Framework/Configurations/SVT/ControlSettings.json

{
  "Diagnostics_RetentionPeriod_Min": 365,
  "Diagnostics_RetentionPeriod_Forever": 0,
  "KeyVault": {
    "KeyRotationDuration_Days": 365,
    "SecretRotationDuration_Days": 180,
    "KeyType": "RSA-HSM",
    "ADAppCredentialTypeCrt": "AsymmetricX509Cert",
    "ADAppCredentialTypePwd": "Password"
  },
  "SqlServer": {
    "AuditRetentionPeriod_Min": 365,
    "AuditRetentionPeriod_Forever": 0
  },
  "AnalysisService": {
    "Max_Admin_Count": 2
  },
  "ERvNet": {
    "ResourceLockLevel": "ReadOnly"
  },
  "VirtualMachine": {
    "Windows": {
      "SupportedSkuList": [],
      "ManagementPortList": [
        {
          "Name": "RDP",
          "Port": 3389
        },
        {
          "Name": "WINRM",
          "Port": 5985
        }
      ],
      "BaselineIds": [],
      "ASCRecommendations": [ "EncryptionOnVm", "InstallAntimalware", "VulnerabilityAssessmentDeployment" ],
      "ASCApprovedPatchingHealthStatuses": [ "Healthy" ],
      "ASCApprovedBaselineStatuses": [ "Healthy" ],
      "QueryforBaselineRule": [ "SecurityBaseline | where TimeGenerated >ago(1d) | where ResourceId ==\"{0}\" | summarize arg_max(TimeGenerated,*)by Description| where AnalyzeResult == \"Failed\" " ],
      "QueryforMissingPatches": [ "Update | where TimeGenerated >ago(1d) |where OSType != \"Linux\" and UpdateState =~ \"Needed\" and iff(isnotnull(toint(Optional)), Optional == false, Optional == \"false\") == true and iff(isnotnull(toint(Approved)), Approved != false, Approved != \"false\") == true and (Classification == \"Security Updates\" or Classification == \"Critical Updates\") and ResourceId ==\"{0}\"| summarize AggregatedValue =dcount(UpdateID) by UpdateID,Title |limit 1000000000 " ]
    },
    "Linux": {
      "SupportedSkuList": [],
      "ManagementPortList": [
        {
          "Name": "RDP",
          "Port": 3389
        },
        {
          "Name": "SSH",
          "Port": 22
        }
      ],
      "BaselineIds": [],
      "ASCRecommendations": [],
      "ASCApprovedPatchingHealthStatuses": [ "Healthy" ],
      "ASCApprovedBaselineStatuses": [ "Healthy" ],
      "QueryforBaselineRule": [ "SecurityBaseline | where TimeGenerated >ago(1d) | where ResourceId ==\"{0}\" | summarize arg_max(TimeGenerated,*)by Description| where AnalyzeResult == \"Failed\" " ],
      "QueryforMissingPatches": [ "Update | where TimeGenerated >ago(1d) |where OSType == \"Linux\" and UpdateState =~ \"Needed\" and iff(isnotnull(toint(Optional)), Optional == false, Optional == \"false\") == true and iff(isnotnull(toint(Approved)), Approved != false, Approved != \"false\") == true and (Classification == \"Security Updates\" or Classification == \"Critical Updates\") and ResourceId ==\"{0}\"| summarize AggregatedValue =dcount(UpdateID) by UpdateID,Title |limit 1000000000 " ]
    },
    "Windows_OS_Baseline_Ids": []
  },
  "NoOfApprovedAdmins": 5,
  "NoOfClassicAdminsLimit": 2,
  "CriticalPIMRoles": [ "Owner", "Contributor" ],
  "WhitelistedMgmtCerts": {
    "Thumbprints": [],
    "ApprovedValidityRangeInDays": 732
  },
  "WhitelistedCustomRBACRoles": [
    {
      "Id": "21d96096-b162-414a-8302-d8354f9d91b2",
      "Name": "Azure Service Deploy Release Management Contributor"
    },
    {
      "Id": "9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc",
      "Name": "GenevaWarmPathResourceContributor"
    },
    {
      "Id": "7fd64851-3279-459b-b614-e2b2ba760f5b",
      "Name": "Office DevOps"
    },
    {
      "Id": "a48d7796-14b4-4889-afef-fbb65a93e5a2",
      "Name": "masterreader"
    },
    {
      "Id": "a042fe8d-14b3-4850-9120-e2f357577b2d",
      "Name": "Monitor permissions"
    }
  ],
  "UniversalIPRange": "0.0.0.0-255.255.255.255",
  "IPRangeStartIP": "0.0.0.0",
  "IPRangeEndIP": "255.255.255.255",
  "MetricAlert": {
    "Actions": {
      "SendToServiceOwners": true
    },
    "Batch": [
      {
        "Condition": {
          "DataSource": {
            "MetricName": "PoolDeleteCompleteEvent"
          },
          "OperatorProperty": "GreaterThan",
          "Threshold": 0,
          "TimeAggregation": "Total",
          "WindowSize": "01:00:00"
        },
        "IsEnabled": true
      },
      {
        "Condition": {
          "DataSource": {
            "MetricName": "PoolDeleteStartEvent"
          },
          "OperatorProperty": "GreaterThan",
          "Threshold": 0,
          "TimeAggregation": "Total",
          "WindowSize": "01:00:00"
        },
        "IsEnabled": true
      }
    ],
    "Storage": [
      {
        "Condition": {
          "DataSource": {
            "MetricName": "AnonymousSuccess"
          },
          "OperatorProperty": "GreaterThan",
          "Threshold": 0,
          "TimeAggregation": "Total",
          "WindowSize": "01:00:00"
        },
        "IsEnabled": true
      }
    ],
    "StreamAnalytics": [
      {
        "Condition": {
          "DataSource": {
            "MetricName": "AMLCalloutFailedRequests"
          },
          "OperatorProperty": "GreaterThan",
          "Threshold": 0,
          "TimeAggregation": "Total",
          "WindowSize": "00:05:00"
        },
        "IsEnabled": true
      },
      {
        "Condition": {
          "DataSource": {
            "MetricName": "Errors"
          },
          "OperatorProperty": "GreaterThan",
          "Threshold": 0,
          "TimeAggregation": "Total",
          "WindowSize": "00:05:00"
        },
        "IsEnabled": true
      }
    ]
  },
  "StorageKindMapping": [
    {
      "Kind": "BlobStorage",
      "Services": [
        "blob"
      ],
      "DiagnosticsLogServices": [
        "blob"
      ]
    },
    {
      "Kind": "Storage",
      "Services": [
        "blob",
        "file",
        "queue",
        "table"
      ],
      "DiagnosticsLogServices": [
        "blob",
        "queue",
        "table"
      ]
    },
    {
      "Kind": "StorageV2",
      "Services": [
        "blob",
        "file",
        "queue",
        "table"
      ],
      "DiagnosticsLogServices": [
        "blob",
        "queue",
        "table"
      ]
    }
  ],
  "AppService": {
    "Backup_RetentionPeriod_Min": 365,
    "Backup_RetentionPeriod_Forever": 0,
    "LatestDotNetFrameworkVersionNumber": "v4.0",
    "Minimum_Instance_Count": 2,
    "AADAuthAPIVersion": "2016-08-01",
    "LoadCertAppSettings": "WEBSITE_LOAD_CERTIFICATES"
  },
  "StorageDiagnosticsSkuMapping": [
    "StandardGRS",
    "StandardLRS",
    "StandardRAGRS",
    "StandardZRS"
  ],
  "StorageAlertSkuMapping": [
    "StandardGRS",
    "StandardLRS",
    "StandardRAGRS"
  ],
  "StorageGeoRedundantSku": [
    "StandardGRS",
    "StandardRAGRS"
  ],
  "RedisCache": {
    "FirewallApplicableSku": [
      "Premium"
    ],
    "RDBBackApplicableSku": [
      "Premium"
    ]
  },
  "CosmosDb": {
    "Firewall": {
      "IpLimitPerDb": 2048,
      "IpLimitPerRange": 256
    }
  },
  "Automation": {
    "WebhookValidityInDays": 60
  },
  "BaselineControls": {
    "ResourceTypeControlIdMappingList": [
 
    ],
    "SubscriptionControlIdList": [],
    "ExpiryInDays": 2,
    "SupportedSources": []
  },
  "CloudService": {
    "LatestOSSKUIDs": [ "WA-GUEST-OS-4.44_201707-01" ]
  },
  "AttestationExpiryPeriodInDays": {
    "Default": 90,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "SubscriptionCore": {
    "EnableV1AlertFailure": false
  },
  "EventHubOutput": {
    "TokenTimeOut": 1800,
    "TimeOut": 60,
    "APIVersion": "2014-01"
  },
  "DefaultValidAttestationStates": [ "NotAnIssue", "WillFixLater", "WillNotFix" ],
  "NewControlGracePeriodInDays": {
    "Default": 60,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "AttestationPeriodInDays": {
    "Default": 90,
    "ControlSeverity": {
      "Critical": 7,
      "High": 30,
      "Medium": 60,
      "Low": 90
    }
  },
  "ResultComplianceInDays": {
    "DefaultControls": 3,
    "OwnerAccessControls": 90
  }
}