Framework/Configurations/SubscriptionSecurity/Subscription.InsARMAlerts.json
{
"Version": "3.1803.0", "AlertList": [ { "Name": "AzSK_SQL_Alert", "Description": "Alerts for SQL", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Create_new_or_update_existing_server_administrator", "Description": "Create or update server administrator", "OperationName": "Microsoft.Sql/servers/administrators/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_server_administrator", "Description": "Delete server administrator from the server", "OperationName": "Microsoft.Sql/servers/administrators/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_new_or_update_existing_server_firewall_rule", "Description": "Create or update server firewall rule that controls IP address range allowed to connect to the server", "OperationName": "Microsoft.Sql/servers/firewallRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_server_firewall_rule", "Description": "Delete firewall rule from the server", "OperationName": "Microsoft.Sql/servers/firewallRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_elastic_database_pool", "Description": "Delete existing elastic database pool", "OperationName": "Microsoft.Sql/servers/elasticPools/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_existing_server", "Description": "Delete a server and all contained databases and elastic pools", "OperationName": "Microsoft.Sql/servers/databases/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Force_terminate_the_replication_relationship", "Description": "Terminate the replication relationship forcefully and with potential data loss", "OperationName": "Microsoft.Sql/servers/databases/replicationLinks/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Terminate_the_replication_relationship", "Description": "Terminate the replication relationship forcefully or after synchronizing with the partner", "OperationName": "Microsoft.Sql/servers/databases/replicationLinks/unlink/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Set_database_data_masking_policy", "Description": "Change data masking policy for a given database", "OperationName": "Microsoft.Sql/servers/databases/dataMaskingPolicies/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_database_data_masking_policy_rule", "Description": "Delete data masking policy rule for a given database", "OperationName": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Set_database_data_masking_policy_rule", "Description": "Change data masking policy rule for a given database", "OperationName": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Set_database_connection_policy", "Description": "Change connection policy for a given database", "OperationName": "Microsoft.Sql/servers/databases/connectionPolicies/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Change_transparent_data_encryption_state", "Description": "Enable or disable transparent data encryption for a given database", "OperationName": "Microsoft.Sql/servers/databases/transparentDataEncryption/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Set_database_auditing_policy", "Description": "Change auditing policy for a given database", "OperationName": "Microsoft.Sql/servers/databases/auditingPolicies/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_Update_SQL_Server_Virtual_Network_Rule", "Description": "Creates a virtual network rule with the specified parameters or updates the properties or tags for the specified virtual network rule.", "OperationName": "Microsoft.Sql/servers/virtualNetworkRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Azure_SQL_Server_Virtual_Network_Rule", "Description": "Deletes an existing Virtual Network Rule.", "OperationName": "Microsoft.Sql/servers/virtualNetworkRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Services_Alert", "Description": "Alerts for Azure Services", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Create_or_Update_Namespace_Authorization_Rules", "Description": "Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated.", "OperationName": "Microsoft.ServiceBus/namespaces/authorizationRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Namespace_Authorization_Rule", "Description": "Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. ", "OperationName": "Microsoft.ServiceBus/namespaces/authorizationRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Get_Namespace_Listkeys", "Description": "Get the Connection String to the Namespace", "OperationName": "Microsoft.ServiceBus/namespaces/authorizationRules/listkeys/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Queue", "Description": "Operation to delete Queue Resource", "OperationName": "Microsoft.ServiceBus/namespaces/queues/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Queue_Authorization_Rule", "Description": "Create Queue Authorization Rules and Update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated.", "OperationName": "Microsoft.ServiceBus/namespaces/queues/authorizationRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Queue_Authorization_Rules", "Description": "Operation to delete Queue Authorization Rules", "OperationName": "Microsoft.ServiceBus/namespaces/queues/authorizationRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_List_Queue_keys", "Description": "Get the Connection String to Queue", "OperationName": "Microsoft.ServiceBus/namespaces/queues/authorizationRules/listkeys/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Topic", "Description": "Operation to delete Topic Resource", "OperationName": "Microsoft.ServiceBus/namespaces/topics/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Topic_Authorization_Rule", "Description": "Create Topic Authorization Rules and Update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated.", "OperationName": "Microsoft.ServiceBus/namespaces/topics/authorizationRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Topic_Authorization_Rules", "Description": "Operation to delete Topic Authorization Rules", "OperationName": "Microsoft.ServiceBus/namespaces/topics/authorizationRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_List_Topic_keys", "Description": "Get the Connection String to Topic", "OperationName": "Microsoft.ServiceBus/namespaces/topics/authorizationRules/listkeys/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_TopicSubscription", "Description": "Operation to delete TopicSubscription Resource", "OperationName": "Microsoft.ServiceBus/namespaces/topics/subscriptions/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_DataLakeStore_Account", "Description": "Delete an existed DataLakeStore account", "OperationName": "Microsoft.DataLakeStore/accounts/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Add_Firewall_Rule", "Description": "Create or update a firewall rule", "OperationName": "Microsoft.DataLakeStore/accounts/firewallRules/write", "Tags": [ "Mandatory" ], "Severity": "Medium", "Enabled": true }, { "Name": "AzSK_Delete_DataLakeAnalytics_Account", "Description": "Delete the DataLakeAnalytics account", "OperationName": "Microsoft.DataLakeAnalytics/accounts/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Unlink_Storage_Account", "Description": "Unlink a Storage account from the DataLakeAnalytics account", "OperationName": "Microsoft.DataLakeAnalytics/accounts/storageAccounts/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Unlink_DataLakeStore_Account", "Description": "Unlink a DataLakeStore account from the DataLakeAnalytics account", "OperationName": "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Virtual_Machine", "Description": "Creates a new virtual machine or updates an existing virtual machine", "OperationName": "Microsoft.Compute/virtualMachines/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Virtual_Machine", "Description": "Deletes the virtual machine", "OperationName": "Microsoft.Compute/virtualMachines/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Virtual_Machine_Extension", "Description": "Creates a new virtual machine extension or updates an existing one.", "OperationName": "Microsoft.Compute/virtualMachines/extensions/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Virtual_Machine_Extension", "Description": "Deletes the virtual machine extension.", "OperationName": "Microsoft.Compute/virtualMachines/extensions/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Subscription_Alert", "Description": "Alerts for Subscription Activities", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Assign_the_caller_to_User_Access_Administrator_role", "Description": "Grants the caller User Access Administrator access at the tenant scope", "OperationName": "Microsoft.Authorization/elevateAccess/action", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Set_administrator", "Description": "Add or modify administrator to a subscription.", "OperationName": "Microsoft.Authorization/classicAdministrators/write", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Delete_administrator", "Description": "Removes the administrator from the subscription.", "OperationName": "Microsoft.Authorization/classicAdministrators/delete", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Add_management_locks", "Description": "Add locks at the specified scope.", "OperationName": "Microsoft.Authorization/locks/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_management_locks", "Description": "Delete locks at the specified scope.", "OperationName": "Microsoft.Authorization/locks/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_policy_assignment", "Description": "Delete a policy assignment at the specified scope.", "OperationName": "Microsoft.Authorization/policyAssignments/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_policy_assignment", "Description": "Create a policy assignment at the specified scope.", "OperationName": "Microsoft.Authorization/policyAssignments/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_policy_definition", "Description": "Delete a policy definition.", "OperationName": "Microsoft.Authorization/policyDefinitions/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_role_assignment", "Description": "Create a role assignment at the specified scope.", "OperationName": "Microsoft.Authorization/roleAssignments/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_role_assignment", "Description": "Delete a role assignment at the specified scope.", "OperationName": "Microsoft.Authorization/roleAssignments/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Activity_log_alert_delete", "Description": "Deleting an activity log alert", "OperationName": "Microsoft.Insights/ActivityLogAlerts/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Activity_log_alert_write", "Description": "Writing an activity log alert", "OperationName": "Microsoft.Insights/ActivityLogAlerts/Write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Action_group_write", "Description": "Writing an action group", "OperationName": "Microsoft.Insights/ActionGroups/Write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Action_group_delete", "Description": "Deleting an action group", "OperationName": "Microsoft.Insights/ActionGroups/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Network_Alert", "Description": "Alerts for Network", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Create_or_Update_DNS_Zone", "Description": "Create or update a DNS zone within a resource group. Used to update the tags on a DNS zone resource. Note that this command can not be used to create or update record sets within the zone.", "OperationName": "Microsoft.Network/dnszones/write", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Delete_DNS_Zone", "Description": "Delete the DNS zone, in JSON format. The zone properties include tags, etag, numberOfRecordSets, and maxNumberOfRecordSets.", "OperationName": "Microsoft.Network/dnszones/delete", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Create_or_update_record_set_of_type_MX", "Description": "Create or update a record set of type ?MX? within a DNS zone. The records specified will replace the current records in the record set.", "OperationName": "Microsoft.Network/dnszones/MX/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_record_set_of_type_MX", "Description": "Remove the record set of a given name and type ?MX? from a DNS zone.", "OperationName": "Microsoft.Network/dnszones/MX/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_update_record_set_of_type_AAAA", "Description": "Create or update a record set of type ?AAAA? within a DNS zone. The records specified will replace the current records in the record set.", "OperationName": "Microsoft.Network/dnszones/AAAA/write", "Tags": [ "Mandatory" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Delete_record_set_of_type_AAAA", "Description": "Remove the record set of a given name and type ?AAAA? from a DNS zone.", "OperationName": "Microsoft.Network/dnszones/AAAA/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_update_record_set_of_type_CNAME", "Description": "Create or update a record set of type ?CNAME? within a DNS zone. The records specified will replace the current records in the record set.", "OperationName": "Microsoft.Network/dnszones/CNAME/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_record_set_of_type_CNAME", "Description": "Remove the record set of a given name and type ?CNAME? from a DNS zone.", "OperationName": "Microsoft.Network/dnszones/CNAME/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_update_record_set_of_type_A", "Description": "Create or update a record set of type ?A? within a DNS zone. The records specified will replace the current records in the record set.", "OperationName": "Microsoft.Network/dnszones/A/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_record_set_of_type_A", "Description": "Remove the record set of a given name and type ?A? from a DNS zone.", "OperationName": "Microsoft.Network/dnszones/A/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Network_Interface", "Description": "Creates a network interface or updates an existing network interface. ", "OperationName": "Microsoft.Network/networkInterfaces/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Join_Virtual_Machine_to_a_network_interface", "Description": "Joins a Virtual Machine to a network interface", "OperationName": "Microsoft.Network/networkInterfaces/join/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Network_Interface", "Description": "Deletes a network interface", "OperationName": "Microsoft.Network/networkInterfaces/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Public_Ip_Address", "Description": "Deletes a public IP address.", "OperationName": "Microsoft.Network/publicIPAddresses/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Virtual_Network", "Description": "Creates a virtual network or updates an existing virtual network", "OperationName": "Microsoft.Network/virtualNetworks/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Virtual_Network", "Description": "Deletes a virtual network", "OperationName": "Microsoft.Network/virtualNetworks/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Peer_Virtual_Networks", "Description": "Peers a virtual network with another virtual network", "OperationName": "Microsoft.Network/virtualNetworks/peer/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Virtual_Network_Peering", "Description": "Creates a virtual network peering or updates an existing virtual network peering", "OperationName": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Virtual_Network_Peering", "Description": "Deletes a virtual network peering", "OperationName": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Virtual_Network_Subnet", "Description": "Creates a virtual network subnet or updates an existing virtual network subnet", "OperationName": "Microsoft.Network/virtualNetworks/subnets/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Virtual_Network_Subnet", "Description": "Deletes a virtual network subnet", "OperationName": "Microsoft.Network/virtualNetworks/subnets/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Join_Virtual_Network", "Description": "Joins a virtual network", "OperationName": "Microsoft.Network/virtualNetworks/subnets/join/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Network_Security_Group", "Description": "Creates a network security group or updates an existing network security group", "OperationName": "Microsoft.Network/networkSecurityGroups/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Network_Security_Group", "Description": "Deletes a network security group", "OperationName": "Microsoft.Network/networkSecurityGroups/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Join_Network_Security_Group", "Description": "Joins a network security group", "OperationName": "Microsoft.Network/networkSecurityGroups/join/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Security_Rule", "Description": "Creates a security rule or updates an existing security rule", "OperationName": "Microsoft.Network/networkSecurityGroups/securityRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Security_Rule", "Description": "Deletes a security rule", "OperationName": "Microsoft.Network/networkSecurityGroups/securityRules/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Route_Table", "Description": "Creates a route table or Updates an existing route table", "OperationName": "Microsoft.Network/routeTables/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Route_Table", "Description": "Deletes a route table definition", "OperationName": "Microsoft.Network/routeTables/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Join_Route_Table", "Description": "Joins a route table", "OperationName": "Microsoft.Network/routeTables/join/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Route", "Description": "Creates a route or Updates an existing route", "OperationName": "Microsoft.Network/routeTables/routes/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Route", "Description": "Deletes a route definition", "OperationName": "Microsoft.Network/routeTables/routes/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Create_or_Update_Load_Balancer_Inbound_Nat_Rule", "Description": "Creates a load balancer inbound nat rule or updates an existing load balancer inbound nat rule", "OperationName": "Microsoft.Network/loadBalancers/inboundNatRules/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Web_Alert", "Description": "Alerts for Web ", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Delete_Web_App", "Description": "Delete an existing Web App.", "OperationName": "Microsoft.Web/sites/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Swap_Web_App_with_a_slot", "Description": "Swap Web App with another slot.", "OperationName": "Microsoft.Web/sites/slotsswap/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Apply_Web_App_Slot_Configuration_to_web_app", "Description": "Apply web app slot configuration from target slot to the current web app.", "OperationName": "Microsoft.Web/sites/applySlotConfig/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Update_Web_App_Slot_Configuration", "Description": "Update Web App Slot configuration settings.", "OperationName": "Microsoft.Web/sites/slots/config/Write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_List_Web_App_Slot_Security_Sensitive_Settings", "Description": "List Web App Slot security sensitive settings, such as publishing credentials, app settings and connection strings", "OperationName": "Microsoft.Web/sites/slots/config/list/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Update_Web_App_Configuration", "Description": "Update Web App's configuration settings.", "OperationName": "Microsoft.Web/sites/config/Write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_List_Web_App_Security_Sensitive_Settings", "Description": "List Web App's security sensitive settings, such as publishing credentials, app settings and connection strings", "OperationName": "Microsoft.Web/sites/config/list/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_List_Web_App_Function_Secrets", "Description": "List Web App Function Secrets.", "OperationName": "Microsoft.Web/sites/functions/listSecrets/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Add_or_Update_Certificate", "Description": "Add a new certificate or update an existing one.", "OperationName": "Microsoft.Web/certificates/Write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Certificate", "Description": "Delete an existing certificate.", "OperationName": "Microsoft.Web/certificates/Delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Update_Publishing_Users", "Description": "Update Publishing Users.", "OperationName": "Microsoft.web/publishingusers/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Get_Web_App_Publishing_Profile", "Description": "Get publishing profile xml for a Web App.", "OperationName": "Microsoft.Web/sites/publishxml/Action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Update_Web_Apps_VNet_Connections", "Description": "Update Web Apps Virtual Network Connections.", "OperationName": "Microsoft.web/sites/virtualnetworkconnections/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_ Delete_Web_Apps_VNet_Connections", "Description": "Delete Web Apps Virtual Network Connections.", "OperationName": "Microsoft.web/sites/virtualnetworkconnections/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_KeyVault_Alert", "ResourceType": "Microsoft.KeyVault/vaults", "Description": "Alerts for KeyVault", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Update_Key_Vault", "Description": "Create a new key vault or update the properties of an existing key vault", "OperationName": "Microsoft.KeyVault/vaults/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Delete_Key_Vault", "Description": "Delete a key vault", "OperationName": "Microsoft.KeyVault/vaults/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Use_Vault_for_Virtual_Machines", "Description": "Enables access to secrets in a key vault when deploying a virtual machine", "OperationName": "Microsoft.KeyVault/vaults/deploy/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_View_Secret_Properties", "Description": "View the properties of a secret, but not its value", "OperationName": "Microsoft.KeyVault/vaults/secrets/read", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Update_Secret", "Description": "Create a new secret or update the value of an existing secret", "OperationName": "Microsoft.KeyVault/vaults/secrets/write", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Storage_Alert", "Description": "Alerts for Storage Account", "Enabled": true, "Tags": [ "Mandatory" ], "AlertOperationList": [ { "Name": "AzSK_Delete_Storage_Account", "Description": "Deletes an existing storage account.", "OperationName": "Microsoft.Storage/storageAccounts/delete", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Regenerate_Storage_Account_Keys", "Description": "Regenerates the access keys for the specified storage account.", "OperationName": "Microsoft.Storage/storageAccounts/regeneratekey/action", "Tags": [ "Mandatory" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Critical_Alert", "Description": "Alerts for Critical Operation", "Enabled": true, "Tags": [ "SMS" ], "AlertOperationList": [ { "Name": "AzSK_Assign_the_caller_to_User_Access_Administrator_Role", "Description": "Grants the caller User Access Administrator access at the tenant scope", "OperationName": "Microsoft.Authorization/elevateAccess/action", "Tags": [ "SMS" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Set_Administrator", "Description": "Add or modify administrator to a subscription.", "OperationName": "Microsoft.Authorization/classicAdministrators/write", "Tags": [ "SMS" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Delete_Administrator", "Description": "Removes the administrator from the subscription.", "OperationName": "Microsoft.Authorization/classicAdministrators/delete", "Tags": [ "SMS" ], "Severity": "Critical", "Enabled": true }, { "Name": "AzSK_Action_Group_Write", "Description": "Writing an action group", "OperationName": "Microsoft.Insights/ActionGroups/Write", "Tags": [ "SMS" ], "Severity": "High", "Enabled": true }, { "Name": "AzSK_Action_Group_Delete", "Description": "Deleting an action group", "OperationName": "Microsoft.Insights/ActionGroups/Delete", "Tags": [ "SMS" ], "Severity": "High", "Enabled": true } ] }, { "Name": "AzSK_Resource_Deployment_Alert", "Description": "Alerts for Resource Creation Operation", "Enabled": true, "Tags": [ "Deployment" ], "AlertOperationList": [ { "Name": "AzSK_Create_new_or_update_existing_resource", "Description": "Creates or updates an deployment.", "OperationName": "Microsoft.Resources/deployments/write", "Tags": [ "Deployment" ], "Severity": "Critical", "Enabled": true } ] } ] } |