From 44f2b8291fe4c8d35b25c8c9ba6db75244e70871 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 14 Jan 2025 08:08:32 +0000 Subject: [PATCH] feat: update platform/amba library (automated) --- .../root.alz_archetype_definition.json | 4 + ...ba_connectivity.alz_policy_assignment.json | 6 + ...ba_networkchang.alz_policy_assignment.json | 6 + ...ba_notification.alz_policy_assignment.json | 3 + ...deploy_amba_web.alz_policy_assignment.json | 26 + ...Insights_Delete.alz_policy_definition.json | 284 +++++++++++ ...Processing_Rule.alz_policy_definition.json | 69 ++- ...lingLimit_Alert.alz_policy_definition.json | 482 ++++++++++++++++++ ...Processing_Rule.alz_policy_definition.json | 2 +- ...uteTable_Delete.alz_policy_definition.json | 283 ++++++++++ ...e_Routes_Delete.alz_policy_definition.json | 283 ++++++++++ ...onnectivity.alz_policy_set_definition.json | 96 +++- ...workChanges.alz_policy_set_definition.json | 96 +++- ...lerting-Web.alz_policy_set_definition.json | 283 +++++++++- ...tion-Assets.alz_policy_set_definition.json | 30 +- 15 files changed, 1940 insertions(+), 13 deletions(-) create mode 100644 platform/amba/policy_definitions/Deploy_ActivityLog_AppInsights_Delete.alz_policy_definition.json create mode 100644 platform/amba/policy_definitions/Deploy_AppInsightsThrottlingLimit_Alert.alz_policy_definition.json create mode 100644 platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Delete.alz_policy_definition.json create mode 100644 platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Routes_Delete.alz_policy_definition.json diff --git a/platform/amba/archetype_definitions/root.alz_archetype_definition.json b/platform/amba/archetype_definitions/root.alz_archetype_definition.json index e1725fc..cb58b70 100644 --- a/platform/amba/archetype_definitions/root.alz_archetype_definition.json +++ b/platform/amba/archetype_definitions/root.alz_archetype_definition.json @@ -7,6 +7,7 @@ ], "policy_definitions": [ "Deploy_AA_TotalJob_Alert", + "Deploy_ActivityLog_AppInsights_Delete", "Deploy_activitylog_Firewall_Delete", "Deploy_activitylog_KeyVault_Delete", "Deploy_activitylog_LAWorkspace_Delete", @@ -14,6 +15,8 @@ "Deploy_ActivityLog_ManagedHSMs_Delete", "Deploy_activitylog_NSG_Delete", "Deploy_activitylog_ResourceHealth_Unhealthy_Alert", + "Deploy_activitylog_RouteTable_Delete", + "Deploy_activitylog_RouteTable_Routes_Delete", "Deploy_activitylog_RouteTable_Update", "Deploy_activitylog_ServiceHealth_HealthAdvisory", "Deploy_activitylog_ServiceHealth_Incident", @@ -36,6 +39,7 @@ "Deploy_ALB_HealthProbeStatus_Alert", "Deploy_ALB_UsedSNATPorts_Alert", "Deploy_AlertProcessing_Rule", + "Deploy_AppInsightsThrottlingLimit_Alert", "Deploy_DNSZ_RegistrationCapacityUtil_Alert", "Deploy_ERCIR_ArpAvailability_Alert", "Deploy_ERCIR_BgpAvailability_Alert", diff --git a/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json index 6cba392..4cbd758 100644 --- a/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json +++ b/platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json @@ -184,6 +184,12 @@ "activityNSGDeletePolicyEffect": { "value": "deployIfNotExists" }, + "activityUDRDeletePolicyEffect": { + "value": "deployIfNotExists" + }, + "activityUDRRoutesDeletePolicyEffect": { + "value": "deployIfNotExists" + }, "activityUDRUpdatePolicyEffect": { "value": "deployIfNotExists" }, diff --git a/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json index 7cb2366..ce4d755 100644 --- a/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json +++ b/platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json @@ -43,6 +43,12 @@ "activityNSGDeletePolicyEffect": { "value": "deployIfNotExists" }, + "activityUDRDeletePolicyEffect": { + "value": "deployIfNotExists" + }, + "activityUDRRoutesDeletePolicyEffect": { + "value": "deployIfNotExists" + }, "activityUDRUpdatePolicyEffect": { "value": "deployIfNotExists" } diff --git a/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json index c048429..5c8eeb5 100644 --- a/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json +++ b/platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json @@ -61,6 +61,9 @@ "_deployed_by_alz_monitor": true } }, + "ALZNotificationAssetSuffix": { + "value": "-001" + }, "ALZWebhookServiceUri": { "value": [] }, diff --git a/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json b/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json index cff28b1..f61a6dc 100644 --- a/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json +++ b/platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json @@ -18,6 +18,9 @@ } ], "parameters": { + "ALZManagementSubscriptionId": { + "value": "" + }, "ALZMonitorDisableTagName": { "value": "MonitorDisable" }, @@ -29,6 +32,26 @@ "Sandbox" ] }, + "ALZMonitorResourceGroupLocation": { + "value": "eastus" + }, + "ALZMonitorResourceGroupName": { + "value": "rg-amba-alz-prod-001" + }, + "ALZMonitorResourceGroupTags": { + "value": { + "_deployed_by_alz_monitor": true + } + }, + "ALZUserAssignedManagedIdentityName": { + "value": "id-amba-alz-arg-reader-prod-001" + }, + "AppInsightsThrottlingLimitPolicyEffect": { + "value": "deployIfNotExists" + }, + "BYOUserAssignedManagedIdentityResourceId": { + "value": "" + }, "WSFCPUPercentagePolicyEffect": { "value": "deployIfNotExists" }, @@ -40,6 +63,9 @@ }, "WSFMemoryPercentagePolicyEffect": { "value": "deployIfNotExists" + }, + "activityAppInsightsDeletePolicyEffect": { + "value": "deployIfNotExists" } }, "metadata": { diff --git a/platform/amba/policy_definitions/Deploy_ActivityLog_AppInsights_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_ActivityLog_AppInsights_Delete.alz_policy_definition.json new file mode 100644 index 0000000..3ab371b --- /dev/null +++ b/platform/amba/policy_definitions/Deploy_ActivityLog_AppInsights_Delete.alz_policy_definition.json @@ -0,0 +1,284 @@ +{ + "name": "Deploy_ActivityLog_AppInsights_Delete", + "properties": { + "description": "Policy to Deploy Activity Log Application Insights Delete Alert", + "displayName": "Deploy Activity Log Application Insights Delete Alert (Preview)", + "metadata": { + "_deployed_by_amba": "True", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.0.0" + }, + "mode": "All", + "parameters": { + "MonitorDisableTagName": { + "defaultValue": "MonitorDisable", + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "type": "String" + }, + "MonitorDisableTagValues": { + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "type": "Array" + }, + "alertResourceGroupLocation": { + "defaultValue": "centralus", + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "type": "String" + }, + "alertResourceGroupName": { + "defaultValue": "rg-amba-monitoring-001", + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "type": "String" + }, + "alertResourceGroupTags": { + "defaultValue": { + "_deployed_by_amba": true + }, + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "type": "Object" + }, + "effect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "type": "String" + }, + "enabled": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "microsoft.insights/components", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "details": { + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", + "name": "[parameters('alertResourceGroupName')]", + "tags": "[parameters('alertResourceGroupTags')]", + "type": "Microsoft.Resources/resourceGroups" + }, + { + "apiVersion": "2019-10-01", + "dependsOn": [ + "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" + ], + "name": "ActivityAppInsightsDeleteAlert", + "properties": { + "mode": "Incremental", + "parameters": { + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupName": { + "type": "string" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2020-10-01", + "location": "global", + "name": "ActivityAppInsightsDelete", + "properties": { + "condition": { + "allOf": [ + { + "equals": "Administrative", + "field": "category" + }, + { + "equals": "Microsoft.Insights/Components/Delete", + "field": "operationName" + }, + { + "containsAny": [ + "succeeded" + ], + "field": "status" + } + ] + }, + "description": "Activity Log Application Insights Delete Alert", + "displayName": "Application Insights Resource Delete Alert (Preview)", + "enabled": "[parameters('enabled')]", + "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "scopes": [ + "[subscription().id]" + ] + }, + "tags": { + "_deployed_by_amba": true + }, + "type": "microsoft.insights/activityLogAlerts" + } + ], + "variables": {} + } + }, + "resourceGroup": "[parameters('alertResourceGroupName')]", + "type": "Microsoft.Resources/deployments" + } + ], + "variables": {} + } + } + }, + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" + }, + { + "count": { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]", + "where": { + "anyOf": [ + { + "allOf": [ + { + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" + } + ] + }, + { + "allOf": [ + { + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Microsoft.Insights/Components/Delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" + } + ] + } + ] + } + }, + "equals": 2 + } + ] + }, + "existenceScope": "resourcegroup", + "name": "ActivityAppInsightsDelete", + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/activityLogAlerts" + }, + "effect": "[parameters('effect')]" + } + }, + "policyType": "Custom" + }, + "type": "Microsoft.Authorization/policyDefinitions" +} \ No newline at end of file diff --git a/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json index 9b3a929..7e94a92 100644 --- a/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json +++ b/platform/amba/policy_definitions/Deploy_AlertProcessing_Rule.alz_policy_definition.json @@ -10,10 +10,24 @@ ], "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "version": "1.4.0" + "version": "1.5.0" }, "mode": "All", "parameters": { + "ALZAlertSeverity": { + "defaultValue": [ + "Sev0", + "Sev1", + "Sev2", + "Sev3", + "Sev4" + ], + "metadata": { + "description": "Severity of the alerts to apply action groups. Will apply to all severities if not specified.", + "displayName": "Alert Severities for Alert Processing Rule" + }, + "type": "Array" + }, "ALZArmRoleId": { "defaultValue": [], "metadata": { @@ -96,6 +110,14 @@ }, "type": "Object" }, + "ALZNotificationAssetSuffix": { + "defaultValue": "-001", + "metadata": { + "description": "Suffix for Alert Processing Rule and Action Group names", + "displayName": "Notification Asset Name Suffix" + }, + "type": "String" + }, "ALZWebhookServiceUri": { "defaultValue": [], "metadata": { @@ -166,6 +188,9 @@ "properties": { "mode": "incremental", "parameters": { + "ALZAlertSeverity": { + "value": "[parameters('ALZAlertSeverity')]" + }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" }, @@ -196,6 +221,9 @@ "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, + "ALZNotificationAssetSuffix": { + "value": "[parameters('ALZNotificationAssetSuffix')]" + }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, @@ -210,6 +238,9 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { + "ALZAlertSeverity": { + "type": "Array" + }, "ALZArmRoleId": { "type": "array" }, @@ -240,6 +271,9 @@ "ALZMonitorResourceGroupTags": { "type": "object" }, + "ALZNotificationAssetSuffix": { + "type": "string" + }, "ALZWebhookServiceUri": { "type": "Array" }, @@ -267,6 +301,9 @@ "properties": { "mode": "Incremental", "parameters": { + "ALZAlertSeverity": { + "value": "[parameters('ALZAlertSeverity')]" + }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" }, @@ -291,6 +328,9 @@ "ALZMonitorResourceGroupName": { "value": "[parameters('ALZMonitorResourceGroupName')]" }, + "ALZNotificationAssetSuffix": { + "value": "[parameters('ALZNotificationAssetSuffix')]" + }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, @@ -305,6 +345,9 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { + "ALZAlertSeverity": { + "type": "Array" + }, "ALZArmRoleId": { "type": "array" }, @@ -329,6 +372,9 @@ "ALZMonitorResourceGroupName": { "type": "string" }, + "ALZNotificationAssetSuffix": { + "type": "string" + }, "ALZWebhookServiceUri": { "type": "Array" }, @@ -344,7 +390,7 @@ "apiVersion": "2023-01-01", "condition": "[and(empty(parameters('BYOActionGroup')), empty(parameters('BYOAlertProcessingRule')))]", "location": "Global", - "name": "[concat('ag-AMBA-', subscription().displayName, '-001')]", + "name": "[concat('ag-AMBA-', subscription().displayName, parameters('ALZNotificationAssetSuffix'))]", "properties": { "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]", "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]", @@ -364,18 +410,25 @@ "apiVersion": "2021-08-08", "condition": "[empty(parameters('BYOAlertProcessingRule'))]", "dependsOn": [ - "[concat('ag-AMBA-', subscription().displayName, '-001')]" + "[concat('ag-AMBA-', subscription().displayName, parameters('ALZNotificationAssetSuffix'))]" ], "location": "Global", - "name": "[concat('apr-AMBA-',subscription().displayName, '-001')]", + "name": "[concat('apr-AMBA-',subscription().displayName, parameters('ALZNotificationAssetSuffix'))]", "properties": { "actions": [ { "actionType": "AddActionGroups", - "actiongroupIds": "[if(empty(parameters('BYOActionGroup')), array(concat(subscription().Id, '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-', subscription().displayName, '-001')), variables('varAGIds'))]" + "actiongroupIds": "[if(empty(parameters('BYOActionGroup')), array(concat(subscription().Id, '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-', subscription().displayName, parameters('ALZNotificationAssetSuffix'))), variables('varAGIds'))]" + } + ], + "conditions": [ + { + "field": "severity", + "operator": "Equals", + "values": "[parameters('ALZAlertSeverity')]" } ], - "description": "AMBA Notification Assets - Alert Processing Rule for Subscription", + "description": "[concat('AMBA Notification Assets - Alert Processing Rule for Subscription', parameters('ALZNotificationAssetSuffix'))]", "enabled": true, "scopes": [ "[subscription().Id]" @@ -401,7 +454,7 @@ "input": { "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]", "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]", - "useCommonAlertSchema": true + "useCommonAlertSchema": false }, "mode": "serial", "name": "varEmailReceivers" @@ -476,7 +529,7 @@ "existenceCondition": { "allOf": [ { - "equals": "AMBA Notification Assets - Alert Processing Rule for Subscription", + "equals": "[concat('AMBA Notification Assets - Alert Processing Rule for Subscription', parameters('ALZNotificationAssetSuffix'))]", "field": "Microsoft.AlertsManagement/actionRules/description" } ] diff --git a/platform/amba/policy_definitions/Deploy_AppInsightsThrottlingLimit_Alert.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_AppInsightsThrottlingLimit_Alert.alz_policy_definition.json new file mode 100644 index 0000000..32d9fed --- /dev/null +++ b/platform/amba/policy_definitions/Deploy_AppInsightsThrottlingLimit_Alert.alz_policy_definition.json @@ -0,0 +1,482 @@ +{ + "name": "Deploy_AppInsightsThrottlingLimit_Alert", + "properties": { + "description": "Policy to audit/deploy Application Insights Throttling Limit Reached Alert", + "displayName": "Deploy Application Insights Throttling Limit Reached Alert (Preview)", + "metadata": { + "_deployed_by_amba": "True", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.0.0" + }, + "mode": "All", + "parameters": { + "MonitorDisableTagName": { + "defaultValue": "MonitorDisable", + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "type": "String" + }, + "MonitorDisableTagValues": { + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "type": "Array" + }, + "UAMIResourceId": { + "defaultValue": "", + "metadata": { + "description": "The resource Id of the user assigned managed identity.", + "displayName": "User Assigned managed Identity resource Id." + }, + "type": "string" + }, + "autoMitigate": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "type": "String" + }, + "effect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "type": "String" + }, + "enabled": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "type": "String" + }, + "evaluationFrequency": { + "allowedValues": [ + "PT5M", + "PT10M", + "PT15M", + "PT30M", + "PT45M", + "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", + "PT6H", + "P1D" + ], + "defaultValue": "PT1H", + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "type": "String" + }, + "evaluationPeriods": { + "defaultValue": "1", + "metadata": { + "description": "The number of aggregated lookback points.", + "displayName": "Evaluation Periods" + }, + "type": "String" + }, + "failingPeriods": { + "defaultValue": "1", + "metadata": { + "description": "Number of failing periods before alert is fired", + "displayName": "Failing Periods" + }, + "type": "String" + }, + "operator": { + "allowedValues": [ + "GreaterThan", + "GreaterThanOrEqual" + ], + "defaultValue": "GreaterThan", + "metadata": { + "displayName": "Operator" + }, + "type": "String" + }, + "severity": { + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "type": "String" + }, + "threshold": { + "defaultValue": "32000", + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "type": "String" + }, + "timeAggregation": { + "allowedValues": [ + "Count" + ], + "defaultValue": "Count", + "metadata": { + "displayName": "TimeAggregation" + }, + "type": "String" + }, + "windowSize": { + "allowedValues": [ + "PT1M", + "PT5M", + "PT10M", + "PT15M", + "PT30M", + "PT45M", + "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", + "PT6H", + "P1D" + ], + "defaultValue": "P1D", + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Insights/components", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "details": { + "deployment": { + "properties": { + "mode": "incremental", + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" + }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, + "resourceId": { + "value": "[field('id')]" + }, + "resourceLocation": { + "value": "[field('location')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, + "timeAggregation": { + "value": "[parameters('timeAggregation')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "MonitorDisableTagName": { + "type": "String" + }, + "MonitorDisableTagValues": { + "type": "Array" + }, + "UAMIResourceId": { + "type": "string" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "evaluationPeriods": { + "type": "String" + }, + "failingPeriods": { + "type": "String" + }, + "operator": { + "type": "String" + }, + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "resourceLocation": { + "metadata": { + "description": "Location of the resource", + "displayName": "resourceLocation" + }, + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "timeAggregation": { + "type": "String" + }, + "windowSize": { + "type": "String" + } + }, + "resources": [ + { + "apiVersion": "2022-08-01-preview", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[parameters('UAMIResourceId')]": {} + } + }, + "location": "[parameters('resourceLocation')]", + "name": "[concat(parameters('resourceName'), '-ApplicationInsightsThrottlingLimitReachedAlert')]", + "properties": { + "autoMitigate": "[parameters('autoMitigate')]", + "criteria": { + "allOf": [ + { + "dimensions": [ + { + "name": "name", + "operator": "Include", + "values": [ + "*" + ] + } + ], + "failingPeriods": { + "minFailingPeriodsToAlert": "[parameters('failingPeriods')]", + "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]" + }, + "operator": "[parameters('operator')]", + "query": "[format('let policyThresholdString = \"{2}\"; let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Throttling-threshold-override_\"); let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\") | project _ResourceId = tolower(id)); let appInsightsResources = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | project _ResourceId = tolower(id), name); AppSystemEvents | where _ResourceId =~ \"{3}\" | where _ResourceId !in~ (excludedResources) | summarize numOfEvents = sum(toint(Measurements[\"BillingTelemetryCount\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Throttling-threshold-override_\", tags.[\"_amba-Throttling-threshold-override_\"], policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where numOfEvents \u003e appliedThreshold | join hint.remote=left kind=inner appInsightsResources on _ResourceId | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'), parameters('resourceId'))]", + "resourceIdColumn": "_ResourceId", + "threshold": 0, + "timeAggregation": "[parameters('timeAggregation')]" + } + ] + }, + "description": "Log Alert for Application Insights Throttling Limit Reached", + "displayName": "[concat(parameters('resourceName'), '-Application Insights Throttling Limit Reached (Preview)')]", + "enabled": "[parameters('enabled')]", + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" + }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, + "timeAggregation": { + "value": "[parameters('timeAggregation')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + } + }, + "scopes": [ + "[reference(parameters('resourceId'),'2020-02-02').WorkspaceResourceId]" + ], + "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]" + }, + "tags": { + "_deployed_by_amba": true + }, + "type": "Microsoft.Insights/scheduledQueryRules" + } + ], + "variables": {} + } + } + }, + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" + }, + { + "equals": 0, + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold" + }, + { + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" + }, + { + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" + }, + { + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" + }, + { + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" + }, + { + "equals": "[format('let policyThresholdString = \"{2}\"; let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Throttling-threshold-override_\"); let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | where parse_json(tostring(tags.[\"{0}\"])) in~ (\"{1}\") | project _ResourceId = tolower(id)); let appInsightsResources = (arg(\"\").resources | where type =~ \"Microsoft.Insights/components\" | project _ResourceId = tolower(id), name); AppSystemEvents | where _ResourceId =~ \"{3}\" | where _ResourceId !in~ (excludedResources) | summarize numOfEvents = sum(toint(Measurements[\"BillingTelemetryCount\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Throttling-threshold-override_\", tags.[\"_amba-Throttling-threshold-override_\"], policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where numOfEvents \u003e appliedThreshold | join hint.remote=left kind=inner appInsightsResources on _ResourceId | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'), field('id'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" + }, + { + "containsKey": "[parameters('UAMIResourceId')]", + "field": "identity.userAssignedIdentities" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/scheduledQueryRules" + }, + "effect": "[parameters('effect')]" + } + }, + "policyType": "Custom" + }, + "type": "Microsoft.Authorization/policyDefinitions" +} \ No newline at end of file diff --git a/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json index 59474c6..143f698 100644 --- a/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json +++ b/platform/amba/policy_definitions/Deploy_Suppression_AlertProcessing_Rule.alz_policy_definition.json @@ -140,7 +140,7 @@ "apiVersion": "2021-08-08", "dependsOn": [], "location": "Global", - "name": "[concat('apr-AMBA-',subscription().displayName, '-002')]", + "name": "[concat('apr-AMBA-',subscription().displayName, '-S001')]", "properties": { "actions": [ { diff --git a/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Delete.alz_policy_definition.json new file mode 100644 index 0000000..436b7f0 --- /dev/null +++ b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Delete.alz_policy_definition.json @@ -0,0 +1,283 @@ +{ + "name": "Deploy_activitylog_RouteTable_Delete", + "properties": { + "description": "Policy to Deploy Activity Log Route Table Delete Alert", + "displayName": "[Preview] Deploy Activity Log Route Table Delete Alert", + "metadata": { + "_deployed_by_amba": "True", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.0.0" + }, + "mode": "All", + "parameters": { + "MonitorDisableTagName": { + "defaultValue": "MonitorDisable", + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "type": "String" + }, + "MonitorDisableTagValues": { + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "type": "Array" + }, + "alertResourceGroupLocation": { + "defaultValue": "centralus", + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "type": "String" + }, + "alertResourceGroupName": { + "defaultValue": "rg-amba-monitoring-001", + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "type": "String" + }, + "alertResourceGroupTags": { + "defaultValue": { + "Project": "amba-monitoring" + }, + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "type": "Object" + }, + "effect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "type": "String" + }, + "enabled": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/routeTables", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "details": { + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", + "name": "[parameters('alertResourceGroupName')]", + "tags": "[parameters('alertResourceGroupTags')]", + "type": "Microsoft.Resources/resourceGroups" + }, + { + "apiVersion": "2019-10-01", + "dependsOn": [ + "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" + ], + "name": "ActivityUDRDelete", + "properties": { + "mode": "Incremental", + "parameters": { + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupName": { + "type": "string" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2020-10-01", + "location": "global", + "name": "ActivityUDRDelete", + "properties": { + "condition": { + "allOf": [ + { + "equals": "Administrative", + "field": "category" + }, + { + "equals": "Microsoft.Network/routeTables/delete", + "field": "operationName" + }, + { + "containsAny": [ + "succeeded" + ], + "field": "status" + } + ] + }, + "description": "Activity Log Route table Delete", + "enabled": "[parameters('enabled')]", + "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "scopes": [ + "[subscription().id]" + ] + }, + "tags": { + "_deployed_by_amba": true + }, + "type": "microsoft.insights/activityLogAlerts" + } + ], + "variables": {} + } + }, + "resourceGroup": "[parameters('alertResourceGroupName')]", + "type": "Microsoft.Resources/deployments" + } + ], + "variables": {} + } + } + }, + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" + }, + { + "count": { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]", + "where": { + "anyOf": [ + { + "allOf": [ + { + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" + } + ] + }, + { + "allOf": [ + { + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Microsoft.Network/routeTables/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" + } + ] + } + ] + } + }, + "equals": 2 + } + ] + }, + "existenceScope": "resourcegroup", + "name": "ActivityUDRDelete", + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/activityLogAlerts" + }, + "effect": "[parameters('effect')]" + } + }, + "policyType": "Custom" + }, + "type": "Microsoft.Authorization/policyDefinitions" +} \ No newline at end of file diff --git a/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Routes_Delete.alz_policy_definition.json b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Routes_Delete.alz_policy_definition.json new file mode 100644 index 0000000..026c7bd --- /dev/null +++ b/platform/amba/policy_definitions/Deploy_activitylog_RouteTable_Routes_Delete.alz_policy_definition.json @@ -0,0 +1,283 @@ +{ + "name": "Deploy_activitylog_RouteTable_Routes_Delete", + "properties": { + "description": "Policy to Deploy Activity Log Route Table Routes Delete Alert", + "displayName": "[Preview] Deploy Activity Log Routes Delete Alert", + "metadata": { + "_deployed_by_amba": "True", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.0.0" + }, + "mode": "All", + "parameters": { + "MonitorDisableTagName": { + "defaultValue": "MonitorDisable", + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "type": "String" + }, + "MonitorDisableTagValues": { + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "type": "Array" + }, + "alertResourceGroupLocation": { + "defaultValue": "centralus", + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "type": "String" + }, + "alertResourceGroupName": { + "defaultValue": "rg-amba-monitoring-001", + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "type": "String" + }, + "alertResourceGroupTags": { + "defaultValue": { + "Project": "amba-monitoring" + }, + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "type": "Object" + }, + "effect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "type": "String" + }, + "enabled": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/routeTables", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "details": { + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", + "name": "[parameters('alertResourceGroupName')]", + "tags": "[parameters('alertResourceGroupTags')]", + "type": "Microsoft.Resources/resourceGroups" + }, + { + "apiVersion": "2019-10-01", + "dependsOn": [ + "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" + ], + "name": "ActivityUDRRoutesDelete", + "properties": { + "mode": "Incremental", + "parameters": { + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupName": { + "type": "string" + }, + "enabled": { + "type": "string" + } + }, + "resources": [ + { + "apiVersion": "2020-10-01", + "location": "global", + "name": "ActivityUDRRoutesDelete", + "properties": { + "condition": { + "allOf": [ + { + "equals": "Administrative", + "field": "category" + }, + { + "equals": "Microsoft.Network/routeTables/routes/delete", + "field": "operationName" + }, + { + "containsAny": [ + "succeeded" + ], + "field": "status" + } + ] + }, + "description": "Activity Log Route table Routes Delete", + "enabled": "[parameters('enabled')]", + "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "scopes": [ + "[subscription().id]" + ] + }, + "tags": { + "_deployed_by_amba": true + }, + "type": "microsoft.insights/activityLogAlerts" + } + ], + "variables": {} + } + }, + "resourceGroup": "[parameters('alertResourceGroupName')]", + "type": "Microsoft.Resources/deployments" + } + ], + "variables": {} + } + } + }, + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" + }, + { + "count": { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]", + "where": { + "anyOf": [ + { + "allOf": [ + { + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" + } + ] + }, + { + "allOf": [ + { + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" + }, + { + "equals": "Microsoft.Network/routeTables/routes/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" + } + ] + } + ] + } + }, + "equals": 2 + } + ] + }, + "existenceScope": "resourcegroup", + "name": "ActivityUDRRoutesDelete", + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/activityLogAlerts" + }, + "effect": "[parameters('effect')]" + } + }, + "policyType": "Custom" + }, + "type": "Microsoft.Authorization/policyDefinitions" +} \ No newline at end of file diff --git a/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json index 6f33996..b7d0fdc 100644 --- a/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json +++ b/platform/amba/policy_set_definitions/Alerting-Connectivity.alz_policy_set_definition.json @@ -10,7 +10,7 @@ ], "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "version": "1.3.2" + "version": "1.4.2" }, "parameters": { "AFWSNATPortUtilizationAlertSeverity": { @@ -3596,6 +3596,46 @@ }, "type": "string" }, + "activityUDRDeleteAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity UDR Delete Alert State" + }, + "type": "string" + }, + "activityUDRDeletePolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity UDR Delete Policy Effect" + }, + "type": "string" + }, + "activityUDRRoutesDeleteAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity UDR Routes Delete Alert State" + }, + "type": "string" + }, + "activityUDRRoutesDeletePolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity UDR Routes Delete Policy Effect" + }, + "type": "string" + }, "activityUDRUpdateAlertState": { "defaultValue": "true", "metadata": { @@ -4802,6 +4842,60 @@ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update", "policyDefinitionReferenceId": "ALZ_activityUDRUpdate" }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "effect": { + "value": "[parameters('activityUDRDeletePolicyEffect')]" + }, + "enabled": { + "value": "[parameters('activityUDRDeleteAlertState')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Delete", + "policyDefinitionReferenceId": "ALZ_activityUDRDelete" + }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "effect": { + "value": "[parameters('activityUDRRoutesDeletePolicyEffect')]" + }, + "enabled": { + "value": "[parameters('activityUDRRoutesDeleteAlertState')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Routes_Delete", + "policyDefinitionReferenceId": "ALZ_activityUDRRoutesDelete" + }, { "parameters": { "MonitorDisableTagName": { diff --git a/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json index 7a478be..cd307ab 100644 --- a/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json +++ b/platform/amba/policy_set_definitions/Alerting-NetworkChanges.alz_policy_set_definition.json @@ -10,7 +10,7 @@ ], "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "version": "1.0.1" + "version": "1.1.1" }, "parameters": { "ALZMonitorDisableTagName": { @@ -80,6 +80,46 @@ }, "type": "string" }, + "activityUDRDeleteAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity UDR Delete Alert State" + }, + "type": "string" + }, + "activityUDRDeletePolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity UDR Delete Policy Effect" + }, + "type": "string" + }, + "activityUDRRoutesDeleteAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity UDR Routes Delete Alert State" + }, + "type": "string" + }, + "activityUDRRoutesDeletePolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity UDR Routes Delete Policy Effect" + }, + "type": "string" + }, "activityUDRUpdateAlertState": { "defaultValue": "true", "metadata": { @@ -129,6 +169,60 @@ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete", "policyDefinitionReferenceId": "ALZ_activityNSGDelete" }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "effect": { + "value": "[parameters('activityUDRRoutesDeletePolicyEffect')]" + }, + "enabled": { + "value": "[parameters('activityUDRRoutesDeleteAlertState')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Routes_Delete", + "policyDefinitionReferenceId": "ALZ_activityUDRRoutesDelete" + }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "effect": { + "value": "[parameters('activityUDRDeletePolicyEffect')]" + }, + "enabled": { + "value": "[parameters('activityUDRDeleteAlertState')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Delete", + "policyDefinitionReferenceId": "ALZ_activityUDRDelete" + }, { "parameters": { "MonitorDisableTagName": { diff --git a/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json index e9eed90..1fc6249 100644 --- a/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json +++ b/platform/amba/policy_set_definitions/Alerting-Web.alz_policy_set_definition.json @@ -10,9 +10,16 @@ ], "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "version": "1.0.0" + "version": "1.1.0" }, "parameters": { + "ALZManagementSubscriptionId": { + "defaultValue": "", + "metadata": { + "description": "The subscription ID of the management subscription where the user assigned managed identity will be created." + }, + "type": "string" + }, "ALZMonitorDisableTagName": { "defaultValue": "MonitorDisable", "metadata": { @@ -34,6 +41,185 @@ }, "type": "Array" }, + "ALZMonitorResourceGroupLocation": { + "defaultValue": "centralus", + "metadata": { + "description": "Location of the resource group", + "displayName": "ALZ Monitoring Resource Group Location" + }, + "type": "String" + }, + "ALZMonitorResourceGroupName": { + "defaultValue": "rg-amba-monitoring-001", + "metadata": { + "description": "Name of the resource group to deploy the ALZ monitoring resources to", + "displayName": "ALZ Monitoring Resource Group Name" + }, + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "defaultValue": { + "_deployed_by_alz_monitor": true + }, + "metadata": { + "description": "Tags to apply to the resource group", + "displayName": "ALZ Monitoring Resource Group Tags" + }, + "type": "Object" + }, + "ALZUserAssignedManagedIdentityName": { + "defaultValue": "id-AMBA-ARG-Reader-001", + "metadata": { + "description": "The name of the user assigned managed identity to be created for monitoring purpose.", + "displayName": "Name of the user assigned managed identity to be created." + }, + "type": "string" + }, + "AppInsightsThrottlingLimitAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "AApplication Insights Throttling Limit Reached Alert State" + }, + "type": "string" + }, + "AppInsightsThrottlingLimitAutoMitigate": { + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Application Insights Throttling Limit Reached Alert Auto Mitigate" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitEvaluationFrequency": { + "allowedValues": [ + "PT5M", + "PT10M", + "PT15M", + "PT30M", + "PT45M", + "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", + "PT6H", + "P1D" + ], + "defaultValue": "PT1H", + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Application Insights Throttling Limit Reached Alert Evaluation Frequency" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitEvaluationPeriods": { + "defaultValue": "1", + "metadata": { + "description": "The number of aggregated lookback points.", + "displayName": "Application Insights Throttling Limit Reached Alert Evaluation Periods" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitFailingPeriods": { + "defaultValue": "1", + "metadata": { + "description": "Number of failing periods before alert is fired", + "displayName": "Application Insights Throttling Limit Reached Alert Failing Periods" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitOperator": { + "allowedValues": [ + "GreaterThan", + "GreaterThanOrEqual" + ], + "defaultValue": "GreaterThan", + "metadata": { + "displayName": "Application Insights Throttling Limit Reached Alert Operator" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitPolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert", + "displayName": "Application Insights Throttling Limit Reached Alert Policy Effect" + }, + "type": "string" + }, + "AppInsightsThrottlingLimitSeverity": { + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "metadata": { + "description": "Severity of the Alert", + "displayName": "Application Insights Throttling Limit Reached Alert Severity" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitThreshold": { + "defaultValue": "32000", + "metadata": { + "description": "Threshold for the alert", + "displayName": "Application Insights Throttling Limit Reached Alert Threshold" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitTimeAggregation": { + "allowedValues": [ + "Count" + ], + "defaultValue": "Count", + "metadata": { + "displayName": "Application Insights Throttling Limit Reached Alert TimeAggregation" + }, + "type": "String" + }, + "AppInsightsThrottlingLimitWindowSize": { + "allowedValues": [ + "PT1M", + "PT5M", + "PT10M", + "PT15M", + "PT30M", + "PT45M", + "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", + "PT6H", + "P1D" + ], + "defaultValue": "P1D", + "metadata": { + "description": "Window size for the alert", + "displayName": "Application Insights Throttling Limit Reached Alert Window Size" + }, + "type": "String" + }, + "BYOUserAssignedManagedIdentityResourceId": { + "defaultValue": "", + "metadata": { + "description": "The resource Id of the user assigned managed identity provided by the customer.", + "displayName": "Customer defined User Assigned managed Identity resource Id." + }, + "type": "string" + }, "WSFCPUPercentageAlertSeverity": { "allowedValues": [ "0", @@ -353,6 +539,26 @@ "displayName": "WSF Memory Percentage Window Size" }, "type": "string" + }, + "activityAppInsightsDeleteAlertState": { + "defaultValue": "true", + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity Log Application Insights Alert Delete Alert State" + }, + "type": "string" + }, + "activityAppInsightsDeletePolicyEffect": { + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert", + "displayName": "Activity Log Application Insights Alert Delete Policy Effect" + }, + "type": "string" } }, "policyDefinitions": [ @@ -481,6 +687,81 @@ }, "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_WSF_HttpQueueLength_Alert", "policyDefinitionReferenceId": "ALZ_WSFHttpQueueLength" + }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + }, + "autoMitigate": { + "value": "[parameters('AppInsightsThrottlingLimitAutoMitigate')]" + }, + "effect": { + "value": "[parameters('AppInsightsThrottlingLimitPolicyEffect')]" + }, + "enabled": { + "value": "[parameters('AppInsightsThrottlingLimitAlertState')]" + }, + "evaluationFrequency": { + "value": "[parameters('AppInsightsThrottlingLimitEvaluationFrequency')]" + }, + "evaluationPeriods": { + "value": "[parameters('AppInsightsThrottlingLimitEvaluationPeriods')]" + }, + "failingPeriods": { + "value": "[parameters('AppInsightsThrottlingLimitFailingPeriods')]" + }, + "operator": { + "value": "[parameters('AppInsightsThrottlingLimitOperator')]" + }, + "severity": { + "value": "[parameters('AppInsightsThrottlingLimitSeverity')]" + }, + "threshold": { + "value": "[parameters('AppInsightsThrottlingLimitThreshold')]" + }, + "timeAggregation": { + "value": "[parameters('AppInsightsThrottlingLimitTimeAggregation')]" + }, + "windowSize": { + "value": "[parameters('AppInsightsThrottlingLimitWindowSize')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AppInsightsThrottlingLimit_Alert", + "policyDefinitionReferenceId": "ALZ_AppInsightsThrottlingLimitReached_Alert" + }, + { + "parameters": { + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "effect": { + "value": "[parameters('activityAppInsightsDeletePolicyEffect')]" + }, + "enabled": { + "value": "[parameters('activityAppInsightsDeleteAlertState')]" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ActivityLog_AppInsights_Delete", + "policyDefinitionReferenceId": "ALZ_activityAppInsightsDelete" } ], "policyType": "Custom" diff --git a/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json b/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json index 654a87b..6ad0560 100644 --- a/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json +++ b/platform/amba/policy_set_definitions/Notification-Assets.alz_policy_set_definition.json @@ -10,9 +10,23 @@ ], "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "version": "1.3.1" + "version": "1.4.1" }, "parameters": { + "ALZAlertSeverity": { + "defaultValue": [ + "Sev0", + "Sev1", + "Sev2", + "Sev3", + "Sev4" + ], + "metadata": { + "description": "Severity of the alerts to apply action groups. Will apply to all severities if not specified.", + "displayName": "Alert Severities for Alert Processing Rule" + }, + "type": "Array" + }, "ALZArmRoleId": { "defaultValue": [], "metadata": { @@ -116,6 +130,14 @@ }, "type": "Object" }, + "ALZNotificationAssetSuffix": { + "defaultValue": "-001", + "metadata": { + "description": "Suffix for Alert Processing Rule and Action Group names", + "displayName": "Notification Asset Name Suffix" + }, + "type": "String" + }, "ALZWebhookServiceUri": { "defaultValue": [], "metadata": { @@ -144,6 +166,9 @@ "policyDefinitions": [ { "parameters": { + "ALZAlertSeverity": { + "value": "[parameters('ALZAlertSeverity')]" + }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" }, @@ -174,6 +199,9 @@ "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, + "ALZNotificationAssetSuffix": { + "value": "[parameters('ALZNotificationAssetSuffix')]" + }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" },