Severity Framework
Snyk CCSS
Rule category
Monitoring / Policy
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
HIPAA
ISO-27001
PCI-DSS
- Snyk ID SNYK-CC-00678
- credit Snyk Research Team
Description
Monitoring for "Create Policy Assignment" events may reduce the time it takes to detect unsolicited changes.
How to fix?
Set field operationName
to Microsoft.Authorization/policyAssignments/write
and set enabled
to true
.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "default",
"location": "global",
"properties": {
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "Administrative"
},
{
"field": "operationName",
"equals": "Microsoft.Authorization/policyAssignments/Write"
}
]
},
"actions": {
"actionGroups": []
}
}
}
]
}