Skip to content

azurermSecurityCenterAssessmentPolicy

Manages the Security Center Assessment Metadata for Azure Security Center.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.securityCenterAssessmentPolicy.SecurityCenterAssessmentPolicy(
  this,
  "example",
  {
    description: "Test Description",
    display_name: "Test Display Name",
    severity: "Medium",
  }
);

Arguments Reference

The following arguments are supported:

  • description - (Required) The description of the Security Center Assessment.

  • displayName - (Required) The user-friendly display name of the Security Center Assessment.

  • severity - (Optional) The severity level of the Security Center Assessment. Possible values are low, medium and high. Defaults to medium.

  • categories - (Optional) A list of the categories of resource that is at risk when the Security Center Assessment is unhealthy. Possible values are unknown, compute, data, identityAndAccess, ioT and networking.

  • implementationEffort - (Optional) The implementation effort which is used to remediate the Security Center Assessment. Possible values are low, moderate and high.

  • remediationDescription - (Optional) The description which is used to mitigate the security issue.

  • threats - (Optional) A list of the threat impacts for the Security Center Assessment. Possible values are accountBreach, dataExfiltration, dataSpillage, denialOfService, elevationOfPrivilege, maliciousInsider, missingCoverage and threatResistance.

  • userImpact - (Optional) The user impact of the Security Center Assessment. Possible values are low, moderate and high.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Security Center Assessment Policy.

  • name - The GUID as the name of the Security Center Assessment Policy.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Security Center Assessment Policy.
  • read - (Defaults to 5 minutes) Used when retrieving the Security Center Assessment Policy.
  • update - (Defaults to 30 minutes) Used when updating the Security Center Assessment Policy.
  • delete - (Defaults to 30 minutes) Used when deleting the Security Center Assessment Policy.

Import

Security Assessments Policy can be imported using the resourceId, e.g.

terraform import azurerm_security_center_assessment_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Security/assessmentMetadata/metadata1