SubscriptionSecurity/Alerts.ps1
|
Set-StrictMode -Version Latest function Set-AzSDKAlerts { <# .SYNOPSIS This command would help in setting up the Alert rules for the all the critical actions across different Azure Resources under a given Subscription .DESCRIPTION This command can be used to setup alert rules for critical resource actions. .LINK https://aka.ms/azsdkdocs #> Param( [string] [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the security evaluation has to be performed.")] [ValidateNotNullOrEmpty()] $SubscriptionId, [string] [Parameter(Mandatory = $true, HelpMessage = "Provide a security contact email address. Recommended a mail enabled Security Group with receiving of external emails option turned ON. Note: Only 1 email address will be accepted.")] $SecurityContactEmails, [string] [Parameter(Mandatory = $false, HelpMessage = "Provide tag names for processing specific policies. Comma seperated values are supported.")] $Tags, [string] [Parameter(Mandatory = $false, HelpMessage = "Provide the ResourceGroup on which the AlertPackage has to be configured")] $TargetResourceGroup, [string] [Parameter(Mandatory = $false, HelpMessage = "Provide the location for alert ResourceGroup")] $AlertResourceGroupLocation = "East US", [switch] [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")] $DoNotOpenOutputFolder ) Begin { [ListenerHelper]::RegisterListeners(); } Process { ���� try { # Adding all mandatory tags $modifiedTags = [string]::Join(",", [ConfigurationManager]::GetAzSdkConfigData().SubscriptionMandatoryTags); if(-not [string]::IsNullOrWhiteSpace($Tags)) { $modifiedTags = $modifiedTags + "," +$Tags; } $alertObj = [Alerts]::new($SubscriptionId, $PSCmdlet.MyInvocation, $modifiedTags); if ($alertObj) { return $alertObj.InvokeFunction($alertObj.SetAlerts, @($TargetResourceGroup, $SecurityContactEmails, $AlertResourceGroupLocation)); } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } function Remove-AzSDKAlerts { <# .SYNOPSIS This command removes all the alert rules being set up by AzSDK. .DESCRIPTION This command removes all the alert rules being set up by AzSDK. .LINK https://aka.ms/azsdkdocs #> Param( [string] [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the security evaluation has to be performed.")] [ValidateNotNullOrEmpty()] $SubscriptionId, [string] [Parameter(Mandatory = $true, ParameterSetName= "Tags", HelpMessage = "Provide tag names for processing specific policies. Comma seperated values are supported.")] $Tags, [Parameter(ParameterSetName= "Alert Names", Mandatory = $true, HelpMessage = "Provide the comma seperated values of alert names")] [string] $AlertNames, [switch] [Parameter(ParameterSetName= "Delete Resource Group", Mandatory = $true, HelpMessage = "Switch to specify whether to delete resource group containing all alerts or not")] $DeleteResourceGroup, [switch] [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")] $DoNotOpenOutputFolder ) Begin { [ListenerHelper]::RegisterListeners(); } Process { ���� try { $alertObj = [Alerts]::new($SubscriptionId, $PSCmdlet.MyInvocation, $Tags); if ($alertObj) { return $alertObj.InvokeFunction($alertObj.RemoveAlerts, @([bool] $DeleteResourceGroup, $AlertNames)); } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } |