从活动日志中提醒Azure策略不合规状态? [英] Alert on Azure policy incompliance status from activity log?
问题描述
有没有办法从活动日志中获取合规信息,以便轻松提醒特定政策或计划的资源(或至少资源组)不合规?
Is there a way to get compliance info from the activitylog for easy alerting on incompliance of resources (or at least resource groups) for a specific Policy or initiative?
我注意到RG上的活动日志中存在审计事件,用于不合规的策略和计划(警告级别)。查看这些事件的属性,它们似乎捆绑在一起,用于多个政策/计划的结果。
I noticed there are Audit events in the activitylog on RGs for incompliant policies and initiatives (Warning level). Looking at the properties of these events, they seem to be bundled for results from multiple Policies/Initiatives.
通常,RG将分配多个策略/计划,例如默认的ASC策略(包含许多控件),以及其他公司分配的具有关键控件的策略。我们不想删除/编辑ASC政策,因为它提供了
a的大量有用信息。
Typically RGs will have multiple policies/initiatives assigned, for example the default ASC policy (which contains many controls), and additional company assigned policies with critical controls. We don't want to remove/edit the ASC policy since it provides a lot of useful information.
例如:资源组RG1
1)默认ASC政策倡议(许多控制,许多不符合@RG级别)
1) Default ASC Policy initiative (many controls, many incompliant @ RG level)
2)公司政策倡议(所有控制与我们相关)
2) Company Policy initiative (with all controls relevant to us)
默认情况下,RG1几乎总是不符合ASC默认设置中的一个或多个控件。看起来活动日志没有为每个特定的策略/计划提供单独的条目,这使得RG1的所有者无法特别警告
违反该策略。
By default, RG1 will almost always be incompliant on one or more controls in the ASC default set. It looks like the activity log does not provide a separate entry for each specific policy/initiative, which makes it impossible for the owner of RG1 to alert specifically on incompliance of that policy.
我看到的唯一解决方法是Log Analytics警报(查询审计事件中的policyID),但是能够使用本机活动日志对其进行警报会更有意义警报,甚至可以整合"创建警报"。按钮
直接来自特定政策/计划的合规结果。
The only workaround I see would be a Log Analytics alert (querying for the policyID in the audit event), but it would make much more sense being able to alert on that using a native activitylog alert, maybe even integrate a "Create Alert" button directly from the compliance results for a specific policy/initiative.
推荐答案
您应该可以使用Azure安全中心。您可以为每个资源设置警报,但不能为资源组设置警报。我认为这不是MS提供的功能。
You should be able to use Azure Security center for this. You can setup an alert per resource but not for the Resource groups. I don't think that is a functionality MS provides just yet.
这篇关于从活动日志中提醒Azure策略不合规状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
