Azure Introduction
Azure Pricing
Azure Threats
Sending Email to Administrators on Alert Is Off
More Info:
Set Send Me Email About Alerts to On.
Risk Level
Low
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration “Sending Email to Administrators on Alert Is Off” for Azure using the Azure console, follow these steps:
- Log in to the Azure portal.
- Navigate to the “Monitor” section from the left-hand side menu.
- Click on “Alerts” from the Monitor menu.
- Select the alert that needs to be remediated.
- Click on the “Edit” button.
- In the “Actions” section, click on the “Add action group” button.
- In the “Create action group” window, enter a name for the action group.
- In the “Actions” section of the “Create action group” window, select “Email/SMS/Push/Voice” as the action type.
- In the “Email/SMS/Push/Voice” section, enter the email addresses of the administrators who should receive the alert notifications.
- Click on the “OK” button to create the action group.
- In the “Actions” section of the alert, select the newly created action group.
- Save the changes to the alert.
After completing these steps, the alert will trigger an email notification to the specified administrators when it is triggered.
To remediate the misconfiguration “Sending Email to Administrators on Alert Is Off” in Azure using Azure CLI, you can follow the below steps:
Step 1: Open the Azure CLI and login to your Azure account using the command:
az login
Step 2: Once you are logged in, set the subscription in which the alert is created using the command:
az account set --subscription <subscription_id>
Step 3: Get the list of all the alert rules configured in the subscription using the command:
az monitor metrics alert list-rules --resource-group <resource_group_name>
Step 4: Identify the alert rule for which the “Sending Email to Administrators on Alert Is Off” misconfiguration exists.
Step 5: Update the alert rule to enable sending email to administrators on alert using the command:
az monitor metrics alert update --resource-group <resource_group_name> --name <alert_rule_name> --email-service-owners true
Step 6: Verify the update by checking the alert rule configuration using the command:
az monitor metrics alert show --resource-group <resource_group_name> --name <alert_rule_name>
Step 7: Once you have verified the update, the misconfiguration “Sending Email to Administrators on Alert Is Off” would have been remediated.
Note: In Step 5, replace <resource_group_name>
with the name of the resource group in which the alert rule is created, <alert_rule_name>
with the name of the alert rule for which the misconfiguration exists, and true
with false
to disable sending email to administrators on alert.
To remediate the misconfiguration “Sending Email to Administrators on Alert Is Off” for Azure using Python, you can follow the below steps:
Step 1: Import necessary libraries and authenticate to Azure.
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import ActionGroupPatchBody, EmailReceiver
subscription_id = '<Subscription ID>'
client_id = '<Client ID>'
secret = '<Client Secret>'
tenant = '<Tenant ID>'
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=secret,
tenant=tenant
)
monitor_client = MonitorManagementClient(credentials, subscription_id)
Step 2: Get the action groups and check if the email receiver is enabled or not.
action_groups = monitor_client.action_groups.list()
for action_group in action_groups:
if action_group.email_receivers is not None:
for email_receiver in action_group.email_receivers:
if email_receiver.name == 'Administrators':
if email_receiver.enabled is False:
print('Email receiver for Administrators is disabled')
Step 3: Enable the email receiver for the Administrators group.
action_group_patch = ActionGroupPatchBody(
email_receivers=[
EmailReceiver(
name='Administrators',
email_address='<Email Address>',
use_common_alert_schema=True,
enabled=True
)
]
)
monitor_client.action_groups.update(
resource_group_name='<Resource Group Name>',
action_group_name='<Action Group Name>',
parameters=action_group_patch
)
Replace the placeholders <Subscription ID>
, <Client ID>
, <Client Secret>
, <Tenant ID>
, <Email Address>
, <Resource Group Name>
, and <Action Group Name>
with the appropriate values.
Note: This solution assumes that the action group and email receiver for the Administrators group already exist. If they don’t exist, you can create them using the Azure Portal or the Azure SDK for Python.