Free Assessment

Azure_Monitor_6

Ensure that Activity Log Alert exists for Create or Update Security Solution

Description

Create an activity log alert for the Create or Update Security Solution event.

Remediation

Azure Command Line Interface 2.0:

Use the below command to create an Activity Log Alert for Create or Update Security
Solutions.

az account get-access-token –query {subscription:subscription,accessToken:accessToken} –out tsv | xargs -L1 bash -c ‘ curl – X PUT – H Authorization : Bearer $1 – H Content – Type : application / json https :// management.azure.com / subscriptions / $0 / resourceGroups /& lt;Resource_Group_ToCreate_Alert_In & gt;/ providers / microsoft.insights / activityLogAlerts /& lt;Unique_Alert_Name & gt;?api – version = 2017 – 04 – 01 – d@input.json ‘

Where input.json contains the Request body JSON data as mentioned below.

{location:Global,tags:{},properties:{scopes:[/subscriptions/<Subscription_ID>],enabled:true,condition:{allOf:[{containsAny:null,equals:Administrative,field:category},{containsAny:null,equals:Microsoft.Security/securitySolutions/write,field:operationName}]},actions:{actionGroups:[{actionGroupId:/subscriptions/<Subscription_ID>/resourceGroups/<Resource_Group_For_Alert_Group>/providers/microsoft.insights/actionGroups/<Alert_Group>,webhookProperties:null}]}}}

Configurable Parameters for command line:

  1. <Resource_Group_To Create_Alert_In>
  2. <Unique_Alert_Name>

Configurable Parameters for input.json :

  1. <Subscription_ID> in scopes
  2. <Subscription_ID> in actionGroupId
  3. <Resource_Group_For_Alert_Group> in actionGroupId
  4. <Alert_Group> in actionGroupId

References:

  1. https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement
  2. https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log
  3. https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate
  4. https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid 

Service

Logging and Monitoring

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More