cis_2_1_25 — Defender for Resource Manager not enabled

Summary

Severity: Medium · Pillar: Visibility · Chain role: ENABLER

Description

Defender for Resource Manager monitors ARM operations for suspicious activity such as anomalous resource deployments, privilege escalation, and lateral movement at the control plane.

Mapping

Framework	Control / Reference
NIST 800-53	SC-7
NIST 800-207	—
CIS Azure	2.1.25
MITRE ATT&CK Technique	T1078
MITRE ATT&CK Tactic	Defense Evasion
Zero-Trust Tenet	—
Framework tags	cis-azure-2.0, nist-800-53

Source

Rule defined at policies/azure/cis/defender/cis_2_1_25.rego.

View on GitHub