azure 活动日志的别名

【问题标题】:Alias for azure activity logazure 活动日志的别名
【发布时间】:2020-10-20 15:52:27
【问题描述】:

我正在尝试创建一个 azure 策略,用于在 azure 门户的活动日志中查找特定类型的事件(创建或更新安全规则)

查看此事件的 json 确认它属于 'Administrative' 类型,并且操作 'Microsoft.Network/networkSecurityGroups/securityRules/write' 为显示者:


    "authorization": {
        "action": "Microsoft.Network/networkSecurityGroups/securityRules/delete",
        "scope": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Network/networkSecurityGroups/xxx/securityRules/xxxx"
    },

我希望使用这些细节来区分此事件与其他事件。但是,我首先需要一个别名,允许我访问这些别名,但无法从以下所示的别名中找到合适的别名:

Get-AzPolicyAlias -NamespaceMatch 'microsoft.insights' | select -ExpandProperty Aliases | select -Property Name -ExpandProperty Paths

给出:

Name                                                                     Path                                          ApiVersions
----                                                                     ----                                          -----------
Microsoft.Insights/logProfiles/storageAccountId                          properties.storageAccountId                   {2016-03-01}
Microsoft.Insights/logProfiles/serviceBusRuleId                          properties.serviceBusRuleId                   {2016-03-01}
Microsoft.Insights/logProfiles/locations                                 properties.locations                          {2016-03-01}
Microsoft.Insights/logProfiles/locations[*]                              properties.locations[*]                       {2016-03-01}
Microsoft.Insights/logProfiles/categories                                properties.categories                         {2016-03-01}
Microsoft.Insights/logProfiles/categories[*]                             properties.categories[*]                      {2016-03-01}
Microsoft.Insights/logProfiles/retentionPolicy                           properties.retentionPolicy                    {2016-03-01}
Microsoft.Insights/logProfiles/retentionPolicy.enabled                   properties.retentionPolicy.enabled            {2016-03-01}
Microsoft.Insights/logProfiles/retentionPolicy.days                      properties.retentionPolicy.days               {2016-03-01}
Microsoft.Insights/alertRules/isEnabled                                  properties.isEnabled                          {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.dataSource.resourceUri           properties.condition.dataSource.resourceUri   {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.dataSource.metricName            properties.condition.dataSource.metricName    {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.operator                         properties.condition.operator                 {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.threshold                        properties.condition.threshold                {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.windowSize                       properties.condition.windowSize               {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.timeAggregation                  properties.condition.timeAggregation          {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/condition.dataSource.odata.type            properties.condition.dataSource.odata.type    {2016-03-01, 2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].odata.type                      properties.action.odata.type                  {2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].odata.type                      properties.actions[*].odata.type              {2016-03-01}
Microsoft.Insights/alertRules/actions[*].sendToServiceOwners             properties.action.sendToServiceOwners         {2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].sendToServiceOwners             properties.actions[*].sendToServiceOwners     {2016-03-01}
Microsoft.Insights/alertRules/actions[*].customEmails                    properties.action.customEmails                {2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].customEmails                    properties.actions[*].customEmails            {2016-03-01}
Microsoft.Insights/alertRules/actions[*].customEmails[*]                 properties.action.customEmails[*]             {2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].customEmails[*]                 properties.actions[*].customEmails[*]         {2016-03-01}
Microsoft.Insights/alertRules/actions[*].serviceUri                      properties.action.serviceUri                  {2015-04-01, 2014-04-01}
Microsoft.Insights/alertRules/actions[*].serviceUri                      properties.actions[*].serviceUri              {2016-03-01}
Microsoft.Insights/diagnosticSettings/logs.enabled                       properties.logs[*].enabled                    {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/metrics.enabled                    properties.metrics[*].enabled                 {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/storageAccountId                   properties.storageAccountId                   {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/workspaceId                        properties.workspaceId                        {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId        properties.eventHubAuthorizationRuleId        {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/eventHubName                       properties.eventHubName                       {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/metrics[*].retentionPolicy.enabled properties.metrics[*].retentionPolicy.enabled {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/metrics[*].retentionPolicy.days    properties.metrics[*].retentionPolicy.days    {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/metrics[*].category                properties.metrics[*].category                {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled    properties.logs[*].retentionPolicy.enabled    {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days       properties.logs[*].retentionPolicy.days       {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/diagnosticSettings/logs[*].category                   properties.logs[*].category                   {2017-05-01-preview, 2016-09-01, 2015…
Microsoft.Insights/ActivityLogAlerts/scopes                              properties.scopes                             {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/scopes[*]                           properties.scopes[*]                          {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition                           properties.condition                          {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition.allOf                     properties.condition.allOf                    {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]                  properties.condition.allOf[*]                 {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field            properties.condition.allOf[*].field           {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals           properties.condition.allOf[*].equals          {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].containsAny      properties.condition.allOf[*].containsAny     {2018-09-01, 2017-04-01, 2017-03-01-p…
Microsoft.Insights/ActivityLogAlerts/enabled                             properties.enabled                            {2018-09-01, 2017-04-01, 2017-03-01-p…

请帮我找出正确的别名

【问题讨论】:

    标签: azure azure-policy


    【解决方案1】:

    我认为不可能针对活动日志事件本身编写策略。但是,您可以使用 Azure Policy 强制将活动日志路由到事件中心,然后编写一个函数应用程序来监控这些内容并做出反应。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2023-03-07
      • 2022-11-02
      • 1970-01-01
      • 1970-01-01
      • 2020-05-25
      • 2022-11-02
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode