Azure Security Scanner Skill
Purpose
Automated Azure security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across Azure subscriptions and tenants.
Capabilities
Azure Security Center Assessments
- Run Microsoft Defender for Cloud security assessments
- Check secure score and recommendations
- Review security alerts and incidents
- Validate just-in-time VM access
- Check adaptive application controls
- Monitor regulatory compliance dashboards
Azure AD Security Analysis
- Analyze Azure AD conditional access policies
- Check MFA enforcement status
- Review privileged identity management (PIM)
- Identify risky sign-ins and users
- Analyze app registrations and service principals
- Check guest user access configurations
Network Security Group Analysis
- Review NSG rules for overly permissive access
- Check for open management ports (RDP, SSH)
- Validate application security groups
- Review Azure Firewall configurations
- Check DDoS protection status
- Analyze virtual network configurations
Storage Account Security
- Identify publicly accessible storage accounts
- Check encryption configurations (SSE, CMK)
- Review shared access signatures (SAS)
- Validate network access rules
- Check secure transfer requirements
- Review access keys rotation
Key Vault Security
- Check Key Vault access policies
- Validate network restrictions
- Review key expiration policies
- Check certificate configurations
- Verify soft-delete enablement
- Audit secret access patterns
Activity Logging Verification
- Validate Azure Activity Log configuration
- Check diagnostic settings on resources
- Review Log Analytics workspace security
- Verify Azure Monitor alert rules
- Check Azure Sentinel integration
Azure Policy Compliance
- Assess built-in policy compliance
- Check custom policy assignments
- Review policy exemptions
- Validate initiative assignments
- Generate compliance reports
Azure Services Covered
| Category | Services |
|---|---|
| Identity | Azure AD, PIM, Conditional Access |
| Compute | VMs, App Services, Functions, AKS |
| Storage | Storage Accounts, Blobs, Files |
| Database | SQL Database, Cosmos DB, PostgreSQL |
| Network | VNets, NSGs, Azure Firewall, WAF |
| Security | Defender, Key Vault, Sentinel |
| Monitoring | Monitor, Log Analytics, Application Insights |
Integrations
- Microsoft Defender for Cloud: Cloud security posture management
- Azure Policy: Governance and compliance
- Azure AD: Identity security
- ScoutSuite: Multi-cloud security auditing
- Azure Sentinel: SIEM and SOAR
Target Processes
- Cloud Security Architecture Review
- Compliance Monitoring
- Azure Subscription Hardening
- Security Posture Assessment
Input Schema
{
"type": "object",
"properties": {
"scanType": {
"type": "string",
"enum": ["full", "cis", "pci", "hipaa", "iso27001", "custom"],
"description": "Type of security scan"
},
"subscriptions": {
"type": "array",
"items": { "type": "string" },
"description": "Azure subscription IDs to scan"
},
"resourceGroups": {
"type": "array",
"items": { "type": "string" },
"description": "Specific resource groups to scan"
},
"services": {
"type": "array",
"items": { "type": "string" },
"description": "Specific services to scan"
},
"severityThreshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "PCI-DSS", "HIPAA", "ISO27001", "SOC2", "NIST"]
}
},
"includeAzureAD": {
"type": "boolean",
"description": "Include Azure AD security checks"
}
},
"required": ["scanType"]
}
Output Schema
{
"type": "object",
"properties": {
"scanId": {
"type": "string"
},
"scanTimestamp": {
"type": "string",
"format": "date-time"
},
"subscriptionsScanned": {
"type": "array"
},
"secureScore": {
"type": "object",
"properties": {
"current": { "type": "number" },
"max": { "type": "number" },
"percentage": { "type": "number" }
}
},
"summary": {
"type": "object",
"properties": {
"totalChecks": { "type": "integer" },
"passed": { "type": "integer" },
"failed": { "type": "integer" },
"warnings": { "type": "integer" }
}
},
"findingsBySeverity": {
"type": "object",
"properties": {
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"checkId": { "type": "string" },
"severity": { "type": "string" },
"service": { "type": "string" },
"resourceId": { "type": "string" },
"description": { "type": "string" },
"remediation": { "type": "string" },
"complianceMapping": { "type": "array" }
}
}
},
"azureAdFindings": {
"type": "array"
},
"policyCompliance": {
"type": "object"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
Usage Example
skill: {
name: 'azure-security-scanner',
context: {
scanType: 'cis',
subscriptions: ['subscription-id-1'],
complianceFrameworks: ['CIS', 'SOC2'],
includeAzureAD: true,
severityThreshold: 'medium'
}
}