Azure secure score PW age policy new
Id | 88C9A5E0-31EC-490B-82E5-A286D9B99A67 |
Rulename | Azure secure score PW age policy new |
Description | This query searches for having found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft’s official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire. |
Severity | Medium |
Tactics | CredentialAccess |
Techniques | T1555 T1606 T1040 |
Required data connectors | SenservaPro |
Kind | Scheduled |
Query frequency | 6h |
Query period | 6h |
Trigger threshold | 0 |
Trigger operator | gt |
Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml |
Version | 1.0.0 |
Arm template | 88C9A5E0-31EC-490B-82E5-A286D9B99A67.json |
SenservaPro_CL
| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'
version: 1.0.0
name: Azure secure score PW age policy new
severity: Medium
queryFrequency: 6h
kind: Scheduled
queryPeriod: 6h
description: |
'This query searches for having found that when periodic password resets are enforced,
passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset.
If a user creates a strong password (long, complex and without any pragmatic words present)
it should remain just as strong in the future as it is today. It is Microsoft's official security position
to not expire passwords periodically without a specific reason, and recommends
that cloud-only tenants set the password policy to never expire.'
query: |
SenservaPro_CL
| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'
tactics:
- CredentialAccess
triggerOperator: gt
entityMappings:
- entityType: Account
fieldMappings:
- columnName: ControlName_s
identifier: Name
- columnName: TenantId
identifier: AadTenantId
- columnName: TenantDisplayName_s
identifier: DisplayName
- entityType: SecurityGroup
fieldMappings:
- columnName: Group_s
identifier: DistinguishedName
- entityType: AzureResource
fieldMappings:
- columnName: SourceSystem
identifier: ResourceId
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml
requiredDataConnectors:
- connectorId: SenservaPro
dataTypes:
- SenservaPro_CL
status: Available
relevantTechniques:
- T1555
- T1606
- T1040
id: 88C9A5E0-31EC-490B-82E5-A286D9B99A67
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/88C9A5E0-31EC-490B-82E5-A286D9B99A67')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/88C9A5E0-31EC-490B-82E5-A286D9B99A67')]",
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
"kind": "Scheduled",
"apiVersion": "2022-11-01-preview",
"properties": {
"displayName": "Azure secure score PW age policy new",
"description": "'This query searches for having found that when periodic password resets are enforced,\n passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. \n If a user creates a strong password (long, complex and without any pragmatic words present)\n it should remain just as strong in the future as it is today. It is Microsoft's official security position\n to not expire passwords periodically without a specific reason, and recommends \n that cloud-only tenants set the password policy to never expire.'\n",
"severity": "Medium",
"enabled": true,
"query": "SenservaPro_CL\n| where ControlName_s == 'AzureSecureScorePWAgePolicyNew'\n",
"queryFrequency": "PT6H",
"queryPeriod": "PT6H",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0,
"suppressionDuration": "PT1H",
"suppressionEnabled": false,
"tactics": [
"CredentialAccess"
],
"techniques": [
"T1555",
"T1606",
"T1040"
],
"alertRuleTemplateName": "88C9A5E0-31EC-490B-82E5-A286D9B99A67",
"customDetails": null,
"entityMappings": [
{
"fieldMappings": [
{
"columnName": "ControlName_s",
"identifier": "Name"
},
{
"columnName": "TenantId",
"identifier": "AadTenantId"
},
{
"columnName": "TenantDisplayName_s",
"identifier": "DisplayName"
}
],
"entityType": "Account"
},
{
"fieldMappings": [
{
"columnName": "Group_s",
"identifier": "DistinguishedName"
}
],
"entityType": "SecurityGroup"
},
{
"fieldMappings": [
{
"columnName": "SourceSystem",
"identifier": "ResourceId"
}
],
"entityType": "AzureResource"
}
],
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/PasswordAgePolicyNew.yaml",
"templateVersion": "1.0.0",
"status": "Available"
}
}
]
}