azure-security-scanner
// Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
nameazure-security-scanner
descriptionAzure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
allowed-toolsBash,Read,Write,Glob,Grep,WebFetch
Azure Security Scanner Skill
Purpose
Automated Azure security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across Azure subscriptions and tenants.
Capabilities
Azure Security Center Assessments
- Run Microsoft Defender for Cloud security assessments
- Check secure score and recommendations
- Review security alerts and incidents
- Validate just-in-time VM access
- Check adaptive application controls
- Monitor regulatory compliance dashboards
Azure AD Security Analysis
- Analyze Azure AD conditional access policies
- Check MFA enforcement status
- Review privileged identity management (PIM)
- Identify risky sign-ins and users
- Analyze app registrations and service principals
- Check guest user access configurations
Network Security Group Analysis
- Review NSG rules for overly permissive access
- Check for open management ports (RDP, SSH)
- Validate application security groups
- Review Azure Firewall configurations
- Check DDoS protection status
- Analyze virtual network configurations
Storage Account Security
- Identify publicly accessible storage accounts
- Check encryption configurations (SSE, CMK)
- Review shared access signatures (SAS)
- Validate network access rules
- Check secure transfer requirements
- Review access keys rotation
Key Vault Security
- Check Key Vault access policies
- Validate network restrictions
- Review key expiration policies
- Check certificate configurations
- Verify soft-delete enablement
- Audit secret access patterns
Activity Logging Verification
- Validate Azure Activity Log configuration
- Check diagnostic settings on resources
- Review Log Analytics workspace security
- Verify Azure Monitor alert rules
- Check Azure Sentinel integration
Azure Policy Compliance
- Assess built-in policy compliance
- Check custom policy assignments
- Review policy exemptions
- Validate initiative assignments
- Generate compliance reports
Azure Services Covered
| Category | Services |
|---|---|
| Identity | Azure AD, PIM, Conditional Access |
| Compute | VMs, App Services, Functions, AKS |
| Storage | Storage Accounts, Blobs, Files |
| Database | SQL Database, Cosmos DB, PostgreSQL |
| Network | VNets, NSGs, Azure Firewall, WAF |
| Security | Defender, Key Vault, Sentinel |
| Monitoring | Monitor, Log Analytics, Application Insights |
Integrations
- Microsoft Defender for Cloud: Cloud security posture management
- Azure Policy: Governance and compliance
- Azure AD: Identity security
- ScoutSuite: Multi-cloud security auditing
- Azure Sentinel: SIEM and SOAR
Target Processes
- Cloud Security Architecture Review
- Compliance Monitoring
- Azure Subscription Hardening
- Security Posture Assessment
Input Schema
{
"type": "object",
"properties": {
"scanType": {
"type": "string",
"enum": ["full", "cis", "pci", "hipaa", "iso27001", "custom"],
"description": "Type of security scan"
},
"subscriptions": {
"type": "array",
"items": { "type": "string" },
"description": "Azure subscription IDs to scan"
},
"resourceGroups": {
"type": "array",
"items": { "type": "string" },
"description": "Specific resource groups to scan"
},
"services": {
"type": "array",
"items": { "type": "string" },
"description": "Specific services to scan"
},
"severityThreshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "PCI-DSS", "HIPAA", "ISO27001", "SOC2", "NIST"]
}
},
"includeAzureAD": {
"type": "boolean",
"description": "Include Azure AD security checks"
}
},
"required": ["scanType"]
}
Output Schema
{
"type": "object",
"properties": {
"scanId": {
"type": "string"
},
"scanTimestamp": {
"type": "string",
"format": "date-time"
},
"subscriptionsScanned": {
"type": "array"
},
"secureScore": {
"type": "object",
"properties": {
"current": { "type": "number" },
"max": { "type": "number" },
"percentage": { "type": "number" }
}
},
"summary": {
"type": "object",
"properties": {
"totalChecks": { "type": "integer" },
"passed": { "type": "integer" },
"failed": { "type": "integer" },
"warnings": { "type": "integer" }
}
},
"findingsBySeverity": {
"type": "object",
"properties": {
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"checkId": { "type": "string" },
"severity": { "type": "string" },
"service": { "type": "string" },
"resourceId": { "type": "string" },
"description": { "type": "string" },
"remediation": { "type": "string" },
"complianceMapping": { "type": "array" }
}
}
},
"azureAdFindings": {
"type": "array"
},
"policyCompliance": {
"type": "object"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
Usage Example
skill: {
name: 'azure-security-scanner',
context: {
scanType: 'cis',
subscriptions: ['subscription-id-1'],
complianceFrameworks: ['CIS', 'SOC2'],
includeAzureAD: true,
severityThreshold: 'medium'
}
}