diff --git a/docs/en/rules/Azure.ACR.ContentTrust.md b/docs/en/rules/Azure.ACR.ContentTrust.md index 3fdab94c7a..761742ff6d 100644 --- a/docs/en/rules/Azure.ACR.ContentTrust.md +++ b/docs/en/rules/Azure.ACR.ContentTrust.md @@ -1,7 +1,7 @@ --- severity: Important pillar: Security -category: Data protection +category: SE:02 Secured development lifecycle resource: Container Registry online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.ACR.ContentTrust/ --- @@ -104,7 +104,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2023-08-01-preview' = ## LINKS -- [Follow best practices for container security](https://learn.microsoft.com/azure/architecture/framework/security/applications-services#follow-best-practices-for-container-security) +- [SE:02 Secured development lifecycle](https://learn.microsoft.com/azure/well-architected/security/secure-development-lifecycle) - [Content trust in Azure Container Registry](https://learn.microsoft.com/azure/container-registry/container-registry-content-trust) - [Content trust in Docker](https://docs.docker.com/engine/security/trust/content_trust/) - [Overview of customer-managed keys](https://learn.microsoft.com/azure/container-registry/tutorial-customer-managed-keys#before-you-enable-a-customer-managed-key) diff --git a/docs/en/rules/Azure.ACR.Firewall.md b/docs/en/rules/Azure.ACR.Firewall.md index 2fe8d655db..714d8878bf 100644 --- a/docs/en/rules/Azure.ACR.Firewall.md +++ b/docs/en/rules/Azure.ACR.Firewall.md @@ -94,6 +94,8 @@ resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { } ``` + + ## NOTES Configuring firewall rules or using private endpoints is only available for the Premium SKU. diff --git a/docs/en/rules/Azure.ACR.MinSku.md b/docs/en/rules/Azure.ACR.MinSku.md index 120f4c91a6..f5c5d75939 100644 --- a/docs/en/rules/Azure.ACR.MinSku.md +++ b/docs/en/rules/Azure.ACR.MinSku.md @@ -121,6 +121,8 @@ resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { } ``` + + ## LINKS - [Target and non-functional requirements](https://learn.microsoft.com/azure/architecture/framework/resiliency/design-requirements) diff --git a/docs/en/rules/Azure.Firewall.Mode.md b/docs/en/rules/Azure.Firewall.Mode.md index b689d57972..55e6a5e8c9 100644 --- a/docs/en/rules/Azure.Firewall.Mode.md +++ b/docs/en/rules/Azure.Firewall.Mode.md @@ -1,7 +1,7 @@ --- severity: Critical pillar: Security -category: Network security and containment +category: SE:10 Monitoring and threat detection resource: Firewall online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Firewall.Mode/ --- @@ -35,7 +35,7 @@ Alternatively, consider using firewall policies to manage Azure Firewalls at sca To deploy Azure Firewalls that pass this rule: -- Set the `properties.threatIntelMode` to `Deny`. +- Set the `properties.threatIntelMode` property to `Deny`. For example: @@ -58,7 +58,7 @@ For example: To deploy Azure Firewalls that pass this rule: -- Set the `properties.threatIntelMode` to `Deny`. +- Set the `properties.threatIntelMode` property to `Deny`. For example: @@ -77,7 +77,7 @@ resource firewall_classic 'Microsoft.Network/azureFirewalls@2021-05-01' = { ## LINKS -- [Implement network segmentation patterns on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-segmentation) +- [SE:10 Monitoring and threat detection](https://learn.microsoft.com/azure/well-architected/security/monitor-threats) - [Azure Firewall threat intelligence-based filtering](https://learn.microsoft.com/azure/firewall/threat-intel) - [Azure network security overview](https://learn.microsoft.com/azure/security/fundamentals/network-overview#azure-firewall) - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/azurefirewalls) diff --git a/docs/en/rules/Azure.Firewall.PolicyMode.md b/docs/en/rules/Azure.Firewall.PolicyMode.md index f422ce767f..8741120e98 100644 --- a/docs/en/rules/Azure.Firewall.PolicyMode.md +++ b/docs/en/rules/Azure.Firewall.PolicyMode.md @@ -1,7 +1,7 @@ --- severity: Critical pillar: Security -category: Network security and containment +category: SE:10 Monitoring and threat detection resource: Firewall online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Firewall.PolicyMode/ --- @@ -30,7 +30,7 @@ Consider configuring Azure Firewall to alert and deny IP addresses, domains and To deploy Azure Firewall polices that pass this rule: -- Set the `properties.threatIntelMode` to `Deny`. +- Set the `properties.threatIntelMode` property to `Deny`. For example: @@ -53,7 +53,7 @@ For example: To deploy Azure Firewall polices that pass this rule: -- Set the `properties.threatIntelMode` to `Deny`. +- Set the `properties.threatIntelMode` property to `Deny`. For example: @@ -70,6 +70,8 @@ resource firewallPolicy 'Microsoft.Network/firewallPolicies@2023-04-01' = { } ``` + + ### NOTES Azure Firewall Premium SKU is required for associating standalone resource firewall policies. @@ -79,10 +81,10 @@ In order to take advantage of URL filtering with `HTTPS` traffic included in thr ## LINKS -- [Implement network segmentation patterns on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-segmentation) +- [SE:10 Monitoring and threat detection](https://learn.microsoft.com/azure/well-architected/security/monitor-threats) +- [NS-1: Establish network segmentation boundaries](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline#ns-1-establish-network-segmentation-boundaries) - [Azure Firewall threat intelligence-based filtering](https://learn.microsoft.com/azure/firewall/threat-intel) - [Rule processing logic](https://learn.microsoft.com/azure/firewall/rule-processing#threat-intelligence) - [Azure security baseline for Azure Firewall](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline) -- [NS-1: Establish network segmentation boundaries](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline#ns-1-establish-network-segmentation-boundaries) - [Azure network security overview](https://learn.microsoft.com/azure/security/fundamentals/network-overview#azure-firewall) - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/firewallpolicies#firewallpolicypropertiesformat)