Azure_Monitor_1
Create an activity log alert for the Create Policy Assignment event.
Azure Command Line Interface 2.0:
Use the below command to create an Activity Log Alert for Create policy assignment.
az account get-access-token –query {subscription:subscription,accessToken:accessToken} –out tsv | xargs -L1 bash -c ‘ curl – X PUT – H Authorization : Bearer $1 – H Content – Type : application / json https :// management.azure.com / subscriptions / $0 / resourceGroups /& lt;Resource_Group_To Create_Alert_In & gt;/ providersmicrosoft.insights / activityLogAlerts /& lt;Unique_Alert_Name & gt;?api – version = 2017 – 04 – 01 – d@input.json ‘ az account get-access-token –query {subscription:subscription,accessToken:accessToken} –out tsv | xargs -L1 bash -c ‘ curl – X PUT – H Authorization : Bearer $1 – H Content – Type : application / json https :// management.azure.com / subscriptions / $0 / resourceGroups /& lt;Resource_Group_To Create_Alert_In & gt;/ providersmicrosoft.insights / activityLogAlerts /& lt;Unique_Alert_Name & gt;?api – version = 2017 – 04 – 01 – d@input.json ‘
Where input.json contains the Request body JSON data as mentioned below.
{location:Global,tags:{},properties:{scopes:[/subscriptions/<Subscription_ID>],enabled:true,condition:{allOf:[{containsAny:null,equals:Administrative,field:category},{containsAny:null,equals:Microsoft.Authorization/policyAssignments/write,field:operationName}]},actions:{actionGroups:[{actionGroupId:/subscriptions/<Subscription_ID>/resourceGroups/<Resource_Group_For_Alert_Group>/providers/microsoft.insights/actionGroups/<Alert_Group>,webhookProperties:null}]}}}
Configurable Parameters for command line:
Configurable Parameters for input.json :
References:
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.