SubscriptionSecurity/Alerts.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Set-StrictMode -Version Latest
function Set-AzSKAlerts 
{
    <#
    .SYNOPSIS
    This command would help in setting up the Alert rules for the all the critical actions across different Azure Resources under a given Subscription
 
    .DESCRIPTION
    This command can be used to setup alert rules for critical resource actions.
     
    .LINK
    https://aka.ms/azskossdocs
    #>


    Param(

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which security alerts to be configured.")]
        [ValidateNotNullOrEmpty()]
        $SubscriptionId,
        
        [string]
        [Parameter(Mandatory = $false, HelpMessage = "Provide a security contact email address. Recommended a mail enabled Security Group with receiving of external emails option turned ON.")]
        $SecurityContactEmails,

        [string]
        [Parameter(Mandatory = $false, HelpMessage = "Provide a security contact international information phone number (for example, 425-1234567). Note that only the country code '1' is currently supported for SMS.")]
        $SecurityPhoneNumbers,

        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide tag names for processing specific policies. Comma separated values are supported.")]
        $Tags,

        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide the ResourceGroup on which the AlertPackage has to be configured")]
        $TargetResourceGroup,

        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide the location for alert ResourceGroup")]
        $AlertResourceGroupLocation = "East US",
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to apply alerts confugations forcefully regardless of latest alerts already present on subscription.")]
        $Force,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing log report or not.")]
        $DoNotOpenOutputFolder
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }
    Process
    {
        try 
        {
            # Adding all mandatory tags
            $modifiedTags = [string]::Join(",", [ConfigurationManager]::GetAzSKConfigData().SubscriptionMandatoryTags);
            if(-not [string]::IsNullOrWhiteSpace($Tags))
            {
                $modifiedTags = $modifiedTags + "," +$Tags;
            }

            $alertObj = [Alerts]::new($SubscriptionId, $PSCmdlet.MyInvocation, $modifiedTags);
            if ($alertObj) 
            {
                return $alertObj.InvokeFunction($alertObj.SetAlerts, @($TargetResourceGroup, $SecurityContactEmails,$SecurityPhoneNumbers, $AlertResourceGroupLocation));                
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }          
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}

function Remove-AzSKAlerts 
{
    
    <#
 
    .SYNOPSIS
    This command removes all the alert rules being set up by AzSK.
 
    .DESCRIPTION
    This command removes all the alert rules being set up by AzSK.
 
    .LINK
    https://aka.ms/azskossdocs
    #>


    Param(

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id from which security alert rules to be removed.")]
        [ValidateNotNullOrEmpty()]
        $SubscriptionId,

        [string] 
        [Parameter(Mandatory = $true, ParameterSetName= "Tags", HelpMessage = "Provide tag names for processing specific policies. Comma separated values are supported.")]
        $Tags,

        [Parameter(ParameterSetName= "Alert Names", Mandatory = $true, HelpMessage = "Provide the comma separated values of alert names")]
        [string]
        $AlertNames,

        [switch]
        [Parameter(ParameterSetName= "Tags", Mandatory = $false, HelpMessage = "Switch to specify whether to delete action group containing alert security contacts")]
        $DeleteActionGroup,
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]
        $DoNotOpenOutputFolder
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
       {
    try 
        {
            $alertObj = [Alerts]::new($SubscriptionId, $PSCmdlet.MyInvocation, $Tags);
            if ($alertObj) 
            {
                return $alertObj.InvokeFunction($alertObj.RemoveAlerts, @( $AlertNames, [bool] $DeleteActionGroup));
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }          
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}