Beta - Activity Log Alert For Service Health Not Configured
- Query id: f677bd92-3922-4e75-8f0c-2c0f8fbc9609
- Query name: Beta - Activity Log Alert For Service Health Not Configured
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- Risk score: 3.0
- URL: Github
Description¶
There should be a 'azurerm_monitor_activity_log_alert' resource configured to capture service health events
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_monitor_activity_log_alert" "positive1_1" {
name = "ServiceHealthActivityLogAlert"
resource_group_name = var.resource_group_name
scopes = [data.azurerm_subscription.current.id]
description = "Alert for Azure Service Health events"
enabled = true
criteria {
category = "Security" # Wrong category
service_health {
events = ["Incident"]
}
}
action {
action_group_id = azurerm_monitor_action_group.notify_team.id
}
}
resource "azurerm_monitor_activity_log_alert" "positive1_2" {
name = "ServiceHealthActivityLogAlert"
resource_group_name = var.resource_group_name
scopes = [data.azurerm_subscription.current.id]
description = "Alert for Azure Service Health events"
enabled = true
criteria {
category = "Recommendation" # Wrong category
service_health {
events = ["Incident", "Informational"]
}
}
action {
action_group_id = azurerm_monitor_action_group.notify_team.id
}
}
data "azurerm_subscription" "current" {}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_monitor_activity_log_alert" "negative1" {
name = "ServiceHealthActivityLogAlert"
resource_group_name = var.resource_group_name
scopes = [data.azurerm_subscription.current.id]
description = "Alert for Azure Service Health events"
enabled = true
criteria {
category = "ServiceHealth"
service_health {
events = ["Incident"]
}
}
action {
action_group_id = azurerm_monitor_action_group.notify_team.id
}
}
resource "azurerm_monitor_activity_log_alert" "negative2" {
name = "ServiceHealthActivityLogAlert"
resource_group_name = var.resource_group_name
scopes = [data.azurerm_subscription.current.id]
description = "Alert for Azure Service Health events"
enabled = true
criteria {
category = "ServiceHealth"
service_health {
events = [
"Incident",
"Maintenance",
"Security",
"Informational"
]
}
}
action {
action_group_id = azurerm_monitor_action_group.notify_team.id
}
}
data "azurerm_subscription" "current" {}
resource "azurerm_monitor_activity_log_alert" "negative3" {
name = "ServiceHealthActivityLogAlert"
resource_group_name = var.resource_group_name
scopes = [data.azurerm_subscription.secondary.id]
description = "Alert for Azure Service Health events"
enabled = true
criteria {
category = "ServiceHealth"
service_health {
events = ["Incident"]
}
}
action {
action_group_id = azurerm_monitor_action_group.notify_team.id
}
}
data "azurerm_subscription" "secondary" {
subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}