Rediger

Del via

Review security findings in the AKS security dashboard

The AKS security dashboard shows security findings for an Azure Kubernetes Service (AKS) cluster in Microsoft Defender for Cloud.

It includes alerts, vulnerabilities, misconfigurations, and compliance results to help you identify and prioritize issues.

Prerequisites

To use the AKS Security dashboard, ensure you have:

Review security findings

Security alerts

Security alerts indicate suspicious activity or potential threats detected in the cluster.

Alerts are prioritized by severity to help you identify which issues to investigate first:

  • High High probability that the resource is compromised. Investigate immediately.
  • Medium Indicates suspicious activity that might represent a compromise.
  • Low Might indicate a benign or blocked activity.
  • Informational Provides context and might be relevant when correlated with other alerts.

Investigate a security alert

  1. Sign in to the Azure portal.

  2. Go to Kubernetes services > Clusters.

  3. Select the relevant AKS cluster.

  4. Select Microsoft Defender for Cloud.

  5. In the Security alerts tab, select an alert to open the details pane.

In the details pane:

  • Review the alert details and recommended remediation steps.
  • Use related entities to identify affected resources.
  • Select Open logs to investigate activity within the relevant timeframe.
  • Create a suppression rule if the alert isn't relevant for your organization.
  • Configure security rules for supported alert types.

After you mitigate the issue, update the alert status.

Screenshot of the Security alerts tab showing alert details.

Vulnerability assessment

The vulnerability assessment section shows vulnerabilities for running container images and Kubernetes node pools.

Findings are prioritized by severity. When Defender CSPM is enabled, prioritization also considers contextual risk signals.

Each finding includes affected packages, associated CVEs, and the fixed version to remediate the issue.

Vulnerabilities can include:

  • OS packages (Linux and Windows)
  • Language-specific packages (Linux)

For supported configurations, see the support matrix for Defender for Containers.

Review vulnerability findings

  1. Sign in to the Azure portal.

  2. Go to Kubernetes services > Clusters.

  3. Select the relevant AKS cluster.

  4. Select Microsoft Defender for Cloud.

  5. In the Vulnerabilities tab, select a component to open the details pane.

In the details pane:

  • Review affected packages and associated CVEs.
  • Identify the fixed version for the vulnerable package.
  • Update the container image or dependency to remediate the issue.

If expected vulnerabilities don't appear, verify that the image, package type, and environment are supported. See the support matrix for Defender for Containers.

Screenshot of the Vulnerabilities tab showing vulnerable components and severity.

Misconfigurations

Misconfigurations identify security configuration issues in Kubernetes resources, cluster settings, and running workloads.

Findings are based on Azure Policy and Kubernetes configuration assessments.

Each finding includes remediation guidance. Some findings support automated remediation through Quick Fix or policy enforcement.

Review and remediate misconfigurations

  1. Sign in to the Azure portal.

  2. Go to Kubernetes services > Clusters.

  3. Select the relevant AKS cluster.

  4. Select Microsoft Defender for Cloud.

  5. In the Misconfigurations tab, select a finding to open the details pane.

In the details pane:

  • Review the description and remediation steps.
  • For cluster-level misconfigurations, select Quick Fix when available.
  • For workload issues, apply the recommended Azure Policy to prevent recurrence.
  • Assign an owner to track remediation (requires Defender CSPM).

Screenshot of the Misconfigurations tab displaying security configuration issues.

Compliance

The compliance section shows the cluster’s status against regulatory standards and benchmarks.

It lists controls that the cluster doesn't meet and provides recommendations to help you remediate them.

Assess compliance

  1. Sign in to the Azure portal.

  2. Go to Kubernetes services > Clusters.

  3. Select the relevant AKS cluster.

  4. Select Microsoft Defender for Cloud.

  5. In the Compliance tab, review failing controls.

  6. Select a control to open the details pane.

In the details pane:

  • Review the recommendation and remediation steps.
  • Apply the required changes to meet the control.

Screenshot of the Compliance tab showing regulatory compliance assessment results.

  • Last updated on