Framework/Configurations/SubscriptionSecurity/CredentialHygieneAlert_CredentialGroup.json

{
    "location": "eastus",
    "tags": {},
    "properties": {
      "description": "One or more credentials you have registered with DevOps Kit for tracking have expired or are nearing expiry. You need to rotate/update those credentials. Run gss -sid <SubId> -cid Azure_Subscription_Check_Credential_Rotation & follow the recommendation.",
      "enabled": "true",
      "source": {
        "query": "AzSK_CredHygiene_CL| where CredentialGroup_s == '{4}' and ExpiryDueInDays_d < 8",
        "dataSourceId": "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.OperationalInsights/workspaces/{2}",
        "queryType": "ResultCount"
      },
      "schedule": {
        "frequencyInMinutes": 5,
        "timeWindowInMinutes": 5
      },
      "action": {
        "severity": "1",
        "aznsAction": {
          "actionGroup": ["{3}"],
          "emailSubject": "Action - Credentials in your subscriptions need attention"
        },
        "trigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 0
        },
        "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
      }
    }
  }