Beta - Activity Log Alert For Create or Update Security Solution Not Configured
- Query id: 8553d83f-fe77-4c96-8850-a95c5895b336
- Query name: Beta - Activity Log Alert For Create or Update Security Solution Not Configured
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- Risk score: 3.0
- URL: Github
Description¶
There should be a 'azurerm_monitor_activity_log_alert' resource configured to capture 'create or update security solution' events
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Tests Not Fround
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_monitor_activity_log_alert" "negative1" {
name = "example-activitylogalert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
scopes = [azurerm_resource_group.example.id]
description = "Negative sample"
criteria {
resource_id = azurerm_storage_account.to_monitor.id
operation_name = "Microsoft.Security/securitySolutions/write"
category = "Administrative"
}
action {
action_group_id = azurerm_monitor_action_group.main.id
webhook_properties = {
from = "terraform"
}
}
}