Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract metadata from policy for rules generation #1652

Closed
2 tasks done
BernieWhite opened this issue Sep 16, 2022 · 0 comments · Fixed by #1699
Closed
2 tasks done

Extract metadata from policy for rules generation #1652

BernieWhite opened this issue Sep 16, 2022 · 0 comments · Fixed by #1699
Assignees
@BernieWhite
Labels
enhancement New feature or request ms-hack-2022 Issues related to Microsoft Global Hackathon 2022 .NET Pull requests that update .net code
Milestone
v1.20.0

Comments

@BernieWhite
Copy link
Collaborator

BernieWhite commented Sep 16, 2022
edited
Loading

When generating rules from policy lets extract additional metadata from policies for inserting into the rule definition.

An example policy definition.

{
  "Name": "a4fe33eb-e377-4efb-ab31-0784311bc499",
  "ResourceId": "/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499",
  "ResourceName": "a4fe33eb-e377-4efb-ab31-0784311bc499",
  "ResourceType": "Microsoft.Authorization/policyDefinitions",
  "SubscriptionId": null,
  "Properties": {
    "Description": "This policy audits any Windows/Linux virtual machines (VMs) if the Log Analytics agent is not installed which Security Center uses to monitor for security vulnerabilities and threats",
    "DisplayName": "Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring",
    "Metadata": {
      "version": "1.0.0",
      "category": "Security Center"
    },
    "Mode": "All",
    "Parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "PolicyRule": {
      "if": {
        "field": "type",
        "in": [
          "Microsoft.ClassicCompute/virtualMachines",
          "Microsoft.Compute/virtualMachines"
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "d1db3318-01ff-16de-29eb-28b344515626",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }
    },
    "PolicyType": 2
  },
  "PolicyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4fe33eb-e377-4efb-ab31-0784311bc499"
}

Lets extract:

  • Properties.metadata.version as a Azure.Policy/version annotation if it exists.
  • Properties.metadata.category as a Azure.Policy/category tag if it exists.

Related to #181
@BernieWhite BernieWhite added enhancement New feature or request ms-hack-2022 Issues related to Microsoft Global Hackathon 2022 .NET Pull requests that update .net code labels Sep 16, 2022
@BernieWhite BernieWhite self-assigned this Sep 22, 2022
@BernieWhite BernieWhite added this to the v1.20.0 milestone Sep 22, 2022
BernieWhite added a commit to BernieWhite/PSRule.Rules.Azure that referenced this issue Sep 22, 2022
@BernieWhite
Added tag and annotation to policy rules Azure#1652
21c2c21
@BernieWhite BernieWhite mentioned this issue Sep 22, 2022
Merged
7 tasks
BernieWhite added a commit that referenced this issue Sep 23, 2022
@BernieWhite
Added tag and annotation to policy rules #1652 (#1699)
1b60c70
@BernieWhite BernieWhite mentioned this issue Sep 25, 2022
Merged
4 tasks
@BernieWhite BernieWhite mentioned this issue Oct 8, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BernieWhite BernieWhite

Labels
enhancement New feature or request ms-hack-2022 Issues related to Microsoft Global Hackathon 2022 .NET Pull requests that update .net code
Projects
None yet
Milestone
v1.20.0
Development

Successfully merging a pull request may close this issue.

Added tag and annotation to policy rules #1652 BernieWhite/PSRule.Rules.Azure
1 participant
@BernieWhite