Azure secure score PW age policy new
Id | 88C9A5E0-31EC-490B-82E5-A286D9B99A67 |
Rulename | Azure secure score PW age policy new |
Description | This query searches for having found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft’s official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire. |
Severity | Medium |
Tactics | CredentialAccess |
Techniques | T1555 T1606 T1040 |
Required data connectors | SenservaPro |
Kind | Scheduled |
Query frequency | 6h |
Query period | 6h |
Trigger threshold | 0 |
Trigger operator | gt |
Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml |
Version | 1.0.1 |
Arm template | 88C9A5E0-31EC-490B-82E5-A286D9B99A67.json |
SenservaPro_CL
| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'
id: 88C9A5E0-31EC-490B-82E5-A286D9B99A67
triggerOperator: gt
status: Available
entityMappings:
- fieldMappings:
- identifier: Name
columnName: ControlName_s
- identifier: AadTenantId
columnName: TenantId
- identifier: DisplayName
columnName: TenantDisplayName_s
entityType: Account
- fieldMappings:
- identifier: DistinguishedName
columnName: Group_s
entityType: SecurityGroup
- fieldMappings:
- identifier: ResourceId
columnName: SourceSystem
entityType: AzureResource
description: |
'This query searches for having found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset.
If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.'
severity: Medium
version: 1.0.1
relevantTechniques:
- T1555
- T1606
- T1040
tactics:
- CredentialAccess
name: Azure secure score PW age policy new
queryFrequency: 6h
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml
query: |
SenservaPro_CL
| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'
kind: Scheduled
triggerThreshold: 0
requiredDataConnectors:
- dataTypes:
- SenservaPro_CL
connectorId: SenservaPro
queryPeriod: 6h
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2024-01-01-preview",
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/88C9A5E0-31EC-490B-82E5-A286D9B99A67')]",
"kind": "Scheduled",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/88C9A5E0-31EC-490B-82E5-A286D9B99A67')]",
"properties": {
"alertRuleTemplateName": "88C9A5E0-31EC-490B-82E5-A286D9B99A67",
"customDetails": null,
"description": "'This query searches for having found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. \n If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.'\n",
"displayName": "Azure secure score PW age policy new",
"enabled": true,
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "ControlName_s",
"identifier": "Name"
},
{
"columnName": "TenantId",
"identifier": "AadTenantId"
},
{
"columnName": "TenantDisplayName_s",
"identifier": "DisplayName"
}
]
},
{
"entityType": "SecurityGroup",
"fieldMappings": [
{
"columnName": "Group_s",
"identifier": "DistinguishedName"
}
]
},
{
"entityType": "AzureResource",
"fieldMappings": [
{
"columnName": "SourceSystem",
"identifier": "ResourceId"
}
]
}
],
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml",
"query": "SenservaPro_CL\n| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'\n",
"queryFrequency": "PT6H",
"queryPeriod": "PT6H",
"severity": "Medium",
"status": "Available",
"subTechniques": [],
"suppressionDuration": "PT1H",
"suppressionEnabled": false,
"tactics": [
"CredentialAccess"
],
"techniques": [
"T1040",
"T1555",
"T1606"
],
"templateVersion": "1.0.1",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
},
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
}
]
}