Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EPAC Managed DfC benchmarks lose vulnerability reports in Defender #856

Open
sdecker opened this issue Jan 22, 2025 · 4 comments
Open

EPAC Managed DfC benchmarks lose vulnerability reports in Defender #856

sdecker opened this issue Jan 22, 2025 · 4 comments
Assignees
Labels
bug Something isn't working

Comments

@sdecker
Copy link
Contributor

sdecker commented Jan 22, 2025

Describe the bug
We are using the latest EPAC version and have started managing the MCSB with EPAC. The deploy works as expected and everything looks good in the Azure Policy Blade, but things are inconsistent when looking at the compliance views in Defender for Cloud. Most items reflect as expected, but any compliance items related to Defender for Cloud vulnerability assessments show 0 of 0 resources.

To Reproduce
Enable Defender vulnerability scans for SQL DB, SQL VM, Containers, etc. Deploy MCSB with EPAC. Looks at the compliance in the Policy view and see non compliant resources. Look at regulatory compliance in Defender for Cloud view and see the vulnerability entries show no associated resources.

Expected behavior
Whether we managed the MCSB assignment with Defender or with EPAC the compliance dashboards all report consistently

EPAC Version
10.7.5

@sdecker sdecker added the bug Something isn't working label Jan 22, 2025
@apybar apybar self-assigned this Jan 30, 2025
@apybar
Copy link
Collaborator

apybar commented Jan 30, 2025

Hey @sdecker - I'll look into this. There might need to be a reconfigure of the MCSB withing DFC but let me do some digging and get back to you.

@sdecker
Copy link
Contributor Author

sdecker commented Jan 30, 2025

Thanks for looking at this. We have also opened a ticket 2501130040014211 with the Defender team.

@sdecker
Copy link
Contributor Author

sdecker commented Feb 20, 2025

We were able to come up with a work around for this. We have to have another assignment of the MCSB at the same level with no exclusions of any kind. We've disabled all the policies that have no relation to Defender and are using the regular epac method to manage those.

@apybar
Copy link
Collaborator

apybar commented Feb 20, 2025

@sdecker - Is the new MCSB assignment deployed via EPAC driving the compliance findings in Defender for Cloud?

Is this deployed at the subcontractor level or the Management Group level?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants