Code quality clean (#2498)

Azure · Oct 20, 2023 · f677e92 · f677e92
1 parent 72b42e6
commit f677e92
Show file tree

Hide file tree

Showing 9 changed files with 254 additions and 108 deletions.
diff --git a/docs/en/rules/Azure.Defender.Storage.MalwareScan.md b/docs/en/rules/Azure.Defender.Storage.MalwareScan.md
@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Data protection
+category: Tools
 resource: Microsoft Defender for Cloud
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Defender.Storage.MalwareScan/
 ---
@@ -48,22 +48,26 @@ For example:
 
 ```json
 {
-    "type": "Microsoft.Security/pricings",
-    "apiVersion": "2022-03-01",
-    "name": "StorageAccounts",
-    "properties": {
-        "pricingTier": "Standard",
-        "subPlan": "DefenderForStorageV2",
-        "extensions": [
-            {
-                "name": "OnUploadMalwareScanning",
-                "isEnabled": "True",
-                "additionalExtensionProperties": {
-                    "CapGBPerMonthPerStorageAccount": "5000"
-                }
-            }
-        ]
-    }
+  "type": "Microsoft.Security/pricings",
+  "apiVersion": "2023-01-01",
+  "name": "StorageAccounts",
+  "properties": {
+    "pricingTier": "Standard",
+    "subPlan": "DefenderForStorageV2",
+    "extensions": [
+      {
+        "name": "OnUploadMalwareScanning",
+        "isEnabled": "True",
+        "additionalExtensionProperties": {
+          "CapGBPerMonthPerStorageAccount": "5000"
+        }
+      },
+      {
+        "name": "SensitiveDataDiscovery",
+        "isEnabled": "True"
+      }
+    ]
+  }
 }
 ```
 
@@ -77,7 +81,7 @@ To enable Malware Scanning in Microsoft Defender for Storage:
 For example:
 
 ```bicep
-resource defenderForStorage 'Microsoft.Security/pricings@2022-03-01' = {
+resource defenderForStorage 'Microsoft.Security/pricings@2023-01-01' = {
   name: 'StorageAccounts'
   properties: {
     pricingTier: 'Standard'
@@ -90,6 +94,10 @@ resource defenderForStorage 'Microsoft.Security/pricings@2022-03-01' = {
           CapGBPerMonthPerStorageAccount: '5000'
         }
       }
+      {
+        name: 'SensitiveDataDiscovery'
+        isEnabled: 'True'
+      }
     ]
   }
 }
@@ -105,7 +113,7 @@ Malware Scanning is not supported for storage accounts with public network acces
 
 ## LINKS
 
-- [Security operations in Azure](https://learn.microsoft.com/azure/architecture/framework/security/monitor-security-operations)
+- [Azure security monitoring tools](https://learn.microsoft.com/azure/well-architected/security/monitor-tools)
 - [What is Microsoft Defender for Cloud?](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Malware Scanning in Defender for Storage](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-malware-scan)
 - [Limitations](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-malware-scan#limitations)

diff --git a/docs/en/rules/Azure.Defender.Storage.SensitiveData.md b/docs/en/rules/Azure.Defender.Storage.SensitiveData.md
@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Data protection
+category: Tools
 resource: Microsoft Defender for Cloud
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Defender.Storage.SensitiveData/
 ---
@@ -22,7 +22,7 @@ The sensitive data threat detection capability helps teams:
 - Identity where sensitive data is stored.
 - Detect possible security incidents resulting is data exposure.
 
-When enabling sensitive data threat detection, the sensitive data categories include built-in sensitive information types (SITs) in the default list of Microsoft Purview. 
+When enabling sensitive data threat detection, the sensitive data categories include built-in sensitive information types (SITs) in the default list of Microsoft Purview.
 It is possible to customize the Data Sensitivity Discovery for a organization, by creating custom sensitive information types (SITs).
 
 Sensitive data threat detection in Microsoft Defender for Storage can be enabled at the subscription level and by doing so ensures all storage accounts in the subscription will be protected, including future ones.
@@ -44,19 +44,26 @@ For example:
 
 ```json
 {
-    "type": "Microsoft.Security/pricings",
-    "apiVersion": "2022-03-01",
-    "name": "StorageAccounts",
-    "properties": {
-        "pricingTier": "Standard",
-        "subPlan": "DefenderForStorageV2",
-        "extensions": [
-            {
-                "name": "SensitiveDataDiscovery",
-                "isEnabled": "True",
-            }
-        ]
-    }
+  "type": "Microsoft.Security/pricings",
+  "apiVersion": "2023-01-01",
+  "name": "StorageAccounts",
+  "properties": {
+    "pricingTier": "Standard",
+    "subPlan": "DefenderForStorageV2",
+    "extensions": [
+      {
+        "name": "OnUploadMalwareScanning",
+        "isEnabled": "True",
+        "additionalExtensionProperties": {
+          "CapGBPerMonthPerStorageAccount": "5000"
+        }
+      },
+      {
+        "name": "SensitiveDataDiscovery",
+        "isEnabled": "True"
+      }
+    ]
+  }
 }
 ```
 
@@ -70,12 +77,19 @@ To enable sensitive data threat detection in Microsoft Defender for Storage:
 For example:
 
 ```bicep
-resource defenderForStorage 'Microsoft.Security/pricings@2022-03-01' = {
+resource defenderForStorage 'Microsoft.Security/pricings@2023-01-01' = {
   name: 'StorageAccounts'
   properties: {
     pricingTier: 'Standard'
     subPlan: 'DefenderForStorageV2'
     extensions: [
+      {
+        name: 'OnUploadMalwareScanning'
+        isEnabled: 'True'
+        additionalExtensionProperties: {
+          CapGBPerMonthPerStorageAccount: '5000'
+        }
+      }
       {
         name: 'SensitiveDataDiscovery'
         isEnabled: 'True'
@@ -91,11 +105,12 @@ This feature is currently in preview.
 
 The `DefenderForStorageV2` sub plan represents the new Defender for Storage plan which offers several new benefits that aren't included in the classic plan, such as sensitive data threat detection.
 
-Sensitive data threat detection is not supported for storage accounts with public network access set to disabled. Not all services within storage accounts are currently supported.
+Sensitive data threat detection is not supported for storage accounts with public network access set to disabled.
+Not all services within storage accounts are currently supported.
 
 ## LINKS
 
-- [Security operations in Azure](https://learn.microsoft.com/azure/architecture/framework/security/monitor-security-operations)
+- [Azure security monitoring tools](https://learn.microsoft.com/azure/well-architected/security/monitor-tools)
 - [What is Microsoft Defender for Cloud?](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Sensitive data threat detection in Defender for Storage](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-data-sensitivity)
 - [Support and prerequisites for data-aware security posture](https://learn.microsoft.com/azure/defender-for-cloud/concept-data-security-posture-prepare)

diff --git a/docs/en/rules/Azure.Defender.Storage.md b/docs/en/rules/Azure.Defender.Storage.md
@@ -2,7 +2,7 @@
 reviewed: 2023-18-05
 severity: Critical
 pillar: Security
-category: Data protection
+category: Tools
 resource: Microsoft Defender for Cloud
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Defender.Storage/
 ---
@@ -45,13 +45,26 @@ For example:
 
 ```json
 {
-    "type": "Microsoft.Security/pricings",
-    "apiVersion": "2022-03-01",
-    "name": "StorageAccounts",
-    "properties": {
-        "pricingTier": "Standard",
-        "subPlan": "DefenderForStorageV2"
-    }
+  "type": "Microsoft.Security/pricings",
+  "apiVersion": "2023-01-01",
+  "name": "StorageAccounts",
+  "properties": {
+    "pricingTier": "Standard",
+    "subPlan": "DefenderForStorageV2",
+    "extensions": [
+      {
+        "name": "OnUploadMalwareScanning",
+        "isEnabled": "True",
+        "additionalExtensionProperties": {
+          "CapGBPerMonthPerStorageAccount": "5000"
+        }
+      },
+      {
+        "name": "SensitiveDataDiscovery",
+        "isEnabled": "True"
+      }
+    ]
+  }
 }
 ```
 
@@ -64,11 +77,24 @@ To enable Defender for Storage:
 For example:
 
 ```bicep
-resource defenderForStorage 'Microsoft.Security/pricings@2022-03-01' = {
+resource defenderForStorage 'Microsoft.Security/pricings@2023-01-01' = {
   name: 'StorageAccounts'
   properties: {
     pricingTier: 'Standard'
     subPlan: 'DefenderForStorageV2'
+    extensions: [
+      {
+        name: 'OnUploadMalwareScanning'
+        isEnabled: 'True'
+        additionalExtensionProperties: {
+          CapGBPerMonthPerStorageAccount: '5000'
+        }
+      }
+      {
+        name: 'SensitiveDataDiscovery'
+        isEnabled: 'True'
+      }
+    ]
   }
 }
 ```
@@ -81,14 +107,16 @@ Set-AzSecurityPricing -Name 'StorageAccounts' -PricingTier 'Standard' -SubPlan '
 
 ## NOTES
 
-The `DefenderForStorageV2` sub plan represents the new Defender for Storage plan which offers several new benefits that aren't included in the classic plan. The new plan includes more advanced capabilities that can help improve the security of the data and help prevent malicious file uploads, sensitive data exfiltration, and data corruption. Some features within the new plan is still in preview, but these are configurable.
+The `DefenderForStorageV2` sub plan represents the new Defender for Storage plan which offers several new benefits that aren't included in the classic plan.
+The new plan includes more advanced capabilities that can help improve the security of the data and help prevent malicious file uploads, sensitive data exfiltration, and data corruption.
+Some features within the new plan is still in preview, but these are configurable.
 
 Currently only the `Blob Storage`, `Azure Files` and `Azure Data Lake Storage Gen2` service is supported by Defender for Storage.
 
 ## LINKS
 
-- [Storage security guide](https://learn.microsoft.com/azure/storage/blobs/security-recommendations?toc=%2Fazure%2Fsecurity%2Ffundamentals%2Ftoc.json&bc=%2Fazure%2Fsecurity%2Fbreadcrumb%2Ftoc.json)
-- [Security operations in Azure](https://learn.microsoft.com/azure/architecture/framework/security/monitor-security-operations)
+- [Azure security monitoring tools](https://learn.microsoft.com/azure/well-architected/security/monitor-tools)
+- [Storage security guide](https://learn.microsoft.com/azure/storage/blobs/security-recommendations)
 - [What is Microsoft Defender for Cloud?](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Overview of Microsoft Defender for Storage](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-introduction)
 - [Migrate from Defender for Storage (classic) to the new plan](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-classic-migrate)

diff --git a/docs/en/rules/Azure.DefenderCloud.Contact.md b/docs/en/rules/Azure.DefenderCloud.Contact.md
@@ -23,4 +23,6 @@ Consider configuring Microsoft Defender for Cloud email and phone contact detail
 
 ## LINK
 
-- [Quickstart: Configure email notifications for security alerts](https://docs.microsoft.com/azure/defender-for-cloud/configure-email-notifications)
+- [Security operations in Azure](https://learn.microsoft.com/azure/well-architected/security/monitor-security-operations#assign-incident-notification-contact)
+- [Quickstart: Configure email notifications for security alerts](https://learn.microsoft.com/azure/defender-for-cloud/configure-email-notifications)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.security/securitycontacts)