diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/metadata.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/metadata.json new file mode 100644 index 00000000000..bdb647610c4 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/metadata.json @@ -0,0 +1,14 @@ +{ + "id": "f677bd92-3922-4e75-8f0c-2c0f8fbc9609", + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "category": "Observability", + "descriptionText": "There should be a 'azurerm_monitor_activity_log_alert' resource configured to capture service health events", + "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_activity_log_alert", + "platform": "Terraform", + "descriptionID": "f677bd92", + "cloudProvider": "azure", + "cwe": "778", + "riskScore": "3.0", + "experimental": "true" +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/query.rego b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/query.rego new file mode 100644 index 00000000000..177b6c3b614 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/query.rego @@ -0,0 +1,131 @@ +package Cx + +import data.generic.common as common_lib +import data.generic.terraform as tf_lib + +CxPolicy[result] { + resources := {input.document[index].id : log_alerts | log_alerts := input.document[index].resource.azurerm_monitor_activity_log_alert} + subscriptions := {input.document[index].id : subs | subs := input.document[index].data.azurerm_subscription} + + subscriptions[doc_id][name] + value := at_least_one_valid_log_alert(resources, name, doc_id) + value.result != "has_valid_log" + + results := get_results(value)[_] + dynamic_values := get_values(results) + + result := { + "documentId": results.doc_id, + "resourceType": "azurerm_monitor_activity_log_alert", + "resourceName": dynamic_values.resourceName, + "searchKey": dynamic_values.searchKey, + "issueType": results.issueType, + "keyExpectedValue": "A 'azurerm_monitor_activity_log_alert' resource that monitors 'ServiceHealth' events should be defined for each subscription", + "keyActualValue": results.keyActualValue, + "searchLine": dynamic_values.searchLine + } +} + +get_values(results) = dynamic_values { + results.no_log == true + dynamic_values := { + "resourceName": "", + "searchKey": sprintf("azurerm_subscription[%s]", [results.name]), + "searchLine": common_lib.build_search_line(["data", "azurerm_subscription", results.name], []) + } +} else = { + "resourceName": tf_lib.get_resource_name(results.resource, results.name), + "searchKey": sprintf("azurerm_monitor_activity_log_alert[%s].criteria", [results.name]), + "searchLine": common_lib.build_search_line(["resource", "azurerm_monitor_activity_log_alert", results.name, "criteria"], []) +} + +at_least_one_valid_log_alert(resources, subscription_name, doc_id_subs) = {"result" : "has_valid_log"} { + resources[doc_index][x].scopes[_] == sprintf("${data.azurerm_subscription.%s.id}",[subscription_name]) + resources[doc_index][x].criteria.category == "ServiceHealth" + resources[doc_index][x].criteria.service_health.events[_] == "Incident" + common_lib.valid_key(resources[doc_index][x].action, "action_group_id") + +} else = {"result" : "has_log_without_action", "logs": logs} { + logs := {doc_index: filtered | + resources[doc_index] + filtered := {key: resource | + resource := resources[doc_index][key] + resource.scopes[_] == sprintf("${data.azurerm_subscription.%s.id}",[subscription_name]) + resource.criteria.category == "ServiceHealth" + resource.criteria.service_health.events[_] == "Incident"} + } + logs[_] != {} + +} else = {"result" : "has_log_without_incident_event", "logs": logs} { + logs := {doc_index: filtered | + resources[doc_index] + filtered := {key: resource | + resource := resources[doc_index][key] + resource.scopes[_] == sprintf("${data.azurerm_subscription.%s.id}",[subscription_name]) + resource.criteria.category == "ServiceHealth"} + } + logs[_] != {} + +} else = {"result" : "has_invalid_logs_only", "logs": logs} { + logs := {doc_index: filtered | + resources[doc_index] + filtered := {key: resource | + resource := resources[doc_index][key] + resource.scopes[_] == sprintf("${data.azurerm_subscription.%s.id}",[subscription_name])} + } + logs[_] != {} +} else = {"result" : "no_logs", "subscription" : subscription_name, "doc_id": doc_id_subs} + +get_results(value) = results { # Case of one or more resources failing due to not setting an "action.action_group_id" field + value.result == "has_log_without_action" + + results := [z | + log := value.logs[doc_id][name] + z := { + "doc_id" : doc_id, + "resource" : log, + "name" : name, + "issueType": "MissingAttribute", + "keyActualValue" : sprintf("The 'azurerm_monitor_activity_log_alert[%s]' resource monitors 'ServiceHealth' events but is missing an 'action.action_group_id' field", [name]) + }] + +} else = results { # Case of one or more resources failing due to not including "Incident" in events array + value.result == "has_log_without_incident_event" + + results := [z | + log := value.logs[doc_id][name] + z := { + "doc_id" : doc_id, + "resource" : log, + "name" : name, + "issueType": check_service_health_block_issue_type(log) , + "keyActualValue" : sprintf("The 'azurerm_monitor_activity_log_alert[%s]' resource monitors 'ServiceHealth' events but does not include 'Incident' in its 'criteria.service_health.events' array", [name]) + }] + +} else = results { # Case of all resources failing due to invalid category and/or operation_name + value.result == "has_invalid_logs_only" + + results := [z | + log := value.logs[doc_id][name] + z := { + "doc_id" : doc_id, + "resource" : log, + "name" : name, + "issueType": "IncorrectValue", + "keyActualValue" : "None of the 'azurerm_monitor_activity_log_alert' resources monitor 'ServiceHealth' events" + }] +} else = results { # Case of "subscription" defined without a single alert log associated with it + name := value.subscription + results := [{ + "doc_id" : value.doc_id, + "name" : name, + "issueType": "MissingAttribute", + "keyActualValue" : sprintf("There is not a single 'azurerm_monitor_activity_log_alert' resource associated with the '%s' subscription", [name]), + "no_log": true + }] +} + + +check_service_health_block_issue_type(log) = "IncorrectValue"{ # If events array is set but does not include "Incident" + common_lib.valid_key(log.criteria.service_health, "events") +} else = "MissingAttribute" # If "service_health" or "events" is undefined or null diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/negative1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/negative1.tf new file mode 100644 index 00000000000..d4a16bd3edc --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/negative1.tf @@ -0,0 +1,70 @@ +resource "azurerm_monitor_activity_log_alert" "negative1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +resource "azurerm_monitor_activity_log_alert" "negative2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = [ + "Incident", + "Maintenance", + "Security", + "Informational" + ] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "current" {} + +resource "azurerm_monitor_activity_log_alert" "negative3" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.secondary.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "secondary" { + subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +} \ No newline at end of file diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive1.tf new file mode 100644 index 00000000000..0b99151f197 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive1.tf @@ -0,0 +1,41 @@ +resource "azurerm_monitor_activity_log_alert" "positive1_1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "Security" # Wrong category + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +resource "azurerm_monitor_activity_log_alert" "positive1_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "Recommendation" # Wrong category + + service_health { + events = ["Incident", "Informational"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "current" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_1.tf new file mode 100644 index 00000000000..10cdd06dde2 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_1.tf @@ -0,0 +1,41 @@ +resource "azurerm_monitor_activity_log_alert" "positive2_1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Maintenance"] # Missing 'Incident' + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +resource "azurerm_monitor_activity_log_alert" "positive2_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + # Missing 'events' + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "current" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_2.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_2.tf new file mode 100644 index 00000000000..b69e20d4ddc --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive2_2.tf @@ -0,0 +1,17 @@ +resource "azurerm_monitor_activity_log_alert" "positive2_3" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + # Missing 'service_health' + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive_expected_result.json new file mode 100644 index 00000000000..8e854727ca9 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive2/positive_expected_result.json @@ -0,0 +1,20 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 8, + "fileName": "positive2_1.tf" + }, + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 28, + "fileName": "positive2_1.tf" + }, + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 8, + "fileName": "positive2_2.tf" + } +] diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_1.tf new file mode 100644 index 00000000000..59dda3f932c --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_1.tf @@ -0,0 +1,20 @@ +# Case of correct "service_health.events" and "category" but the "action.action_group_id" field is missing +resource "azurerm_monitor_activity_log_alert" "positive3_1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + # Missing action +} + +data "azurerm_subscription" "current" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_2.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_2.tf new file mode 100644 index 00000000000..1ba594480de --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive3_2.tf @@ -0,0 +1,20 @@ +# Case of correct "service_health.events" and "category" but the "action.action_group_id" field is missing +resource "azurerm_monitor_activity_log_alert" "positive3_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + action { + # Missing action_group_id + } +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive_expected_result.json new file mode 100644 index 00000000000..7f2aecf8f06 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive3/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 9, + "fileName": "positive3_1.tf" + }, + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 9, + "fileName": "positive3_2.tf" + } +] diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_1.tf new file mode 100644 index 00000000000..f2af4ca338b --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_1.tf @@ -0,0 +1,42 @@ +# Query prioritizes flagging the log alert(s) with correct "category" but missing "Incident" on the events array over ones with wrong "category" +resource "azurerm_monitor_activity_log_alert" "positive4_1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Maintenance"] # Missing "Incident" + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +resource "azurerm_monitor_activity_log_alert" "positive4_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Informational", "ActionRequired"] # Missing "Incident" + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "current" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_2.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_2.tf new file mode 100644 index 00000000000..640004d4703 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive4_2.tf @@ -0,0 +1,19 @@ +resource "azurerm_monitor_activity_log_alert" "positive4_3" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "Security" # Wrong category + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive_expected_result.json new file mode 100644 index 00000000000..0063cec5071 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive4/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 9, + "fileName": "positive4_1.tf" + }, + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 29, + "fileName": "positive4_1.tf" + } +] diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_1.tf new file mode 100644 index 00000000000..3417585781e --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_1.tf @@ -0,0 +1,40 @@ +# Query prioritizes flagging the log alert(s) that is "correct" but missing the "action_group_id" field over all others +resource "azurerm_monitor_activity_log_alert" "positive5_1" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + # Missing action block +} + +resource "azurerm_monitor_activity_log_alert" "positive5_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Maintenance"] # Missing "Incident" + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} + +data "azurerm_subscription" "current" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_2.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_2.tf new file mode 100644 index 00000000000..6275852af3f --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive5_2.tf @@ -0,0 +1,19 @@ +resource "azurerm_monitor_activity_log_alert" "positive5_3" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "Security" # Wrong category + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive_expected_result.json new file mode 100644 index 00000000000..55b26065a68 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive5/positive_expected_result.json @@ -0,0 +1,8 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 9, + "fileName": "positive5_1.tf" + } +] diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_1.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_1.tf new file mode 100644 index 00000000000..bae71a01a6b --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_1.tf @@ -0,0 +1,3 @@ +data "azurerm_subscription" "current" {} + +data "azurerm_subscription" "positive6" {} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_2.tf b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_2.tf new file mode 100644 index 00000000000..3b01039b284 --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive6_2.tf @@ -0,0 +1,19 @@ +resource "azurerm_monitor_activity_log_alert" "positive6_2" { + name = "ServiceHealthActivityLogAlert" + resource_group_name = var.resource_group_name + scopes = [data.azurerm_subscription.current.id] # "current" subscription has a valid log alert + description = "Alert for Azure Service Health events" + enabled = true + + criteria { + category = "ServiceHealth" + + service_health { + events = ["Incident"] + } + } + + action { + action_group_id = azurerm_monitor_action_group.notify_team.id + } +} diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive_expected_result.json new file mode 100644 index 00000000000..88278bcc16b --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive6/positive_expected_result.json @@ -0,0 +1,8 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 3, + "fileName": "positive6_1.tf" + } +] diff --git a/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive_expected_result.json b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive_expected_result.json new file mode 100644 index 00000000000..3947db2a18e --- /dev/null +++ b/assets/queries/terraform/azure/activity_log_alert_for_service_health_not_configured/test/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 8, + "fileName": "positive1.tf" + }, + { + "queryName": "Beta - Activity Log Alert For Service Health Not Configured", + "severity": "MEDIUM", + "line": 28, + "fileName": "positive1.tf" + } +] diff --git a/assets/similarityID_transition/terraform_azure.yaml b/assets/similarityID_transition/terraform_azure.yaml index 5bf4bc4a95a..0a011f186da 100644 --- a/assets/similarityID_transition/terraform_azure.yaml +++ b/assets/similarityID_transition/terraform_azure.yaml @@ -3,6 +3,10 @@ similarityIDChangeList: queryName: Sensitive Port Is Exposed To Wide Private Network observations: "" change: 5 + - queryId: f677bd92-3922-4e75-8f0c-2c0f8fbc9609 + queryName: Beta - Activity Log Alert For Service Health Not Configured + observations: "" + change: 2 - queryId: 0cc95bf8-9b98-4278-ad9f-fea4aed3d271 queryName: Beta - Storage Account Without Delete Lock observations: ""