Beta - Activity Log Alert For Delete Security Solution Not Configured
- Query id: b97a1065-a86b-442f-86c4-f95afd9b3ac6
- Query name: Beta - Activity Log Alert For Delete Security Solution Not Configured
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- Risk score: 3.0
- URL: Github
Description¶
There should be a 'azurerm_monitor_activity_log_alert' resource configured to capture 'delete security solution' events
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Tests Not Fround
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_monitor_activity_log_alert" "negative1" {
name = "example-activitylogalert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
scopes = [azurerm_resource_group.example.id]
description = "Negative sample"
criteria {
resource_id = azurerm_storage_account.to_monitor.id
operation_name = "Microsoft.Security/securitySolutions/delete"
category = "Administrative"
}
action {
action_group_id = azurerm_monitor_action_group.main.id
webhook_properties = {
from = "terraform"
}
}
}