Framework/Configurations/SubscriptionSecurity/CredentialHygieneAlert.json
{
"location": "eastus", "tags": {}, "properties": { "description": "One or more credentials you have registered with DevOps Kit for tracking have expired or are nearing expiry. You need to rotate/update those credentials. Run gss -sid <SubId> -cid Azure_Subscription_Check_Credential_Rotation & follow the recommendation.", "enabled": "true", "source": { "query": "AzSK_CredHygiene_CL| where ExpiryDueInDays_d < 8", "dataSourceId": "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.OperationalInsights/workspaces/{2}", "queryType": "ResultCount" }, "schedule": { "frequencyInMinutes": 5, "timeWindowInMinutes": 5 }, "action": { "severity": "1", "aznsAction": { "actionGroup": ["{3}"], "emailSubject": "Action - Credentials in your subscriptions need attention" }, "trigger": { "thresholdOperator": "GreaterThan", "threshold": 0 }, "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction" } } } |