Apologies for the delayed response. Defender for Cloud uses freshness intervals in its recommendations. Depending on the recommendation, it's updated between 30 minutes and 24 hours.
Defender for Cloud reporting fixed issues for an AKS cluster
Hi, I have an AKS cluster where a few security recommendations are reported. I believe I have mitigated some of them already, but they are still shown.
Namely, there is
- Container images should be deployed from trusted registries only
- Azure Kubernetes Service clusters should have Defender profile enabled
- Kubernetes clusters should disable automounting API credentials
I will include screenshots of what I can see in the UI to be as descriptive as possible.
Let's look at the last one as that's pretty straightforward. When I click at it for details, then View policy definition, I see that it's assigned to the cluster.
Yet, this exact policy that is reporting OK is still listed as problematic in the Defender for Cloud list. Why is that? The same case applies to the other policies as well. The policy itself is active, it won't let me deploy pods that do not disable automounting the credentials. But no matter what I do the policy is still listed as not enforced in the Defender overview and I am getting flagged by the security department for having "High" severity security recommendations pending.
For future readers' reference, I also asked the same question on S/O: https://stackoverflow.com/questions/72981584/azure-defender-for-cloud-reporting-issues-that-have-already-been-fixed
1 answer
Sort by: Most helpful
-
Givary-MSFT 27,886 Reputation points Microsoft Employee
2022-08-04T12:14:20.03+00:00