Azure VM Tags Schema Non-compliant
ID: azure-vm-tags-schema-noncompliant
Severity: low
Author: princechaddha
Tags: cloud,devops,azure,microsoft,azure-vm,azure-cloud-config
Description
Section titled “Description”Ensure that user-defined tags are being used for labeling, collecting, and organizing cloud resources within your Microsoft Azure account. User-defined tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple cloud resources. Trend Micro Cloud One™ – Conformity recommends the following tagging schema to help you identify and manage your Azure resources: Name, Role, Environment, and Owner.
YAML Source
Section titled “YAML Source”id: azure-vm-tags-schema-noncompliantinfo: name: Azure VM Tags Schema Non-compliant author: princechaddha severity: low description: | Ensure that user-defined tags are being used for labeling, collecting, and organizing cloud resources within your Microsoft Azure account. User-defined tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple cloud resources. Trend Micro Cloud One™ – Conformity recommends the following tagging schema to help you identify and manage your Azure resources: Name, Role, Environment, and Owner. impact: | Not using the recommended tagging schema can lead to difficulties in managing and organizing cloud resources effectively, potentially leading to operational inefficiencies and increased costs. remediation: | Update the tagging schema of your Azure virtual machines to include the recommended tags: Name, Role, Environment, and Owner to ensure effective resource management and billing. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/tagging tags: cloud,devops,azure,microsoft,azure-vm,azure-cloud-config
flow: | code(1); for (let VMData of iterate(template.vmList)) { VMData = JSON.parse(VMData); set("resourceId", VMData.id); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az vm list --query '[*].{"id":id}'
extractors: - type: json name: vmList internal: true json: - '.[]'
- engine: - sh - bash source: | az tag list --resource-id "$resourceId" --output json --query 'properties.tags'
matchers-condition: and matchers: - type: word words: - ''
- type: word words: - "Name" negative: true
extractors: - type: dsl dsl: - 'resourceId + " does not use the recommended tagging schema"'# digest: 4b0a0048304602210094f218b17723a92855744f1f39f2a274210cd20d8a689b073196fc77d3095074022100f86132973c7efe501ae65424b2aa6828892bcaeef18072dd57efe1f448774adb:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml"