Top / Microsoft Azure / Azure Security Center / Solution

Azure Security Center Solution

This page shows how to write Terraform and Azure Resource Manager for Security Center Solution and write them securely.

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_iot_security_solution (Terraform)

The Solution in Security Center can be configured in Terraform with the resource name azurerm_iot_security_solution. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

display_name required - string
enabled optional - bool
events_to_export optional - set of string
id optional computed - string
iothub_ids required - set of string
location required - string
log_analytics_workspace_id optional - string
log_unmasked_ips_enabled optional - bool
name required - string
query_for_resources optional computed - string
query_subscription_ids optional computed - set of string
resource_group_name required - string
tags optional - map from string to string
recommendations_enabled list block
- acr_authentication optional - bool
- agent_send_unutilized_msg optional - bool
- baseline optional - bool
- edge_hub_mem_optimize optional - bool
- edge_logging_option optional - bool
- inconsistent_module_settings optional - bool
- install_agent optional - bool
- ip_filter_deny_all optional - bool
- ip_filter_permissive_rule optional - bool
- open_ports optional - bool
- permissive_firewall_policy optional - bool
- permissive_input_firewall_rules optional - bool
- permissive_output_firewall_rules optional - bool
- privileged_docker_options optional - bool
- shared_credentials optional - bool
- vulnerable_tls_cipher_suite optional - bool
timeouts single block
- create optional - string
- delete optional - string
- read optional - string
- update optional - string

>> from Terraform Registry

Explanation in Terraform Registry

Manages an iot security solution.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Security Center Resources

In addition to the azurerm_security_center_contact, Azure Security Center has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

azurerm_security_center_contact

Ensure to enable alert notifications

It is better to configure at least one valid contact for the security center. Microsoft will inform you directly in the event of a security incident using emails.

azurerm_security_center_subscription_pricing

Ensure to enable alert notifications

It is better to enable Azure Defender, which is a cloud workload protection service for App Services. In addition, It is also able to analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP.

Review your Azure Security Center settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Security/IoTSecuritySolutions (Azure Resource Manager)

The IoTSecuritySolutions in Microsoft.Security can be configured in Azure Resource Manager with the resource name Microsoft.Security/IoTSecuritySolutions. The following sections describe how to use the resource and its parameters.