Checks whether a vulnerability scan for risks of a specified level is configured in the Security Center (SAS) console. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to identify and handle system vulnerabilities at the earliest opportunity. This helps improve system security.
Risk level
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If a vulnerability scan for risks of a specified level is configured in the SAS console, the evaluation result is Compliant.
- If a vulnerability scan for risks of a specified level is not configured in the SAS console, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | security-center-concern-necessity-check |
| Rule identifier | security-center-concern-necessity-check |
| Tag | SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | All Resources |
| Input parameter | Necessities. Default values: asap and later. |
Incompliance remediation
Configure a vulnerability scan for risks of a specified level in the SAS console. For more information, see Scan for vulnerabilities.