiguration “Sending Email to Security Contact on Alert Is Off” will be remediated for Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for AZURE using Python, you can follow these steps:

Import the necessary libraries:

import os
from azure.identity import DefaultAzureCredential
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import ActionGroup, EmailReceiver

Set the credentials and subscription ID:

credential = DefaultAzureCredential()
subscription_id = 'your-subscription-id'

Initialize the MonitorManagementClient:

monitor_client = MonitorManagementClient(credential, subscription_id)

Get the existing action groups:

action_groups = monitor_client.action_groups.list()

Check if the action group for sending email to security contact on alert exists, if not create it:

for group in action_groups:
    if group.name == 'security-contact':
        break
else:
    email_receiver = EmailReceiver(name='security-contact-email', email_address='[email protected]')
    action_group = ActionGroup(
        group_short_name='security-contact',
        enabled=True,
        receivers=[email_receiver],
        severity_filter='High, Critical'
    )
    monitor_client.action_groups.create_or_update(group_name='security-contact', parameters=action_group)

Enable the action group:

monitor_client.action_groups.enable(group_name='security-contact')

Verify that the action group is enabled:

action_group = monitor_client.action_groups.get(group_name='security-contact')
if action_group.enabled:
    print('Action group is enabled')
else:
    print('Action group is not enabled')

By following these steps, you can remediate the misconfiguration “Sending Email to Security Contact on Alert Is Off” for AZURE using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Sending Email to Security Contact on Alert Is Off

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation