silverhack · silverhack · Aug 31, 2022 · Jul 31, 2022 · Jul 31, 2022 · Jul 31, 2022
diff --git a/Invoke-Monkey365.ps1 b/Invoke-Monkey365.ps1
@@ -25,7 +25,7 @@ Function Invoke-Monkey365{
                 Role Assignments (RBAC)
                 Security Patches
                 Security Baseline
-                Security Center
+                Microsoft Defender for Cloud
                 Network Security Groups
                 Classic Endpoints
                 Azure Security Alerts
@@ -92,7 +92,7 @@ Function Invoke-Monkey365{
             Databases                    Retrieves information from Azure SQL, including databases, Transparent Data Encryption or Threat Detection Policy
             VirtualMachines              Retrieves information from virtual machines deployed on both classic mode and resource manager.
             SecurityAlerts               Get Security Alerts from Microsoft Azure.
-            SecurityCenter               Get information about Security Center
+            SecurityCenter               Get information about Microsoft Defender for Cloud
             RoleAssignments              Retrieves information about RBAC Users and Groups
             StorageAccounts              Retrieves information about storage accounts deployed on Classic mode and resource manager
             MissingPatches               Retrieves information about missing patches by using the new Azure Log Analytics query language.

diff --git a/assets.zip b/assets.zip
diff --git a/core/modules/monkeyhtml/private/htmlicons/Get-HtmlIcon.ps1 b/core/modules/monkeyhtml/private/htmlicons/Get-HtmlIcon.ps1
@@ -52,6 +52,7 @@ Function Get-HtmlIcon{
             'Subscription Security'='assets/inc-azicons/general/10002-icon-service-Subscriptions.svg'
             'Azure Subscription'='assets/inc-azicons/general/10002-icon-service-Subscriptions.svg'
             'Azure Defender'='assets/inc-azicons/security/02247-icon-service-Azure-Defender.svg'
+            'Microsoft Defender for Cloud'='assets/inc-azicons/Security/02247-icon-service-Azure-Defender.svg'
             'Azure Log Profile'='assets/inc-azicons/management + governance/00001-icon-service-Monitor.svg'
             'Azure Alerts'='assets/inc-azicons/management + governance/00002-icon-service-Alerts.svg'
             'Azure KeyVault'='assets/inc-azicons/security/10245-icon-service-Key-Vaults.svg'

diff --git a/plugins/azure/security/securitycenter/Get-MonkeyAzSecCenterConfig.ps1 b/plugins/azure/security/securitycenter/Get-MonkeyAzSecCenterConfig.ps1
@@ -16,10 +16,10 @@
 Function Get-MonkeyAZSecCenterConfig{
     <#
         .SYNOPSIS
-		Azure plugin to get security center settings
+		Azure plugin to get Microsoft Defender for Cloud settings
 
         .DESCRIPTION
-		Azure plugin to get security center settings
+		Azure plugin to get Microsoft Defender for Cloud settings
 
         .INPUTS
 
@@ -50,12 +50,12 @@ Function Get-MonkeyAZSecCenterConfig{
         $Environment = $O365Object.Environment
         #Get Azure RM Auth
         $rm_auth = $O365Object.auth_tokens.ResourceManager
-        #Get Security Center Config
+        #Get Microsoft Defender for Cloud Config
         $AzureSecCenterConfig = $O365Object.internal_config.resourceManager | Where-Object {$_.name -eq "securityCenter"} | Select-Object -ExpandProperty resource
     }
     Process{
         $msg = @{
-            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "Azure Security Center Configuration", $O365Object.current_subscription.DisplayName);
+            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "Microsoft Defender for Cloud Configuration", $O365Object.current_subscription.DisplayName);
             callStack = (Get-PSCallStack | Select-Object -First 1);
             logLevel = 'info';
             InformationAction = $InformationAction;
@@ -84,7 +84,7 @@ Function Get-MonkeyAZSecCenterConfig{
         }
         else{
             $msg = @{
-                MessageData = ($message.MonkeyEmptyResponseMessage -f "Azure Security Center", $O365Object.TenantID);
+                MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Defender for Cloud", $O365Object.TenantID);
                 callStack = (Get-PSCallStack | Select-Object -First 1);
                 logLevel = 'warning';
                 InformationAction = $InformationAction;

diff --git a/plugins/azure/security/securitycenterbuiltin/Get-MonkeyAzSecCenterBuiltin.ps1 b/plugins/azure/security/securitycenterbuiltin/Get-MonkeyAzSecCenterBuiltin.ps1
@@ -16,10 +16,10 @@
 Function Get-MonkeyAzSecCenterBuiltin{
     <#
         .SYNOPSIS
-		Azure plugin to get Security Center Builtin
+		Azure plugin to get Microsoft Defender for Cloud Builtin
 
         .DESCRIPTION
-		Azure plugin to get Security Center Builtin
+		Azure plugin to get Microsoft Defender for Cloud Builtin
 
         .INPUTS
 
@@ -55,14 +55,14 @@ Function Get-MonkeyAzSecCenterBuiltin{
     }
     Process{
         $msg = @{
-            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "Azure Security Center BuiltIn", $O365Object.current_subscription.DisplayName);
+            MessageData = ($message.MonkeyGenericTaskMessage -f $pluginId, "Microsoft Defender for Cloud BuiltIn", $O365Object.current_subscription.DisplayName);
             callStack = (Get-PSCallStack | Select-Object -First 1);
             logLevel = 'info';
             InformationAction = $InformationAction;
             Tags = @('AzureSecCenterInfo');
         }
         Write-Information @msg
-        #List Security Center Bulletin
+        #List Microsoft Defender for Cloud Bulletin
         $params = @{
             Authentication = $rm_auth;
             Provider = $azure_auth_config.provider;
@@ -92,7 +92,7 @@ Function Get-MonkeyAzSecCenterBuiltin{
         }
         else{
             $msg = @{
-                MessageData = ($message.MonkeyEmptyResponseMessage -f "Azure Security Center BuiltIn", $O365Object.TenantID);
+                MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Defender for Cloud BuiltIn", $O365Object.TenantID);
                 callStack = (Get-PSCallStack | Select-Object -First 1);
                 logLevel = 'warning';
                 InformationAction = $InformationAction;

diff --git a/...ings/Azure/Databases/SQL Server/azure-sql-server-advanced-threat-protection-disabled.json b/...ings/Azure/Databases/SQL Server/azure-sql-server-advanced-threat-protection-disabled.json
@@ -3,14 +3,14 @@
     "menu_name":  "Databases",
     "issue_name":  "Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'",
     "description":  "Advanced data security is a unified package for advanced SQL security capabilities. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database.",
-    "rationale":  "Azure Defender for SQL is a unified package for advanced SQL security capabilities. Azure Defender is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.",
-    "impact":  "Azure Defender for SQL is a paid feature and will incur additional cost for each SQL server.",
+    "rationale":  "Microsoft Defender for Cloud for SQL is a unified package for advanced SQL security capabilities. Microsoft Defender for Cloud is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.",
+    "impact":  "Microsoft Defender for Cloud for SQL is a paid feature and will incur additional cost for each SQL server.",
     "remediation":  '
 					###### From Azure Console
 					1. Go to `SQL servers`.
 					2. For each server instance
-					3. Click on `Azure Defender` for SQL
-					4. Set Azure Defender for SQL to `On`
+					3. Click on `Microsoft Defender for Cloud` for SQL
+					4. Set Microsoft Defender for Cloud for SQL to `On`
 	',
     "references":  [
                        "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql",

diff --git a/...dings/Azure/Databases/SQL Server/azure-sql-server-vulnerability-assessments-disabled.json b/...dings/Azure/Databases/SQL Server/azure-sql-server-vulnerability-assessments-disabled.json
@@ -3,15 +3,15 @@
     "menu_name":  "Databases",
     "issue_name":  "Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account",
     "description":  "Consider to enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.",
-    "rationale":  "Enabling Azure Defender for SQL server does not enables Vulnerability Assessment capability for individual SQL databases unless storage account is set to store the scanning data and reports.  
+    "rationale":  "Enabling Microsoft Defender for Cloud for SQL server does not enables Vulnerability Assessment capability for individual SQL databases unless storage account is set to store the scanning data and reports.  
 				   The Vulnerability Assessment service scans databases for known security vulnerabilities and highlight deviations from best practices, such as misconfigurations, excessivepermissions, and unprotected sensitive data. Results of the scan include actionable steps to resolve each issue and provide customized remediation scripts where applicable. Additionally an assessment report can be customized by setting an acceptable baseline for permission configurations, feature configurations, and database settings.",
-    "impact":  "Enabling the **Azure Defender** for SQL features will incur additional costs for each SQL server.",
+    "impact":  "Enabling the **Microsoft Defender for Cloud** for SQL features will incur additional costs for each SQL server.",
     "remediation":  '
 					###### From Azure Console
 					1. Go to `SQL servers`.
 					2. Select a server instance
-					3. Click on `Security Center`
-					4. Select `Enable Azure Defender for SQL`
+					3. Click on `Microsoft Defender for Cloud`
+					4. Select `Enable Microsoft Defender for Cloud for SQL`
 					5. In Section `Vulnerability Assessment Settings`, Click `Storage Account`
 					6. Choose Storage Account (Existing or Create New). Click `Ok`
 					7. Click `Save`
@@ -43,7 +43,7 @@
    ],
 	"shouldExist":  "true",
     "returnObject":  {
-                         "Azure Defender":  "Vulnerability Assessment",
+                         "Microsoft Defender for Cloud":  "Vulnerability Assessment",
                          "Status":  "Not configured"
                      },
     "id_suffix":  "sql_server_va_disabled"

diff --git a/...ases/SQL Server/azure-sql-server-vulnerability-assessments-reportsto-admins-disabled.json b/...ases/SQL Server/azure-sql-server-vulnerability-assessments-reportsto-admins-disabled.json
@@ -4,13 +4,13 @@
     "issue_name":  "Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server",
     "description":  "Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.",
     "rationale":  "VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.",
-    "impact":  "Enabling the **Azure Defender** for SQL features will incur additional costs for each SQL server.",
+    "impact":  "Enabling the **Microsoft Defender for Cloud** for SQL features will incur additional costs for each SQL server.",
     "remediation":  '
 					###### From Azure Console
 					1. Go to `SQL servers`.
 					2. Select a server instance
-					3. Click on `Security Center`
-					4. Ensure that `Azure Defender for SQL` is set to `Enabled`
+					3. Click on `Microsoft Defender for Cloud`
+					4. Ensure that `Microsoft Defender for Cloud for SQL` is set to `Enabled`
 					5. In Section `Vulnerability Assessment Settings`, Ensure Storage Accounts is configured.
 					6. Check/enable "Also send email notifications to admins and subscription owners"
 					7. Click `Save`

diff --git a/...atabases/SQL Server/azure-sql-server-vulnerability-assessments-send-reports-disabled.json b/...atabases/SQL Server/azure-sql-server-vulnerability-assessments-send-reports-disabled.json
@@ -4,13 +4,13 @@
     "issue_name":  "Ensure that VA setting Send scan reports to is configured for a SQL server",
     "description":  "Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers.",
     "rationale":  "Vulnerability Assessment (VA) scan reports and alerts will be sent to email ids configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.",
-    "impact":  "Enabling the **Azure Defender** for SQL features will incur additional costs for each SQL server.",
+    "impact":  "Enabling the **Microsoft Defender for Cloud** for SQL features will incur additional costs for each SQL server.",
     "remediation":  '
 					###### From Azure Console
 					1. Go to `SQL servers`.
 					2. Select a server instance
-					3. Click on `Security Center`
-					4. Ensure that `Azure Defender for SQL` is set to `Enabled`
+					3. Click on `Microsoft Defender for Cloud`
+					4. Ensure that `Microsoft Defender for Cloud for SQL` is set to `Enabled`
 					5. In Section `Vulnerability Assessment Settings`, Ensure Storage Accounts is configured.
 					6. In Section `Vulnerability Assessment Settings`, Ensure Send scan reports to is not empty
 	',

diff --git a/...re/Databases/SQL Server/azure-sql-server-vulnerability-periodic-assessments-disabled.json b/...re/Databases/SQL Server/azure-sql-server-vulnerability-periodic-assessments-disabled.json
@@ -4,13 +4,13 @@
     "issue_name":  "Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server",
     "description":  "Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.",
     "rationale":  "VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases. Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.",
-    "impact":  "Enabling the **Azure Defender** for SQL features will incur additional costs for each SQL server.",
+    "impact":  "Enabling the **Microsoft Defender for Cloud** for SQL features will incur additional costs for each SQL server.",
     "remediation":  '
 					###### From Azure Console
 					1. Go to `SQL servers`.
 					2. Select a server instance
-					3. Click on `Security Center`
-					4. Ensure that `Azure Defender for SQL` is set to `Enabled`
+					3. Click on `Microsoft Defender for Cloud`
+					4. Ensure that `Microsoft Defender for Cloud for SQL` is set to `Enabled`
 					5. In Section `Vulnerability Assessment Settings`, Ensure Storage Accounts is configured.
 					6. In Section `Vulnerability Assessment Settings`, Ensure Periodic recurring scans is set to `On`
 	',

diff --git a/rules/findings/Azure/Defender/azure-defender-missing-appservice-protection.json b/rules/findings/Azure/Defender/azure-defender-missing-appservice-protection.json
@@ -1,21 +1,21 @@
 {
-    "dashboard_name":  "Azure Defender",
+    "dashboard_name":  "Microsoft Defender for Cloud",
     "menu_name":  "Subscription",
-    "issue_name":  "Ensure that Azure Defender is set to On for App Service",
-    "description":  "Turning on Azure Defender enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.",
-    "rationale":  "Enabling Azure Defender for App Service allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).",
-    "impact":  "Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.",
+    "issue_name":  "Ensure that Microsoft Defender for Cloud is set to On for App Service",
+    "description":  "Turning on Microsoft Defender for Cloud enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
+    "rationale":  "Enabling Microsoft Defender for Cloud for App Service allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).",
+    "impact":  "Turning on Microsoft Defender for Cloud in Microsoft Defender for Cloud incurs an additional cost per resource.",
     "remediation":  "
 					###### From Azure Console
-					1. Go to `Security Center`
-					2. Select `Pricing & settings blade`
+					1. Go to `Microsoft Defender for Cloud`
+					2. Select `Environment settings`
 					3. Click on the subscription name
-					4. Select the `Azure Defender plans` blade
+					4. Select the `Defender plans` blade
 					5. On the line in the table for `App Service` Select `On` under `Plan`.
 					6. Select `Save`
 	",
     "references":  [
-                       "https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities",
+                       "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview",
 					   "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list",
 					   "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update",
 					   "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing",

diff --git a/rules/findings/Azure/Defender/azure-defender-missing-container-registries-protection.json b/rules/findings/Azure/Defender/azure-defender-missing-container-registries-protection.json
@@ -1,21 +1,21 @@
 {
-    "dashboard_name":  "Azure Defender",
+    "dashboard_name":  "Microsoft Defender for Cloud",
     "menu_name":  "Subscription",
-    "issue_name":  "Ensure that Azure Defender is set to On for Container Registries",
-    "description":  "Turning on Azure Defender enables threat detection for Container Registries, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.",
-    "rationale":  "Enabling Azure Defender for Container Registries allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).",
-    "impact":  "Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.",
+    "issue_name":  "Ensure that Microsoft Defender for Cloud is set to On for Container Registries",
+    "description":  "Turning on Microsoft Defender for Cloud enables threat detection for Container Registries, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
+    "rationale":  "Enabling Microsoft Defender for Cloud for Container Registries allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).",
+    "impact":  "Turning on Microsoft Defender for Cloud in Microsoft Defender for Cloud incurs an additional cost per resource.",
     "remediation":  "
 					###### From Azure Console
-					1. Go to `Security Center`
-					2. Select `Pricing & settings blade`
+					1. Go to `Microsoft Defender for Cloud`
+					2. Select `Environment settings`
 					3. Click on the subscription name
-					4. Select the `Azure Defender plans` blade
+					4. Select the `Defender plans` blade
 					5. On the line in the table for `Container Registries` Select `On` under `Plan`.
 					6. Select `Save`
 	",
     "references":  [
-                       "https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities",
+                       "https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview",
 					   "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list",
 					   "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update",
 					   "https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing",