Framework/Configurations/SVT/ControlSettings.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
{
   "Diagnostics_RetentionPeriod_Min": 365,
   "Diagnostics_RetentionPeriod_Forever": 0,
   "KeyVault": {
      "KeyRotationDuration_Days": 365,
      "SecretRotationDuration_Days": 180,
      "KeyType": "RSA-HSM",
      "ADAppCredentialTypeCrt": "AsymmetricX509Cert",
      "ADAppCredentialTypePwd": "Password"
   },
   "SqlServer": {
      "AuditRetentionPeriod_Min": 365,
      "AuditRetentionPeriod_Forever": 0
   },
   "AnalysisService": {
      "Max_Admin_Count": 2
   },
   "ERvNet": {
      "ResourceLockLevel": "ReadOnly"
   },
   "VirtualMachine": {
      "Windows": {
         "SupportedSkuList": [ ],
         "ManagementPortList": [
            {
               "Name": "RDP",
               "Port": 3389
            },
            {
               "Name": "WINRM",
               "Port": 5985
            }
         ],
         "BaselineIds": [],
         "ASCRecommendations": [ "EncryptionOnVm", "InstallAntimalware", "VulnerabilityAssessmentDeployment" ]
      },
      "Linux": {
         "SupportedSkuList": [ ],
         "ManagementPortList": [
            {
               "Name": "RDP",
               "Port": 3389
            },
            {
               "Name": "SSH",
               "Port": 22
            }
         ],
         "BaselineIds": [],
         "ASCRecommendations": []
      },
      "Windows_OS_Baseline_Ids": []
   },
   "NoOfApprovedAdmins": 5,
   "NoOfClassicAdminsLimit": 2,
   "WhitelistedMgmtCerts": {
      "Thumbprints": [],
      "ApprovedValidityRangeInDays": 732
   },
   "WhitelistedCustomRBACRoles": [
      {
         "Id": "21d96096-b162-414a-8302-d8354f9d91b2",
         "Name": "Azure Service Deploy Release Management Contributor"
      },
      {
         "Id": "9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc",
         "Name": "GenevaWarmPathResourceContributor"
      },
      {
         "Id": "7fd64851-3279-459b-b614-e2b2ba760f5b",
         "Name": "Office DevOps"
      },
      {
         "Id": "a48d7796-14b4-4889-afef-fbb65a93e5a2",
         "Name": "masterreader"
      },
      {
         "Id": "a042fe8d-14b3-4850-9120-e2f357577b2d",
         "Name": "Monitor permissions"
      }
   ],
   "UniversalIPRange": "0.0.0.0-255.255.255.255",
   "IPRangeStartIP": "0.0.0.0",
   "IPRangeEndIP": "255.255.255.255",
   "MetricAlert": {
      "Actions": {
         "SendToServiceOwners": true
      },
      "Batch": [
         {
            "Condition": {
               "DataSource": {
                  "MetricName": "PoolDeleteCompleteEvent"
               },
               "Operator": "GreaterThan",
               "Threshold": 0,
               "TimeAggregation": "Total",
               "WindowsSize": "01:00:00"
            },
            "Status": "Enabled"
         },
         {
            "Condition": {
               "DataSource": {
                  "MetricName": "PoolDeleteStartEvent"
               },
               "Operator": "GreaterThan",
               "Threshold": 0,
               "TimeAggregation": "Total",
               "WindowsSize": "01:00:00"
            },
            "Status": "Enabled"
         }
      ],
      "Storage": [
         {
            "Condition": {
               "DataSource": {
                  "MetricName": "AnonymousSuccess"
               },
               "Operator": "GreaterThan",
               "Threshold": 0,
               "TimeAggregation": "Total",
               "WindowsSize": "01:00:00"
            },
            "Status": "Enabled"
         }
      ],
      "StreamAnalytics": [
         {
            "Condition": {
               "DataSource": {
                  "MetricName": "AMLCalloutFailedRequests"
               },
               "Operator": "GreaterThan",
               "Threshold": 0,
               "TimeAggregation": "Total",
               "WindowsSize": "00:05:00"
            },
            "Status": "Enabled"
         },
         {
            "Condition": {
               "DataSource": {
                  "MetricName": "Errors"
               },
               "Operator": "GreaterThan",
               "Threshold": 0,
               "TimeAggregation": "Total",
               "WindowsSize": "00:05:00"
            },
            "Status": "Enabled"
         }
      ]
   },
   "StorageKindMapping": [
      {
         "Kind": "BlobStorage",
         "Services": [
            "blob"
         ],
         "DiagnosticsLogServices": [
            "blob"
         ]
      },
      {
         "Kind": "Storage",
         "Services": [
            "blob",
            "file",
            "queue",
            "table"
         ],
         "DiagnosticsLogServices": [
            "blob",
            "queue",
            "table"
         ]
      }
   ],
   "AppService": {
      "Backup_RetentionPeriod_Min": 365,
      "Backup_RetentionPeriod_Forever": 0,
      "LatestDotNetFrameworkVersionNumber": "v4.0",
      "Minimum_Instance_Count": 2,
      "AADAuthAPIVersion": "2016-08-01",
      "LoadCertAppSettings": "WEBSITE_LOAD_CERTIFICATES"
   },
   "StorageDiagnosticsSkuMapping": [
      "StandardGRS",
      "StandardLRS",
      "StandardRAGRS"
   ],
   "StorageAlertSkuMapping": [
      "StandardGRS",
      "StandardLRS",
      "StandardRAGRS"
   ],
   "StorageGeoRedundantSku": [
      "StandardGRS",
      "StandardRAGRS"
   ],
   "RedisCache": {
      "FirewallApplicableSku": [
         "Premium"
      ],
      "RDBBackApplicableSku": [
         "Premium"
      ]
   },
   "CosmosDb": {
      "Firewall": {
         "IpLimitPerDb": 2048,
         "IpLimitPerRange": 256
      }
   },
   "Automation": {
      "WebhookValidityInDays": 60
   },
   "BaselineControls": {
    "ResourceTypeControlIdMappingList": [
      
    ],
      "SubscriptionControlIdList": [],
      "ExpiryInDays": 6,
      "SupportedSources": []
   },
   "CloudService": {
      "LatestOSSKUIDs": [ "WA-GUEST-OS-4.44_201707-01" ]
   },
   "AttestationExpiryPeriodInDays": {
      "Default": 90,
      "ControlSeverity": {
         "Critical": 7,
         "High": 30,
         "Medium": 60,
         "Low": 90
      }
   },
   "SubscriptionCore": {
      "EnableV1AlertFailure": false
   }
 
}