Framework/Configurations/SubscriptionSecurity/CredentialHygieneAlert.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
    "location": "eastus",
    "tags": {},
    "properties": {
      "description": "One or more credentials you have registered with DevOps Kit for tracking have expired or are nearing expiry. You need to rotate/update those credentials. Run gss -sid <SubId> -cid Azure_Subscription_Check_Credential_Rotation & follow the recommendation.",
      "enabled": "true",
      "source": {
        "query": "AzSK_CredHygiene_CL| where ExpiryDueInDays_d < 8",
        "dataSourceId": "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.OperationalInsights/workspaces/{2}",
        "queryType": "ResultCount"
      },
      "schedule": {
        "frequencyInMinutes": 5,
        "timeWindowInMinutes": 5
      },
      "action": {
        "severity": "1",
        "aznsAction": {
          "actionGroup": ["{3}"],
          "emailSubject": "Action - Credentials in your subscriptions need attention"
        },
        "trigger": {
          "thresholdOperator": "GreaterThan",
          "threshold": 0
        },
        "odata.type": "Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.Microsoft.AppInsights.Nexus.DataContracts.Resources.ScheduledQueryRules.AlertingAction"
      }
    }
  }