-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* new resource added alert rule * read me added * read me added Signed-off-by: sa-progress <samir.anand@progress.com> * linting done * Update azure_sentinel_alert_rules.md * Update azure_sentinel_alert_rule.md * Create azure_sentinel_alert_rule.md * added * added tf Signed-off-by: sa-progress <samir.anand@progress.com> * updated the singular doc and deleted the unwanted file Signed-off-by: Soumyodeep Karmakar <soumyo.k13@gmail.com> * Docs edits Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Some Lang. fixes Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com> Co-authored-by: Soumyodeep Karmakar <soumyo.k13@gmail.com> Co-authored-by: Ian Maddaus <ian.maddaus@progress.com> Co-authored-by: Sathish <reachtosathish.b@gmail.com> Co-authored-by: Deepa Kumaraswamy <dkumaras@progress.com>
- Loading branch information
1 parent
8cd6206
commit 9c88d1e
Showing
11 changed files
with
482 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
133 changes: 133 additions & 0 deletions
133
docs-chef-io/content/inspec/resources/azure_sentinel_alert_rule.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
+++ | ||
title = "azure_sentinel_alert_rule Resource" | ||
platform = "azure" | ||
draft = false | ||
gh_repo = "inspec-azure" | ||
|
||
[menu.inspec] | ||
title = "azure_sentinel_alert_rule" | ||
identifier = "inspec/resources/azure/azure_sentinel_alert_rule Resource" | ||
parent = "inspec/resources/azure" | ||
+++ | ||
|
||
Use the `azure_sentinel_alert_rule` InSpec audit resource to test properties of an Azure Sentinel alert rule for a resource group or the entire subscription. | ||
|
||
For additional information, see the [`Azure Sentinel Alert Rules API documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipeline-runs/query-by-factory). | ||
|
||
## Azure REST API Version, Endpoint, and HTTP Client Parameters | ||
|
||
{{% inspec_azure_common_parameters %}} | ||
|
||
## Installation | ||
|
||
{{% inspec_azure_install %}} | ||
|
||
## Syntax | ||
|
||
An `azure_sentinel_alert_rule` resource block returns all Azure alert_rule, either within a Resource Group (if provided), or within an entire Subscription. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
it { should exit } | ||
end | ||
``` | ||
|
||
## Parameters | ||
|
||
`resource_group` _(required)_ | ||
|
||
: Azure resource group that the targeted resource resides in. | ||
|
||
`workspace_name` _(required)_ | ||
|
||
: Azure workspace Name for which alert rule is retrieved. | ||
|
||
`rule_id` _(required)_ | ||
|
||
: Alert rule ID. | ||
|
||
## Properties | ||
|
||
`id` | ||
: The ID of the alert rule. | ||
|
||
`name` | ||
: The name of the alert rule. | ||
|
||
`type` | ||
: The alert rule type. | ||
|
||
`kind` | ||
: The kind of the alert rule. | ||
|
||
`etag` | ||
: The etag of the alert rule. | ||
|
||
`properties` | ||
: The properties of the alert rule. | ||
|
||
## Examples | ||
|
||
Tests if the rule ID exists. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
its('id') { should eq 'ALERT_RULE_ID' } | ||
end | ||
``` | ||
|
||
Tests if the rule name exists. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
its('name') { should eq 'ALERT_RULE_NAME' } | ||
end | ||
``` | ||
|
||
Tests if the rule kind is `Scheduled`. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
its('kind') { should eq 'Scheduled' } | ||
end | ||
``` | ||
|
||
Test if the rule type is `Microsoft.SecurityInsights/alertRules`. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
its('type') { should eq 'Microsoft.SecurityInsights/alertRules' } | ||
end | ||
``` | ||
|
||
Test if the display name is present or not. | ||
|
||
```ruby | ||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
its('properties.displayName') { should eq "DISPLAY_NAME" } | ||
end | ||
``` | ||
|
||
## Matchers | ||
|
||
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). | ||
|
||
### exists | ||
|
||
```ruby | ||
# If we expect a resource to always exist | ||
|
||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
it { should exist } | ||
end | ||
|
||
# If we expect a resource to never exist | ||
|
||
describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do | ||
it { should_not exist } | ||
end | ||
``` | ||
|
||
## Azure Permissions | ||
|
||
{{% azure_permissions_service_principal role="contributor" %}} |
Oops, something went wrong.