From ea8135afc458c4a1aa1d26df3ca4d36bc39401b3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:09:48 +1100 Subject: [PATCH] Extracted policy commit (#50) Co-authored-by: GitHub Actions Bot <> --- .../alerting-connectivity-policySet.jsonc | 488 ++-- .../alerting-hybridvm-policySet.jsonc | 306 +-- .../alerting-identity-policySet.jsonc | 68 +- .../alerting-keymanagement-policySet.jsonc | 68 +- .../alerting-loadbalancing-policySet.jsonc | 228 +- .../alerting-management-policySet.jsonc | 62 +- .../alerting-networkchanges-policySet.jsonc | 8 +- .../alerting-recoveryservices-policySet.jsonc | 2 +- .../alerting-servicehealth-policySet.jsonc | 40 +- .../alerting-storage-policySet.jsonc | 22 +- .../alerting-vm-policySet.jsonc | 298 +-- .../alerting-web-policySet.jsonc | 38 +- .../notification-assets-policySet.jsonc | 22 +- .../Automation/deploy_aa_totaljob_alert.jsonc | 176 +- .../Compute/deploy_vm_cpu_alert.jsonc | 242 +- .../deploy_vm_datadiskreadlatency_alert.jsonc | 384 +-- .../deploy_vm_datadiskspace_alert.jsonc | 376 +-- ...deploy_vm_datadiskwritelatency_alert.jsonc | 488 ++-- .../Compute/deploy_vm_heartbeat_alert.jsonc | 398 +-- .../Compute/deploy_vm_memory_alert.jsonc | 304 +-- .../Compute/deploy_vm_networkin_alert.jsonc | 376 +-- .../Compute/deploy_vm_networkout_alert.jsonc | 492 ++-- .../deploy_vm_osdiskreadlatency_alert.jsonc | 350 +-- .../Compute/deploy_vm_osdiskspace_alert.jsonc | 362 +-- .../deploy_vm_osdiskwritelatency_alert.jsonc | 246 +- .../deploy_hybrid_vm_cpu_alert.jsonc | 334 +-- ..._hybrid_vm_datadiskreadlatency_alert.jsonc | 498 ++-- ...deploy_hybrid_vm_datadiskspace_alert.jsonc | 400 +-- ...hybrid_vm_datadiskwritelatency_alert.jsonc | 468 ++-- .../deploy_hybrid_vm_disconnected_alert.jsonc | 318 +-- .../deploy_hybrid_vm_heartbeat_alert.jsonc | 304 +-- .../deploy_hybrid_vm_memory_alert.jsonc | 394 +-- .../deploy_hybrid_vm_networkin_alert.jsonc | 390 +-- .../deploy_hybrid_vm_networkout_alert.jsonc | 518 ++-- ...oy_hybrid_vm_osdiskreadlatency_alert.jsonc | 246 +- .../deploy_hybrid_vm_osdiskspace_alert.jsonc | 468 ++-- ...y_hybrid_vm_osdiskwritelatency_alert.jsonc | 282 +- .../deploy_activitylog_keyvault_delete.jsonc | 144 +- ...eploy_activitylog_managedhsms_delete.jsonc | 150 +- .../deploy_keyvault_availability_alert.jsonc | 170 +- .../deploy_keyvault_capacity_alert.jsonc | 178 +- .../deploy_keyvault_latency_alert.jsonc | 178 +- .../deploy_keyvault_requests_alert.jsonc | 192 +- ...eploy_managedhsms_availability_alert.jsonc | 178 +- .../deploy_managedhsms_latency_alert.jsonc | 192 +- ...eploy_activitylog_laworkspace_delete.jsonc | 110 +- ...loy_activitylog_laworkspace_keyregen.jsonc | 120 +- ...tylog_resourcehealth_unhealthy_alert.jsonc | 236 +- ...vitylog_servicehealth_healthadvisory.jsonc | 198 +- ...y_activitylog_servicehealth_incident.jsonc | 230 +- ...ctivitylog_servicehealth_maintenance.jsonc | 218 +- ...tylog_servicehealth_securityadvisory.jsonc | 206 +- ...oy_activitylog_storageaccount_delete.jsonc | 90 +- .../deploy_alertprocessing_rule.jsonc | 302 +-- ...workspace_dailycaplimitreached_alert.jsonc | 174 +- .../deploy_servicehealth_actiongroups.jsonc | 370 +-- ...loy_suppression_alertprocessing_rule.jsonc | 32 +- .../deploy_activitylog_firewall_delete.jsonc | 94 +- .../deploy_activitylog_nsg_delete.jsonc | 144 +- ...deploy_activitylog_routetable_update.jsonc | 144 +- ...deploy_activitylog_vpngateway_delete.jsonc | 144 +- .../deploy_afw_firewallhealth_alert.jsonc | 170 +- ...deploy_afw_snatportutilization_alert.jsonc | 144 +- ..._dnsz_registrationcapacityutil_alert.jsonc | 150 +- .../deploy_ercir_arpavailability_alert.jsonc | 158 +- .../deploy_ercir_bgpavailability_alert.jsonc | 172 +- ...y_ercir_qosdropbitsinpersecond_alert.jsonc | 176 +- ..._ercir_qosdropbitsoutpersecond_alert.jsonc | 172 +- ...deploy_ergw_expressroutebitsin_alert.jsonc | 170 +- ...eploy_ergw_expressroutebitsout_alert.jsonc | 178 +- ...eploy_ergw_expressroutecpuutil_alert.jsonc | 160 +- .../deploy_pdnsz_capacityutil_alert.jsonc | 170 +- .../deploy_pdnsz_queryvolume_alert.jsonc | 150 +- ...deploy_pdnsz_recordsetcapacity_alert.jsonc | 158 +- ...loy_publicip_bytesinddosattack_alert.jsonc | 144 +- .../deploy_publicip_ddosattack_alert.jsonc | 238 +- ...y_publicip_packetsinddosattack_alert.jsonc | 162 +- ...eploy_publicip_vipavailability_alert.jsonc | 148 +- .../deploy_vnet_ddosattack_alert.jsonc | 164 +- ...etgw_expressroutebitspersecond_alert.jsonc | 168 +- ...loy_vnetgw_expressroutecpuutil_alert.jsonc | 154 +- .../deploy_vnetgw_tunnelbandwidth_alert.jsonc | 154 +- .../deploy_vnetgw_tunnelegress_alert.jsonc | 182 +- ...gw_tunnelegresspacketdropcount_alert.jsonc | 122 +- ...tunnelegresspacketdropmismatch_alert.jsonc | 152 +- .../deploy_vnetgw_tunnelingress_alert.jsonc | 138 +- ...w_tunnelingresspacketdropcount_alert.jsonc | 186 +- ...unnelingresspacketdropmismatch_alert.jsonc | 122 +- .../deploy_vpngw_bandwidthutil_alert.jsonc | 162 +- .../deploy_vpngw_bgppeerstatus_alert.jsonc | 150 +- .../Network/deploy_vpngw_egress_alert.jsonc | 158 +- .../Network/deploy_vpngw_ingress_alert.jsonc | 152 +- ...gw_tunnelegresspacketdropcount_alert.jsonc | 174 +- ...tunnelegresspacketdropmismatch_alert.jsonc | 182 +- ...w_tunnelingresspacketdropcount_alert.jsonc | 146 +- ...unnelingresspacketdropmismatch_alert.jsonc | 174 +- ...oy_erp_expressroutrxlightlevel_alert.jsonc | 150 +- .../deploy_fd_backendhealth_alert.jsonc | 158 +- ...eploy_fd_backendrequestlatency_alert.jsonc | 180 +- ...loy_frontdoorcdn_originlatency_alert.jsonc | 128 +- ...loy_frontdoorcdn_percentage4xx_alert.jsonc | 180 +- ...loy_frontdoorcdn_percentage5xx_alert.jsonc | 128 +- ...recoveryvault_asrhealthmonitor_alert.jsonc | 106 + ...overyvault_backuphealthmonitor_alert.jsonc | 42 +- ...oy_storageaccount_availability_alert.jsonc | 178 +- ...ag_applicationgatewaytotaltime_alert.jsonc | 351 +++ ...ag_backendlastbyteresponsetime_alert.jsonc | 351 +++ .../deploy_ag_capacityunits_alert.jsonc | 334 +++ .../deploy_ag_computeunits_alert.jsonc | 334 +++ .../deploy_ag_cpuutilization_alert.jsonc | 334 +++ .../deploy_ag_failedrequests_alert.jsonc | 344 +++ .../deploy_ag_responsestatus_alert.jsonc | 354 +++ .../deploy_ag_unhealthyhostcount_alert.jsonc | 327 +++ ...eploy_alb_datapathavailability_alert.jsonc | 334 +++ ..._alb_globalbackendavailability_alert.jsonc | 331 +++ .../deploy_alb_healthprobestatus_alert.jsonc | 338 +++ .../deploy_alb_usedsnatports_alert.jsonc | 327 +++ .../deploy_erp_expressroutebitsin_alert.jsonc | 327 +++ ...deploy_erp_expressroutebitsout_alert.jsonc | 327 +++ ...oy_erp_expressroutlineprotocol_alert.jsonc | 327 +++ ...erp_expressroutrxlightlevellow_alert.jsonc | 331 +++ ...y_erp_expressrouttxlightlevell_alert.jsonc | 331 +++ ...erp_expressrouttxlightlevellow_alert.jsonc | 331 +++ ...doorcdn_originhealthpercentage_alert.jsonc | 327 +++ .../deploy_tm_endpointhealth_alert.jsonc | 336 +++ .../deploy_wsf_cpupercentage_alert.jsonc | 327 +++ .../deploy_wsf_memorypercentage_alert.jsonc | 327 +++ .../deploy_wsf_diskqueuelength_alert.jsonc | 180 +- .../deploy_wsf_httpqueuelength_alert.jsonc | 118 +- .../Monitoring/alerting-connectivity.jsonc | 2272 ++++++++--------- .../Monitoring/alerting-hybridvm.jsonc | 1750 ++++++------- .../Monitoring/alerting-identity.jsonc | 652 ++--- .../Monitoring/alerting-keymanagement.jsonc | 580 ++--- .../Monitoring/alerting-landingzone.jsonc | 1212 ++++----- .../Monitoring/alerting-loadbalancing.jsonc | 1360 +++++----- .../Monitoring/alerting-management.jsonc | 584 +++-- .../Monitoring/alerting-networkchanges.jsonc | 112 +- .../alerting-recoveryservices.jsonc | 62 +- .../Monitoring/alerting-servicehealth.jsonc | 254 +- .../Monitoring/alerting-storage.jsonc | 90 +- .../Monitoring/alerting-vm.jsonc | 1270 ++++----- .../Monitoring/alerting-web.jsonc | 226 +- .../Monitoring/notification-assets.jsonc | 132 +- 143 files changed, 23642 insertions(+), 16130 deletions(-) create mode 100644 Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_asrhealthmonitor_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_applicationgatewaytotaltime_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_backendlastbyteresponsetime_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_capacityunits_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_computeunits_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_cpuutilization_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_failedrequests_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_responsestatus_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_ag_unhealthyhostcount_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_alb_datapathavailability_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_alb_globalbackendavailability_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_alb_healthprobestatus_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_alb_usedsnatports_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsin_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsout_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutlineprotocol_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutrxlightlevellow_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevell_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevellow_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_frontdoorcdn_originhealthpercentage_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_tm_endpointhealth_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_wsf_cpupercentage_alert.jsonc create mode 100644 Definitions/policyDefinitions/Unknown Category/deploy_wsf_memorypercentage_alert.jsonc diff --git a/Definitions/policyAssignments/alerting-connectivity-policySet.jsonc b/Definitions/policyAssignments/alerting-connectivity-policySet.jsonc index 3be3f31..ffeefe6 100644 --- a/Definitions/policyAssignments/alerting-connectivity-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-connectivity-policySet.jsonc @@ -20,282 +20,282 @@ "_deployed_by_amba": true }, "parameters": { - "VnetGwTunnelBWPolicyEffect": "deployIfNotExists", + "ERCIRArpAvailabilityPolicyEffect": "deployIfNotExists", + "VPNGWIngressPolicyEffect": "disabled", + "LBGlobalBackendAvailabilityPolicyEffect": "deployIfNotExists", + "PDNSZCapacityUtilAlertSeverity": "2", + "PDNSZRegistrationCapacityUtilAlertSeverity": "2", + "ERCIRQoSDropBitsoutPerSecAlertState": "true", + "PDNSZRegistrationCapacityUtilThreshold": "80", + "PIPVIPAvailabilityAlertSeverity": "1", + "PDNSZQueryVolumePolicyEffect": "disabled", + "VPNGWTunnelIngressPacketDropCountAlertSeverity": "3", + "VPNGWEgressEvaluationFrequency": "PT5M", "VPNGwBGPPeerStatusThreshold": "1", - "ERCIRBgpAvailabilityAlertState": "true", + "LBDatapathAvailabilityAlertState": "true", "activityUDRUpdateAlertState": "true", - "PIPBytesInDDoSAlertState": "true", - "LBUsedSNATPortsEvaluationFrequency": "PT1M", - "VPNGWTunnelIngressPacketDropCountPolicyEffect": "deployIfNotExists", - "ERCIRBgpAvailabilityPolicyEffect": "deployIfNotExists", - "activityVPNGWDeleteAlertState": "true", - "VPNGWBandWidthUtilAlertSeverity": "0", - "PIPDDoSAttackAlertSeverity": "1", - "VPNGWTunnelIngressPacketDropCountAlertState": "true", - "ERPLineProtocolPolicyEffect": "deployIfNotExists", - "VnetGwExpressRouteBitsPerSecondAlertSeverity": "0", - "ERPRxLightLevelLowAlertState": "true", - "VnetGwERCpuUtilWindowSize": "PT5M", + "LBHealthProbeStatusEvaluationFrequency": "PT1M", + "PDNSZCapacityUtilThreshold": "80", + "LBUsedSNATPortsAlertState": "true", + "VNETDDOSAttackPolicyEffect": "deployIfNotExists", + "LBHealthProbeStatusPolicyEffect": "deployIfNotExists", + "ERCIRArpAvailabilityThreshold": "90", + "LBHealthProbeStatusAlertState": "true", + "VPNGWTunnelIngressPacketDropMismatchFrequency": "PT5M", + "VnetGwTunnelIngressAlertState": "true", + "LBGlobalBackendAvailabilityWindowSize": "PT5M", + "VnetGwTunnelIngressPacketDropMismatchAlertSeverity": "3", "VPNGWIngressAlertSeverity": "0", - "PDNSZRecordSetCapacityAlertState": "true", + "PIPDDoSAttackAlertState": "true", + "VPNGWTunnelIngressPacketDropMismatchAlertSeverity": "3", + "VnetGwTunnelBWAlertState": "true", "VPNGWTunnelEgressPacketDropCountWindowSize": "PT5M", - "VPNGWBandWidthUtilThreshold": "1", - "ERPTxLightLevelLowAlertState": "true", - "VnetGwTunnelEgressAlertSeverity": "0", - "PDNSZRegistrationCapacityUtilPolicyEffect": "deployIfNotExists", - "PDNSZRegistrationCapacityUtilEvaluationFrequency": "PT1H", - "LBDatapathAvailabilityWindowSize": "PT5M", - "ERGwExpressRouteCpuUtilEvaluationFrequency": "PT1M", + "LBGlobalBackendAvailabilityEvaluationFrequency": "PT1M", + "ERPRxLightLevelHighAlertState": "true", + "VPNGWTunnelEgressPacketDropCountAlertState": "true", + "LBDatapathAvailabilityAlertSeverity": "0", + "PIPBytesInDDoSWindowSize": "PT5M", + "VPNGWTunnelIngressPacketDropCountWindowSize": "PT5M", + "FirewallHealthAlertState": "true", + "ERGwExpressRouteCpuUtilAlertState": "true", + "PIPBytesInDDoSAlertSeverity": "4", + "ERCIRBgpAvailabilityAlertState": "true", + "ERCIRArpAvailabilityFrequency": "PT1M", + "VNETDDOSAttackThreshold": "1", + "PDNSZRecordSetCapacityAlertSeverity": "2", + "ERGwExpressRouteBitsOutAlertSeverity": "0", + "activityNSGDeletePolicyEffect": "deployIfNotExists", + "VPNGWTunnelIngressPacketDropMismatchAlertState": "true", + "ERGwExpressRouteBitsOutEvaluationFrequency": "PT5M", + "ERPRxLightLevelHighPolicyEffect": "deployIfNotExists", + "ERPTxLightLevelHighWindowSize": "PT5M", + "VPNGWEgressAlertState": "true", + "ERCIRQoSDropBitsoutPerSecPolicyEffect": "deployIfNotExists", + "VPNGwBGPPeerStatusAlertSeverity": "3", "VPNGWTunnelEgressPacketDropCountFrequency": "PT5M", - "ERPRxLightLevelLowPolicyEffect": "deployIfNotExists", - "VPNGWIngressEvaluationFrequency": "PT5M", - "VPNGWBandWidthUtilAlertState": "true", + "PDNSZCapacityUtilPolicyEffect": "deployIfNotExists", + "ERPBitsInPerSecondPolicyEffect": "deployIfNotExists", + "VPNGWTunnelIngressPacketDropMismatchWindowSize": "PT5M", + "VPNGWTunnelEgressPacketDropMismatchAlertState": "true", + "ERPLineProtocolAlertState": "true", + "VPNGWEgressPolicyEffect": "disabled", + "PDNSZQueryVolumeWindowSize": "PT1H", + "ERPBitsOutPerSecondEvaluationFrequency": "PT1M", + "ERCIRQoSDropBitsinPerSecAlertSeverity": "2", + "ERPBitsOutPerSecondAlertState": "true", + "activityNSGDeleteAlertState": "true", + "VPNGWBandWidthUtilPolicyEffect": "deployIfNotExists", + "LBUsedSNATPortsPolicyEffect": "deployIfNotExists", + "VnetGwERCpuUtilEvaluationFrequency": "PT1M", + "VnetGwTunnelIngressThreshold": "1", + "LBUsedSNATPortsWindowSize": "PT5M", + "VPNGWEgressWindowSize": "PT5M", + "ERGwExpressRouteBitsInAlertState": "true", + "VPNGWIngressThreshold": "1", "ERPLineProtocolAlertSeverity": "0", - "ERPBitsOutPerSecondPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteBitsInThreshold": "1", - "LBUsedSNATPortsAlertSeverity": "1", - "VnetGwERCpuUtilAlertState": "true", - "PIPDDoSAttackEvaluationFrequency": "PT5M", - "ALZMonitorResourceGroupLocation": "eastus", + "VPNGWBandWidthUtilThreshold": "1", + "ERPRxLightLevelHighEvaluationFrequency": "PT1M", + "ERPBitsInPerSecondAlertSeverity": "0", + "ERGwExpressRouteBitsInWindowSize": "PT5M", + "VPNGWBandWidthUtilWindowSize": "PT5M", + "LBGlobalBackendAvailabilityAlertSeverity": "0", + "FirewallHealthEvaluationFrequency": "PT1M", + "VPNGWTunnelEgressPacketDropMismatchWindowSize": "PT5M", + "VnetGwTunnelIngressAlertSeverity": "0", + "ERCIRQoSDropBitsinPerSecAlertState": "true", + "VnetGwTunnelIngressPacketDropCountEvaluationFrequency": "PT5M", + "ERPRxLightLevelLowWindowSize": "PT5M", + "LBDatapathAvailabilityEvaluationFrequency": "PT1M", + "VnetGwExpressRouteBitsPerSecondWindowSize": "PT5M", + "VnetGwTunnelEgressAlertSeverity": "0", + "VnetGwTunnelEgressPacketDropMismatchAlertState": "true", "PDNSZCapacityUtilAlertState": "true", - "AFWSNATPortUtilizationPolicyEffect": "deployIfNotExists", - "ERCIRQoSDropBitsinPerSecEvaluationFrequency": "PT5M", - "VPNGWIngressThreshold": "1", - "VnetGwTunnelIngressThreshold": "1", - "ERCIRQoSDropBitsoutPerSecAlertState": "true", - "LBHealthProbeStatusPolicyEffect": "deployIfNotExists", - "ERPTxLightLevelLowWindowSize": "PT5M", - "ERCIRQoSDropBitsoutPerSecWindowSize": "PT5M", - "ERGwExpressRouteCpuUtilAlertState": "true", - "LBGlobalBackendAvailabilityEvaluationFrequency": "PT1M", - "LBDatapathAvailabilityAlertState": "true", - "VnetGwERCpuUtilAlertSeverity": "3", + "ALZMonitorResourceGroupLocation": "eastus", + "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": "deployIfNotExists", + "ERGwExpressRouteBitsInEvaluationFrequency": "PT5M", + "PIPDDoSAttackWindowSize": "PT5M", + "LBHealthProbeStatusAlertSeverity": "2", + "PDNSZRegistrationCapacityUtilEvaluationFrequency": "PT1H", + "ERPTxLightLevelLowAlertState": "true", + "PDNSZQueryVolumeAlertState": "true", + "ERPBitsInPerSecondEvaluationFrequency": "PT1M", + "PDNSZQueryVolumeAlertSeverity": "4", "ERCIRArpAvailabilityAlertState": "true", - "ERGwExpressRouteBitsOutThreshold": "1", - "PDNSZCapacityUtilPolicyEffect": "deployIfNotExists", - "VnetGwERCpuUtilThreshold": "80", - "ERPRxLightLevelHighPolicyEffect": "deployIfNotExists", - "PIPVIPAvailabilityThreshold": "1", - "PIPPacketsInDDoSWindowSize": "PT5M", - "ERPBitsInPerSecondAlertState": "true", - "VnetGwTunnelEgressPacketDropMismatchAlertSeverity": "3", - "PIPBytesInDDoSEvaluationFrequency": "PT5M", - "ERCIRQoSDropBitsinPerSecPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteBitsOutEvaluationFrequency": "PT5M", + "PDNSZRecordSetCapacityPolicyEffect": "deployIfNotExists", + "PIPBytesInDDoSAlertState": "true", "PDNSZCapacityUtilEvaluationFrequency": "PT1H", - "LBHealthProbeStatusAlertState": "true", - "FirewallHealthEvaluationFrequency": "PT1M", - "VPNGWEgressThreshold": "1", - "VPNGWBandWidthUtilEvaluationFrequency": "PT5M", - "PIPDDoSAttackAlertState": "true", - "ERGwExpressRouteBitsInWindowSize": "PT5M", - "ERGwExpressRouteBitsInEvaluationFrequency": "PT5M", - "FirewallHealthWindowSize": "PT5M", - "AFWSNATPortUtilizationFrequency": "PT1M", - "ERPRxLightLevelHighAlertSeverity": "1", - "ERPRxLightLevelLowWindowSize": "PT5M", - "ERPTxLightLevelHighEvaluationFrequency": "PT1M", - "VnetGwTunnelEgressAlertState": "true", - "activityFWDeletePolicyEffect": "deployIfNotExists", - "ERCIRQoSDropBitsinPerSecAlertState": "true", - "FirewallHealthAlertSeverity": "0", - "PIPBytesInDDoSAlertSeverity": "4", + "ERCIRBgpAvailabilityWindowSize": "PT5M", + "ERPTxLightLevelLowAlertSeverity": "1", + "PIPDDoSAttackAlertSeverity": "1", + "PIPPacketsInDDoSAlertState": "true", + "VnetGwTunnelIngressWindowSize": "PT5M", + "PIPPacketsInDDoSThreshold": "40000", + "ERGwExpressRouteCpuUtilPolicyEffect": "deployIfNotExists", + "LBGlobalBackendAvailabilityAlertState": "true", + "ERCIRQoSDropBitsoutPerSecAlertSeverity": "2", + "VnetGwTunnelIngressPacketDropMismatchAlertState": "true", "PIPBytesInDDoSPolicyEffect": "disabled", - "PIPVIPAvailabilityWindowSize": "PT5M", - "PDNSZQueryVolumeAlertState": "true", - "PIPVIPAvailabilityAlertSeverity": "1", - "PDNSZRecordSetCapacityEvaluationFrequency": "PT1H", - "PDNSZRegistrationCapacityUtilThreshold": "80", - "VPNGWIngressAutoMitigate": "true", - "PIPVIPAvailabilityEvaluationFrequency": "PT1M", - "PIPDDoSAttackWindowSize": "PT5M", + "VnetGwTunnelEgressPacketDropMismatchAlertSeverity": "3", + "VnetGwTunnelIngressPacketDropCountAlertState": "true", + "VnetGwTunnelIngressPacketDropCountPolicyEffect": "deployIfNotExists", + "VnetGwTunnelBWWindowSize": "PT5M", + "PIPPacketsInDDoSAlertSeverity": "4", + "FirewallHealthWindowSize": "PT5M", + "VnetGwTunnelEgressEvaluationFrequency": "PT5M", + "ERCIRQoSDropBitsoutPerSecWindowSize": "PT5M", + "VnetGwTunnelEgressWindowSize": "PT5M", + "VPNGWBandWidthUtilAlertState": "true", + "VPNGWIngressWindowSize": "PT5M", + "ERCIRQoSDropBitsinPerSecEvaluationFrequency": "PT5M", + "LBDatapathAvailabilityWindowSize": "PT5M", + "ALZMonitorDisableTagValues": [ + "true", + "Test", + "Dev", + "Sandbox" + ], "activityUDRUpdatePolicyEffect": "deployIfNotExists", - "ERGwExpressRouteCpuUtilAlertSeverity": "1", + "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": "deployIfNotExists", + "VPNGWTunnelEgressPacketDropMismatchFrequency": "PT5M", "VPNGwBGPPeerStatusEvaluationFrequency": "PT5M", - "activityVPNGWDeletePolicyEffect": "deployIfNotExists", - "VnetGwTunnelIngressAlertSeverity": "0", "ERPTxLightLevelHighPolicyEffect": "deployIfNotExists", - "LBGlobalBackendAvailabilityAlertSeverity": "0", - "PIPPacketsInDDoSEvaluationFrequency": "PT5M", - "PIPPacketsInDDoSAlertState": "true", - "VnetGwTunnelIngressPacketDropMismatchAlertSeverity": "3", - "VnetGwTunnelIngressPacketDropCountPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteBitsInAlertState": "true", - "VnetGwTunnelEgressPacketDropCountAlertState": "true", - "activityNSGDeletePolicyEffect": "deployIfNotExists", - "VPNGWTunnelEgressPacketDropMismatchAlertSeverity": "3", - "ERPTxLightLevelLowEvaluationFrequency": "PT1M", - "VNETDDOSAttackAlertSeverity": "1", - "VPNGwBGPPeerStatusAlertSeverity": "3", - "VnetGwExpressRouteBitsPerSecondThreshold": "1", - "ERCIRArpAvailabilityPolicyEffect": "deployIfNotExists", - "LBDatapathAvailabilityEvaluationFrequency": "PT1M", - "PIPPacketsInDDoSAlertSeverity": "4", - "FirewallHealthThreshold": "90", - "PDNSZCapacityUtilThreshold": "80", - "FirewallHealthAlertState": "true", - "PDNSZRecordSetCapacityWindowSize": "PT1H", - "VPNGWTunnelIngressPacketDropCountAlertSeverity": "3", - "ERCIRQoSDropBitsoutPerSecEvaluationFrequency": "PT5M", - "VPNGWIngressPolicyEffect": "disabled", - "ERGwExpressRouteBitsOutAlertState": "true", - "VPNGWTunnelIngressPacketDropMismatchFrequency": "PT5M", + "PIPPacketsInDDoSWindowSize": "PT5M", + "ALZMonitorDisableTagName": "MonitorDisable", + "ERGwExpressRouteCpuUtilThreshold": "80", + "PIPVIPAvailabilityThreshold": "1", + "ERGwExpressRouteBitsOutThreshold": "1", + "ERCIRBgpAvailabilityThreshold": "90", + "ERPBitsOutPerSecondPolicyEffect": "deployIfNotExists", + "LBDatapathAvailabilityPolicyEffect": "deployIfNotExists", + "PDNSZRegistrationCapacityUtilPolicyEffect": "deployIfNotExists", + "VnetGwTunnelEgressPacketDropMismatchWindowSize": "PT5M", + "VnetGwERCpuUtilAlertState": "true", + "VnetGwTunnelEgressThreshold": "1", + "ERPTxLightLevelLowWindowSize": "PT5M", + "VPNGWTunnelIngressPacketDropCountPolicyEffect": "deployIfNotExists", + "ERGwExpressRouteCpuUtilWindowSize": "PT5M", + "ERPBitsOutPerSecondAlertSeverity": "0", "PDNSZRecordSetCapacityThreshold": "80", - "VnetGwTunnelIngressPolicyEffect": "disabled", - "ERPBitsOutPerSecondWindowSize": "PT5M", - "AFWSNATPortUtilizationAlertSeverity": "1", - "VPNGWTunnelEgressPacketDropCountAlertState": "true", - "ERCIRQoSDropBitsoutPerSecAlertSeverity": "2", - "LBHealthProbeStatusWindowSize": "PT5M", - "ERPTxLightLevelLowAlertSeverity": "1", + "FirewallHealthPolicyEffect": "deployIfNotExists", + "activityFWDeletePolicyEffect": "deployIfNotExists", + "PIPVIPAvailabilityAlertState": "true", + "ERPLineProtocolEvaluationFrequency": "PT1M", + "VnetGwTunnelBWEvaluationFrequency": "PT1M", + "VnetGwTunnelEgressPolicyEffect": "disabled", "VnetGwTunnelEgressPacketDropCountEvaluationFrequency": "PT5M", - "ERCIRBgpAvailabilityWindowSize": "PT5M", - "VnetGwTunnelEgressPacketDropMismatchAlertState": "true", - "ERPBitsOutPerSecondAlertState": "true", - "ERCIRArpAvailabilityThreshold": "90", - "VPNGWTunnelEgressPacketDropMismatchWindowSize": "PT5M", - "LBUsedSNATPortsWindowSize": "PT5M", - "ERPRxLightLevelHighWindowSize": "PT5M", - "VPNGWBandWidthUtilWindowSize": "PT5M", - "VPNGWTunnelIngressPacketDropCountFrequency": "PT5M", - "ERPBitsOutPerSecondAlertSeverity": "0", - "VnetGwTunnelEgressPacketDropCountWindowSize": "PT5M", + "LBHealthProbeStatusWindowSize": "PT5M", "PIPDDoSAttackPolicyEffect": "deployIfNotExists", - "ERPBitsInPerSecondWindowSize": "PT5M", - "PIPDDoSAttackThreshold": "0", - "VnetGwTunnelEgressPacketDropMismatchWindowSize": "PT5M", - "PIPBytesInDDoSWindowSize": "PT5M", - "VnetGwTunnelIngressPacketDropCountAlertSeverity": "3", - "PDNSZRegistrationCapacityUtilWindowSize": "PT1H", - "ERGwExpressRouteCpuUtilThreshold": "80", + "VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency": "PT5M", + "ERPBitsOutPerSecondWindowSize": "PT5M", + "VnetGwExpressRouteBitsPerSecondThreshold": "1", + "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": "deployIfNotExists", + "AFWSNATPortUtilizationAlertState": "true", + "ERGwExpressRouteBitsOutAlertState": "true", + "AFWSNATPortUtilizationFrequency": "PT1M", + "VPNGwBGPPeerStatusPolicyEffect": "deployIfNotExists", + "VPNGWTunnelEgressPacketDropCountAlertSeverity": "3", + "VnetGwExpressRouteBitsPerSecondAlertState": "true", "PDNSZQueryVolumeEvaluationFrequency": "PT1H", - "ERPLineProtocolAlertState": "true", - "LBUsedSNATPortsAlertState": "true", - "PDNSZQueryVolumeAlertSeverity": "4", - "ERCIRArpAvailabilityAlertSeverity": "0", - "VPNGWTunnelEgressPacketDropCountPolicyEffect": "deployIfNotExists", - "ERCIRBgpAvailabilityThreshold": "90", - "ERPBitsInPerSecondAlertSeverity": "0", - "VNETDDOSAttackEvaluationFrequency": "PT1M", - "LBDatapathAvailabilityPolicyEffect": "deployIfNotExists", - "VNETDDOSAttackWindowSize": "PT5M", - "ERPBitsInPerSecondPolicyEffect": "deployIfNotExists", - "VPNGwBGPPeerStatusAlertState": "true", - "PDNSZQueryVolumePolicyEffect": "disabled", + "VPNGWIngressAutoMitigate": "true", + "PIPDDoSAttackEvaluationFrequency": "PT5M", + "VnetGwERCpuUtilAlertSeverity": "3", + "VPNGWTunnelEgressPacketDropMismatchAlertSeverity": "3", "ERCIRBgpAvailabilityAlertSeverity": "0", - "FirewallHealthPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteBitsInAlertSeverity": "0", - "VnetGwTunnelIngressPacketDropCountEvaluationFrequency": "PT5M", - "VnetGwExpressRouteBitsPerSecondWindowSize": "PT5M", - "ERCIRBgpAvailabilityEvaluationFrequency": "PT1M", + "VnetGwTunnelIngressPacketDropCountAlertSeverity": "3", + "VnetGwExpressRouteBitsPerSecondAlertSeverity": "0", + "VNETDDOSAttackWindowSize": "PT5M", "ERPRxLightLevelLowEvaluationFrequency": "PT1M", - "VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency": "PT5M", - "ERCIRArpAvailabilityWindowSize": "PT5M", - "ERPBitsInPerSecondEvaluationFrequency": "PT1M", + "VnetGwTunnelBWPolicyEffect": "deployIfNotExists", + "ERCIRQoSDropBitsinPerSecPolicyEffect": "deployIfNotExists", + "VNETDDOSAttackAlertSeverity": "1", + "PIPBytesInDDoSThreshold": "8000000", + "ERPTxLightLevelHighAlertSeverity": "1", + "PDNSZQueryVolumeThreshold": "500", "ERPRxLightLevelLowAlertSeverity": "1", - "VnetGwTunnelIngressPacketDropCountAlertState": "true", - "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": "deployIfNotExists", - "VPNGWEgressPolicyEffect": "disabled", - "VPNGWTunnelEgressPacketDropMismatchFrequency": "PT5M", + "VPNGwBGPPeerStatusWindowSize": "PT5M", + "ERPBitsInPerSecondWindowSize": "PT5M", + "VPNGWTunnelEgressPacketDropCountPolicyEffect": "deployIfNotExists", + "ERCIRArpAvailabilityAlertSeverity": "0", + "ERPRxLightLevelLowPolicyEffect": "deployIfNotExists", + "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": "deployIfNotExists", + "ERPLineProtocolWindowSize": "PT5M", + "FirewallHealthThreshold": "90", + "VnetGwTunnelEgressPacketDropCountWindowSize": "PT5M", + "ERGwExpressRouteBitsInThreshold": "1", "ERGwExpressRouteBitsOutWindowSize": "PT5M", + "PIPPacketsInDDoSEvaluationFrequency": "PT5M", + "FirewallHealthAlertSeverity": "0", + "VNETDDOSAttackEvaluationFrequency": "PT1M", + "VnetGwExpressRouteBitsPerSecondEvaluationFrequency": "PT1M", + "ERCIRArpAvailabilityWindowSize": "PT5M", + "LBUsedSNATPortsAlertSeverity": "1", "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "PIPPacketsInDDoSThreshold": "40000", - "activityNSGDeleteAlertState": "true", - "VnetGwTunnelIngressPacketDropMismatchWindowSize": "PT5M", - "VnetGwTunnelEgressWindowSize": "PT5M", - "ERGwExpressRouteCpuUtilPolicyEffect": "deployIfNotExists", - "AFWSNATPortUtilizationThreshold": "80", - "VPNGwBGPPeerStatusPolicyEffect": "deployIfNotExists", + "ERPLineProtocolPolicyEffect": "deployIfNotExists", "VnetGwERCpuUtilPolicyEffect": "deployIfNotExists", - "VnetGwTunnelBWAlertSeverity": "0", - "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": "deployIfNotExists", - "ERPLineProtocolEvaluationFrequency": "PT1M", - "ERPLineProtocolWindowSize": "PT5M", - "PDNSZQueryVolumeThreshold": "500", - "LBHealthProbeStatusEvaluationFrequency": "PT1M", - "VnetGwTunnelIngressAlertState": "true", + "VPNGWBandWidthUtilAlertSeverity": "0", + "VPNGWTunnelIngressPacketDropCountAlertState": "true", + "ERPTxLightLevelHighEvaluationFrequency": "PT1M", + "ERGwExpressRouteCpuUtilAlertSeverity": "1", + "VPNGwBGPPeerStatusAlertState": "true", + "AFWSNATPortUtilizationWindowSize": "PT5M", + "VPNGWTunnelIngressPacketDropCountFrequency": "PT5M", + "ERPRxLightLevelLowAlertState": "true", + "VNETDDOSAttackAlertState": "true", + "PDNSZRegistrationCapacityUtilWindowSize": "PT1H", + "VnetGwERCpuUtilWindowSize": "PT5M", + "AFWSNATPortUtilizationPolicyEffect": "deployIfNotExists", + "ERCIRQoSDropBitsinPerSecWindowSize": "PT5M", + "PIPBytesInDDoSEvaluationFrequency": "PT5M", + "PIPPacketsInDDoSPolicyEffect": "disabled", + "PIPDDoSAttackThreshold": "0", + "PDNSZRecordSetCapacityEvaluationFrequency": "PT1H", + "ERGwExpressRouteBitsInPolicyEffect": "disabled", + "VnetGwTunnelIngressPacketDropMismatchWindowSize": "PT5M", "VnetGwTunnelEgressPacketDropCountAlertSeverity": "1", - "LBGlobalBackendAvailabilityAlertState": "true", - "VnetGwTunnelBWThreshold": "1", "PIPVIPAvailabilityPolicyEffect": "deployIfNotExists", - "PDNSZCapacityUtilAlertSeverity": "2", - "VnetGwTunnelIngressWindowSize": "PT5M", - "ERPTxLightLevelHighAlertSeverity": "1", - "ERCIRQoSDropBitsoutPerSecPolicyEffect": "deployIfNotExists", - "VNETDDOSAttackAlertState": "true", - "VnetGwTunnelIngressPacketDropCountWindowSize": "PT5M", - "VPNGWTunnelIngressPacketDropMismatchWindowSize": "PT5M", - "PDNSZRecordSetCapacityAlertSeverity": "2", "ERGwExpressRouteBitsOutPolicyEffect": "disabled", - "LBUsedSNATPortsPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteCpuUtilWindowSize": "PT5M", - "ERPRxLightLevelHighAlertState": "true", - "ERPRxLightLevelHighEvaluationFrequency": "PT1M", - "VnetGwTunnelBWEvaluationFrequency": "PT1M", - "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": "deployIfNotExists", - "VnetGwTunnelIngressEvaluationFrequency": "PT5M", - "VnetGwTunnelEgressPacketDropCountPolicyEffect": "deployIfNotExists", - "VPNGWTunnelIngressPacketDropMismatchAlertState": "true", - "VNETDDOSAttackThreshold": "1", - "PIPBytesInDDoSThreshold": "8000000", + "ERGwExpressRouteCpuUtilEvaluationFrequency": "PT1M", + "activityVPNGWDeletePolicyEffect": "deployIfNotExists", + "ERCIRBgpAvailabilityPolicyEffect": "deployIfNotExists", + "PIPVIPAvailabilityWindowSize": "PT5M", + "VnetGwTunnelIngressPolicyEffect": "disabled", + "VnetGwTunnelBWThreshold": "1", "VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency": "PT5M", - "VPNGWTunnelEgressPacketDropCountAlertSeverity": "3", - "VnetGwERCpuUtilEvaluationFrequency": "PT1M", - "ERPTxLightLevelHighWindowSize": "PT5M", - "VPNGWIngressWindowSize": "PT5M", - "VnetGwTunnelIngressPacketDropMismatchAlertState": "true", - "AFWSNATPortUtilizationAlertState": "true", - "PDNSZQueryVolumeWindowSize": "PT1H", - "VPNGwBGPPeerStatusWindowSize": "PT5M", - "VPNGWEgressWindowSize": "PT5M", - "PIPPacketsInDDoSPolicyEffect": "disabled", - "ERCIRArpAvailabilityFrequency": "PT1M", - "VnetGwExpressRouteBitsPerSecondAlertState": "true", - "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": "deployIfNotExists", + "VnetGwERCpuUtilThreshold": "80", + "ERPBitsInPerSecondAlertState": "true", + "ERCIRBgpAvailabilityEvaluationFrequency": "PT1M", + "VnetGwExpressRouteBitsPerSecondPolicyEffect": "deployIfNotExists", + "ERPTxLightLevelLowPolicyEffect": "deployIfNotExists", + "ERPTxLightLevelLowEvaluationFrequency": "PT1M", + "VPNGWBandWidthUtilEvaluationFrequency": "PT5M", + "VnetGwTunnelIngressPacketDropCountWindowSize": "PT5M", "activityFWDeleteAlertState": "true", - "VPNGWEgressAlertState": "true", - "AFWSNATPortUtilizationWindowSize": "PT5M", - "VnetGwTunnelEgressThreshold": "1", - "VPNGWEgressEvaluationFrequency": "PT5M", + "AFWSNATPortUtilizationAlertSeverity": "1", + "ERPRxLightLevelHighAlertSeverity": "1", + "ERPTxLightLevelHighAlertState": "true", + "PDNSZCapacityUtilWindowSize": "PT1H", + "VPNGWEgressAlertSeverity": "0", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "LBHealthProbeStatusAlertSeverity": "2", - "VNETDDOSAttackPolicyEffect": "deployIfNotExists", - "ERPTxLightLevelLowPolicyEffect": "deployIfNotExists", - "LBDatapathAvailabilityAlertSeverity": "0", - "VnetGwExpressRouteBitsPerSecondEvaluationFrequency": "PT1M", - "VPNGWTunnelIngressPacketDropCountWindowSize": "PT5M", - "VnetGwTunnelBWWindowSize": "PT5M", - "PDNSZRecordSetCapacityPolicyEffect": "deployIfNotExists", + "VnetGwTunnelBWAlertSeverity": "0", + "AFWSNATPortUtilizationThreshold": "80", "VPNGWIngressAlertState": "true", - "VnetGwTunnelEgressEvaluationFrequency": "PT5M", - "VnetGwTunnelEgressPolicyEffect": "disabled", - "ERCIRQoSDropBitsinPerSecAlertSeverity": "2", - "PDNSZRegistrationCapacityUtilAlertSeverity": "2", - "VPNGWEgressAlertSeverity": "0", - "ERPBitsOutPerSecondEvaluationFrequency": "PT1M", - "PDNSZCapacityUtilWindowSize": "PT1H", - "ERCIRQoSDropBitsinPerSecWindowSize": "PT5M", - "VnetGwExpressRouteBitsPerSecondPolicyEffect": "deployIfNotExists", - "VPNGWTunnelIngressPacketDropMismatchAlertSeverity": "3", - "LBGlobalBackendAvailabilityWindowSize": "PT5M", - "ALZMonitorDisableTagValues": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "LBGlobalBackendAvailabilityPolicyEffect": "deployIfNotExists", - "ERGwExpressRouteBitsOutAlertSeverity": "0", - "VnetGwTunnelBWAlertState": "true", - "ALZMonitorDisableTagName": "MonitorDisable", - "PIPVIPAvailabilityAlertState": "true", - "ERGwExpressRouteBitsInPolicyEffect": "disabled", - "VPNGWTunnelEgressPacketDropMismatchAlertState": "true", - "VPNGWBandWidthUtilPolicyEffect": "deployIfNotExists", - "ERPTxLightLevelHighAlertState": "true", - "PDNSZRegistrationCapacityUtilAlertState": "true" + "VPNGWIngressEvaluationFrequency": "PT5M", + "ERPRxLightLevelHighWindowSize": "PT5M", + "VPNGWEgressThreshold": "1", + "VnetGwTunnelEgressAlertState": "true", + "PDNSZRegistrationCapacityUtilAlertState": "true", + "ERGwExpressRouteBitsInAlertSeverity": "0", + "activityVPNGWDeleteAlertState": "true", + "PIPVIPAvailabilityEvaluationFrequency": "PT1M", + "VnetGwTunnelIngressEvaluationFrequency": "PT5M", + "VnetGwTunnelEgressPacketDropCountPolicyEffect": "deployIfNotExists", + "PDNSZRecordSetCapacityWindowSize": "PT1H", + "VnetGwTunnelEgressPacketDropCountAlertState": "true", + "PDNSZRecordSetCapacityAlertState": "true", + "LBUsedSNATPortsEvaluationFrequency": "PT1M", + "ERCIRQoSDropBitsoutPerSecEvaluationFrequency": "PT5M" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-hybridvm-policySet.jsonc b/Definitions/policyAssignments/alerting-hybridvm-policySet.jsonc index 653ae30..a6ac685 100644 --- a/Definitions/policyAssignments/alerting-hybridvm-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-hybridvm-policySet.jsonc @@ -20,193 +20,193 @@ "_deployed_by_amba": true }, "parameters": { - "HybridVMNetworkInAlertState": "true", - "HybridVMDataDiskReadLatencyAlertState": "true", - "HybridVMPercentCPUTimeAggregation": "Count", - "HybridVMOSDiskWriteLatencyOperator": "GreaterThan", - "HybridVMPercentCPUWindowSize": "PT15M", - "HybridVMOSDiskWriteLatencyEvaluationPeriods": "1", - "HybridVMOSDiskSpaceAutoResolve": "true", - "HybridVMDataDiskSpaceAlertSeverity": "2", - "HybridVMNetworkOutWindowSize": "PT15M", - "HybridVMOSDiskReadLatencyPolicyEffect": "deployIfNotExists", - "HybridVMOSDiskReadLatencyThreshold": "30", - "HybridVMDisconnectedAlertPolicyEffect": "deployIfNotExists", - "HybridVMNetworkOutThreshold": "10000000", + "HybridVMOSDiskReadLatencyTimeAggregation": "Count", + "HybridVMDataDiskSpaceThreshold": "10", + "HybridVMDisconnectedAlertEvaluationPeriods": "1", + "HybridVMDataDiskSpacePolicyEffect": "deployIfNotExists", "HybridVMPercentCPUAlertState": "true", - "HybridVMOSDiskReadLatencyWindowSize": "PT15M", - "HybridVMPercentCPUPolicyEffect": "deployIfNotExists", + "HybridVMOSDiskReadLatencyFailingPeriods": "1", + "HybridVMDataDiskSpaceWindowSize": "PT15M", + "HybridVMNetworkOutAlertState": "true", "HybridVMOSDiskSpaceTimeAggregation": "Count", - "HybridVMNetworkOutAutoResolve": "true", - "HybridVMPercentCPUEvaluationFrequency": "PT5M", - "HybridVMOSDiskSpaceEvaluationPeriods": "1", - "HybridVMOSDiskSpaceComputersToInclude": [ + "HybridVMOSDiskWriteLatencyPolicyEffect": "deployIfNotExists", + "HybridVMDataDiskSpaceEvaluationPeriods": "1", + "HybridVMDataDiskWriteLatencyEvaluationPeriods": "1", + "HybridVMNetworkOutWindowSize": "PT15M", + "HybridVMNetworkInAlertState": "true", + "HybridVMOSDiskSpaceAutoMitigate": "true", + "HybridVMDisconnectedAlertPolicyEffect": "deployIfNotExists", + "HybridVMNetworkOutAlertSeverity": "2", + "HybridVMDataDiskWriteLatencyAlertState": "true", + "HybridVMOSDiskWriteLatencyTimeAggregation": "Count", + "HybridVMOSDiskSpaceAlertSeverity": "2", + "HybridVMNetworkInComputersToInclude": [ "*" ], + "HybridVMOSDiskWriteLatencyFailingPeriods": "1", + "HybridVMPercentMemoryAutoResolve": "true", + "HybridVMOSDiskReadLatencyAlertState": "true", "HybridVMPercentCPUThreshold": "85", - "HybridVMHeartBeatRGTimeAggregation": "Count", - "HybridVMDataDiskReadLatencyAutoResolve": "true", - "HybridVMPercentMemoryEvaluationFrequency": "PT5M", - "HybridVMOSDiskReadLatencyFailingPeriods": "1", - "HybridVMOSDiskSpaceWindowSize": "PT15M", - "HybridVMDataDiskReadLatencyOperator": "GreaterThan", - "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", - "HybridVMHeartBeatRGEvaluationFrequency": "PT5M", - "HybridVMDisconnectedAlertAutoMitigate": "false", - "HybridVMDisconnectedAlertEvaluationPeriods": "1", + "HybridVMDataDiskSpaceAutoResolveTime": "00:10:00", + "HybridVMPercentCPUEvaluationFrequency": "PT5M", "HybridVMHeartBeatRGAlertState": "true", - "HybridVMDataDiskWriteLatencyEvaluationPeriods": "1", - "HybridVMOSDiskSpacePolicyEffect": "deployIfNotExists", + "HybridVMDataDiskWriteLatencyTimeAggregation": "Count", + "HybridVMDataDiskSpaceEvaluationFrequency": "PT5M", + "HybridVMOSDiskWriteLatencyEvaluationFrequency": "PT5M", + "HybridVMNetworkOutThreshold": "10000000", + "HybridVMNetworkOutAutoMitigate": "true", + "HybridVMOSDiskSpaceOperator": "GreaterThan", + "HybridVMOSDiskReadLatencyOperator": "GreaterThan", + "HybridVMOSDiskWriteLatencyAutoResolve": "true", + "HybridVMNetworkInTimeAggregation": "Count", + "HybridVMDataDiskReadLatencyFailingPeriods": "1", + "HybridVMPercentMemoryFailingPeriods": "1", + "HybridVMOSDiskWriteLatencyAlertSeverity": "2", + "HybridVMNetworkOutAutoResolve": "true", + "HybridVMOSDiskSpaceWindowSize": "PT15M", + "HybridVMDataDiskReadLatencyTimeAggregation": "Count", + "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", + "HybridVMPercentCPUWindowSize": "PT15M", + "HybridVMOSDiskSpaceAutoResolve": "true", + "HybridVMDisconnectedAlertThreshold": "10m", + "HybridVMOSDiskReadLatencyPolicyEffect": "deployIfNotExists", + "HybridVMDataDiskWriteLatencyAutoMitigate": "true", + "HybridVMDataDiskWriteLatencyAlertSeverity": "2", + "HybridVMPercentMemoryOperator": "GreaterThan", "HybridVMPercentMemoryWindowSize": "PT15M", - "HybridVMHeartBeatRGFailingPeriods": "1", - "HybridVMOSDiskWriteLatencyAutoMitigate": "true", - "HybridVMPercentMemoryAutoMitigate": "true", - "HybridVMOSDiskReadLatencyAutoMitigate": "true", - "HybridVMOSDiskWriteLatencyFailingPeriods": "1", - "HybridVMDisconnectedAlertFailingPeriods": "1", - "HybridVMDisconnectedAlertEvaluationFrequency": "PT10M", + "HybridVMNetworkInPolicyEffect": "deployIfNotExists", + "HybridVMPercentMemoryEvaluationFrequency": "PT5M", + "HybridVMOSDiskSpaceFailingPeriods": "1", + "HybridVMDisconnectedAlertWindowSize": "P1D", "HybridVMOSDiskReadLatencyComputersToInclude": [ "*" ], + "HybridVMDataDiskWriteLatencyComputersToInclude": [ + "*" + ], + "HybridVMHeartBeatRGEvaluationFrequency": "PT5M", + "HybridVMOSDiskWriteLatencyAutoMitigate": "true", + "HybridVMOSDiskReadLatencyAutoMitigate": "true", + "HybridVMPercentCPUAlertSeverity": "2", + "HybridVMNetworkOutOperator": "GreaterThan", + "HybridVMDisconnectedAlertSeverity": "1", + "HybridVMNetworkInAlertSeverity": "2", + "HybridVMDataDiskReadLatencyAutoResolve": "true", + "HybridVMNetworkOutEvaluationFrequency": "PT5M", + "HybridVMOSDiskWriteLatencyThreshold": "30", + "HybridVMDataDiskWriteLatencyPolicyEffect": "deployIfNotExists", + "HybridVMNetworkOutFailingPeriods": "1", + "HybridVMOSDiskSpaceAlertState": "true", "HybridVMDataDiskSpaceOperator": "GreaterThan", + "HybridVMNetworkInWindowSize": "PT15M", + "HybridVMNetworkOutEvaluationPeriods": "1", + "HybridVMPercentMemoryThreshold": "10", + "HybridVMNetworkInAutoResolve": "true", + "HybridVMHeartBeatRGOperator": "GreaterThan", + "HybridVMDisconnectedAlertOperator": "GreaterThan", + "HybridVMDataDiskWriteLatencyAutoResolveTime": "00:10:00", + "HybridVMNetworkInEvaluationFrequency": "PT5M", + "ALZMonitorDisableTagValues": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "HybridVMHeartBeatRGAutoResolveTime": "00:10:00", "HybridVMNetworkInFailingPeriods": "1", - "HybridVMDataDiskReadLatencyFailingPeriods": "1", - "HybridVMDataDiskWriteLatencyAutoMitigate": "true", - "HybridVMDataDiskReadLatencyComputersToInclude": [ + "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", + "HybridVMPercentCPUPolicyEffect": "deployIfNotExists", + "HybridVMOSDiskReadLatencyAutoResolve": "true", + "ALZMonitorDisableTagName": "MonitorDisable", + "HybridVMOSDiskReadLatencyEvaluationPeriods": "1", + "HybridVMNetworkOutComputersToInclude": [ "*" ], - "HybridVMDataDiskReadLatencyTimeAggregation": "Count", - "HybridVMDataDiskWriteLatencyAlertSeverity": "2", - "HybridVMDataDiskReadLatencyEvaluationPeriods": "1", - "HybridVMDataDiskWriteLatencyOperator": "GreaterThan", - "HybridVMNetworkInEvaluationFrequency": "PT5M", - "HybridVMNetworkOutAutoMitigate": "true", + "HybridVMNetworkOutAutoResolveTime": "00:10:00", + "HybridVMDataDiskWriteLatencyWindowSize": "PT15M", + "HybridVMPercentCPUAutoResolveTime": "00:10:00", "HybridVMOSDiskWriteLatencyWindowSize": "PT15M", - "HybridVMNetworkOutFailingPeriods": "1", - "HybridVMDisconnectedAlertThreshold": "10m", - "ALZMonitorResourceGroupLocation": "eastus", - "HybridVMOSDiskSpaceAlertState": "true", - "HybridVMHeartBeatRGAutoMitigate": "true", - "HybridVMDataDiskWriteLatencyAutoResolve": "true", - "HybridVMOSDiskSpaceFailingPeriods": "1", - "HybridVMNetworkInAutoMitigate": "true", - "HybridVMPercentMemoryAlertState": "true", - "HybridVMHeartBeatRGAutoResolve": "true", - "HybridVMOSDiskSpaceAutoResolveTime": "00:10:00", + "HybridVMNetworkOutTimeAggregation": "Count", "HybridVMPercentCPUFailingPeriods": "1", - "HybridVMNetworkInWindowSize": "PT15M", + "HybridVMDataDiskSpaceAlertState": "true", + "HybridVMPercentCPUAutoResolve": "true", + "HybridVMDisconnectedAlertTimeAggregation": "Count", "HybridVMDataDiskReadLatencyEvaluationFrequency": "PT5M", - "HybridVMNetworkInEvaluationPeriods": "1", - "HybridVMHeartBeatRGAlertSeverity": "1", - "HybridVMOSDiskWriteLatencyAlertSeverity": "2", - "HybridVMDataDiskReadLatencyThreshold": "30", - "HybridVMPercentMemoryAutoResolve": "true", + "HybridVMPercentMemoryAutoResolveTime": "00:10:00", + "HybridVMPercentMemoryTimeAggregation": "Count", + "HybridVMNetworkInAutoMitigate": "true", "HybridVMDataDiskReadLatencyPolicyEffect": "deployIfNotExists", - "HybridVMNetworkInOperator": "GreaterThan", - "HybridVMDataDiskWriteLatencyAutoResolveTime": "00:10:00", - "HybridVMDataDiskSpaceAutoMitigate": "true", - "HybridVMNetworkInPolicyEffect": "deployIfNotExists", - "HybridVMHeartBeatRGAutoResolveTime": "00:10:00", + "HybridVMDataDiskReadLatencyComputersToInclude": [ + "*" + ], "HybridVMOSDiskReadLatencyAlertSeverity": "2", - "HybridVMOSDiskWriteLatencyAutoResolveTime": "00:10:00", - "HybridVMDisconnectedAlertState": "true", - "HybridVMDataDiskSpaceThreshold": "10", - "HybridVMNetworkOutEvaluationPeriods": "1", - "HybridVMOSDiskReadLatencyOperator": "GreaterThan", - "HybridVMNetworkOutEvaluationFrequency": "PT5M", - "HybridVMDataDiskSpaceEvaluationPeriods": "1", - "HybridVMPercentMemoryPolicyEffect": "deployIfNotExists", - "HybridVMHeartBeatRGOperator": "GreaterThan", - "HybridVMOSDiskSpaceAutoMitigate": "true", - "HybridVMDisconnectedAlertWindowSize": "P1D", - "HybridVMNetworkOutPolicyEffect": "deployIfNotExists", - "HybridVMOSDiskReadLatencyAlertState": "true", - "HybridVMPercentCPUAutoResolveTime": "00:10:00", - "HybridVMHeartBeatRGThreshold": "10", - "HybridVMNetworkInThreshold": "10000000", - "HybridVMNetworkOutComputersToInclude": [ + "HybridVMOSDiskSpaceComputersToInclude": [ "*" ], - "HybridVMNetworkInAutoResolveTime": "00:10:00", + "HybridVMNetworkInOperator": "GreaterThan", + "HybridVMDataDiskSpaceAutoResolve": "true", + "HybridVMOSDiskSpaceEvaluationPeriods": "1", "HybridVMDataDiskReadLatencyAlertSeverity": "2", - "HybridVMOSDiskReadLatencyAutoResolve": "true", + "HybridVMDataDiskWriteLatencyAutoResolve": "true", + "HybridVMDataDiskWriteLatencyEvaluationFrequency": "PT5M", + "HybridVMPercentCPUTimeAggregation": "Count", + "HybridVMDataDiskReadLatencyAlertState": "true", + "HybridVMDataDiskSpaceTimeAggregation": "Count", + "HybridVMOSDiskSpaceEvaluationFrequency": "PT5M", + "HybridVMDataDiskReadLatencyAutoMitigate": "true", + "HybridVMOSDiskWriteLatencyOperator": "GreaterThan", + "HybridVMOSDiskSpacePolicyEffect": "deployIfNotExists", + "HybridVMDataDiskWriteLatencyFailingPeriods": "1", + "HybridVMDataDiskReadLatencyThreshold": "30", + "HybridVMHeartBeatRGTimeAggregation": "Count", + "HybridVMNetworkInThreshold": "10000000", + "HybridVMPercentMemoryAlertState": "true", + "HybridVMHeartBeatRGFailingPeriods": "1", + "HybridVMDisconnectedAlertEvaluationFrequency": "PT10M", + "HybridVMHeartBeatRGWindowSize": "PT6H", "HybridVMDataDiskWriteLatencyThreshold": "30", - "HybridVMDataDiskSpaceWindowSize": "PT15M", + "HybridVMOSDiskReadLatencyAutoResolveTime": "00:10:00", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", + "ALZMonitorResourceGroupLocation": "eastus", + "HybridVMOSDiskWriteLatencyEvaluationPeriods": "1", + "HybridVMHeartBeatRGAutoResolve": "true", + "HybridVMOSDiskSpaceThreshold": "10", + "HybridVMOSDiskWriteLatencyAlertState": "true", + "HybridVMDataDiskReadLatencyAutoResolveTime": "00:10:00", + "HybridVMDataDiskReadLatencyWindowSize": "PT15M", + "HybridVMDataDiskSpaceAutoMitigate": "true", + "HybridVMPercentMemoryAutoMitigate": "true", + "HybridVMPercentCPUOperator": "GreaterThan", + "HybridVMDisconnectedAlertFailingPeriods": "1", + "HybridVMOSDiskSpaceAutoResolveTime": "00:10:00", + "HybridVMPercentMemoryPolicyEffect": "deployIfNotExists", + "HybridVMDataDiskSpaceAlertSeverity": "2", + "HybridVMDataDiskReadLatencyEvaluationPeriods": "1", + "HybridVMHeartBeatRGAutoMitigate": "true", + "HybridVMOSDiskReadLatencyThreshold": "30", + "HybridVMDataDiskSpaceFailingPeriods": "1", "HybridVMHeartBeatRGPolicyEffect": "deployIfNotExists", - "HybridVMNetworkOutAutoResolveTime": "00:10:00", - "HybridVMOSDiskWriteLatencyEvaluationFrequency": "PT5M", + "HybridVMNetworkOutPolicyEffect": "deployIfNotExists", + "HybridVMNetworkInAutoResolveTime": "00:10:00", + "HybridVMDisconnectedAlertAutoMitigate": "false", "HybridVMOSDiskWriteLatencyComputersToInclude": [ "*" ], - "HybridVMOSDiskSpaceAlertSeverity": "2", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "HybridVMDataDiskWriteLatencyAlertState": "true", "HybridVMOSDiskReadLatencyEvaluationFrequency": "PT5M", - "HybridVMDataDiskSpacePolicyEffect": "deployIfNotExists", - "HybridVMOSDiskSpaceEvaluationFrequency": "PT5M", - "HybridVMPercentMemoryThreshold": "10", - "HybridVMDataDiskWriteLatencyPolicyEffect": "deployIfNotExists", - "HybridVMDataDiskSpaceTimeAggregation": "Count", - "HybridVMOSDiskReadLatencyTimeAggregation": "Count", - "HybridVMNetworkOutOperator": "GreaterThan", - "HybridVMDisconnectedAlertOperator": "GreaterThan", - "HybridVMDataDiskSpaceFailingPeriods": "1", - "HybridVMNetworkInAutoResolve": "true", - "HybridVMDisconnectedAlertTimeAggregation": "Count", - "HybridVMNetworkOutTimeAggregation": "Count", - "HybridVMDataDiskSpaceEvaluationFrequency": "PT5M", - "HybridVMPercentMemoryTimeAggregation": "Count", - "HybridVMNetworkInAlertSeverity": "2", - "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", - "HybridVMPercentCPUAlertSeverity": "2", - "HybridVMNetworkOutAlertSeverity": "2", - "HybridVMNetworkOutAlertState": "true", - "HybridVMPercentCPUAutoResolve": "true", - "HybridVMDisconnectedAlertSeverity": "1", - "HybridVMDataDiskWriteLatencyTimeAggregation": "Count", - "HybridVMPercentMemoryAutoResolveTime": "00:10:00", - "HybridVMPercentMemoryFailingPeriods": "1", - "HybridVMNetworkInTimeAggregation": "Count", - "HybridVMDataDiskWriteLatencyWindowSize": "PT15M", - "HybridVMDataDiskWriteLatencyEvaluationFrequency": "PT5M", - "HybridVMDataDiskWriteLatencyComputersToInclude": [ - "*" - ], - "HybridVMOSDiskWriteLatencyPolicyEffect": "deployIfNotExists", - "HybridVMDataDiskSpaceAutoResolveTime": "00:10:00", - "HybridVMOSDiskWriteLatencyThreshold": "30", - "HybridVMDataDiskReadLatencyAutoResolveTime": "00:10:00", + "HybridVMOSDiskReadLatencyWindowSize": "PT15M", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "HybridVMDataDiskSpaceAutoResolve": "true", - "HybridVMOSDiskWriteLatencyAlertState": "true", - "HybridVMOSDiskReadLatencyEvaluationPeriods": "1", - "HybridVMOSDiskSpaceThreshold": "10", - "HybridVMPercentCPUOperator": "GreaterThan", + "HybridVMNetworkInEvaluationPeriods": "1", + "HybridVMOSDiskWriteLatencyAutoResolveTime": "00:10:00", "BYOUserAssignedManagedIdentityResourceId": "", - "ALZMonitorDisableTagValues": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "HybridVMOSDiskWriteLatencyAutoResolve": "true", - "HybridVMDataDiskReadLatencyAutoMitigate": "true", - "HybridVMDataDiskReadLatencyWindowSize": "PT15M", - "HybridVMHeartBeatRGWindowSize": "PT6H", - "HybridVMDataDiskSpaceAlertState": "true", - "HybridVMDataDiskWriteLatencyFailingPeriods": "1", - "HybridVMPercentMemoryOperator": "GreaterThan", - "HybridVMOSDiskSpaceOperator": "GreaterThan", "HybridVMPercentMemoryAlertSeverity": "2", - "ALZMonitorDisableTagName": "MonitorDisable", + "HybridVMHeartBeatRGAlertSeverity": "1", + "HybridVMDisconnectedAlertState": "true", "HybridVMPercentCPUAutoMitigate": "true", - "HybridVMOSDiskWriteLatencyTimeAggregation": "Count", - "HybridVMOSDiskReadLatencyAutoResolveTime": "00:10:00", - "HybridVMNetworkInComputersToInclude": [ - "*" - ] + "HybridVMHeartBeatRGThreshold": "10", + "HybridVMDataDiskReadLatencyOperator": "GreaterThan", + "HybridVMDataDiskWriteLatencyOperator": "GreaterThan" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-identity-policySet.jsonc b/Definitions/policyAssignments/alerting-identity-policySet.jsonc index 830d15c..b8d5c37 100644 --- a/Definitions/policyAssignments/alerting-identity-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-identity-policySet.jsonc @@ -20,57 +20,57 @@ "_deployed_by_amba": true }, "parameters": { - "ALZMonitorResourceGroupTags": { - "Project": "amba-monitoring" - }, - "KVCapacityAlertState": "true", - "KVCapacityWindowSize": "PT5M", - "activityKVDeletePolicyEffect": "deployIfNotExists", - "KVRequestWindowSize": "PT5M", "ALZMonitorDisableTagName": "MonitorDisable", - "activityHSMsDeleteAlertState": "true", - "HSMsLatencyAvailabilityWindowSize": "PT5M", - "KvLatencyAvailabilityWindowSize": "PT5M", - "KvAvailabilityPolicyEffect": "disabled", "KvLatencyAvailabilityAlertState": "true", - "KVCapacityEvaluationFrequency": "PT1M", - "KvAvailabilityAlertState": "true", - "KVRequestAlertSeverity": "2", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "KVRequestPolicyEffect": "disabled", - "HSMsAvailabilityEvaluationFrequency": "PT1M", - "ALZMonitorResourceGroupLocation": "eastus", - "KvLatencyAvailabilityThreshold": "1000", - "HSMsAvailabilityThreshold": "20", - "KVRequestEvaluationFrequency": "PT5M", + "KVCapacityWindowSize": "PT5M", + "KvLatencyAvailabilityWindowSize": "PT5M", "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "activityHSMsDeletePolicyEffect": "deployIfNotExists", - "KVAvailabilityThreshold": "20", "HSMsLatencyAvailabilityThreshold": "1000", - "HSMsLatencyAvailabilityAlertState": "true", + "HSMsAvailabilityThreshold": "20", + "KvLatencyAvailabilityAlertSeverity": "3", "KVCapacityPolicyEffect": "disabled", "KvLatencyAvailabilityEvaluationFrequency": "PT5M", - "KvAvailabilityWindowSize": "PT1M", - "HSMsAvailabilityAlertSeverity": "1", + "KVCapacityEvaluationFrequency": "PT1M", + "HSMsLatencyAvailabilityAlertSeverity": "3", + "HSMsLatencyAvailabilityPolicyEffect": "disabled", + "HSMsAvailabilityPolicyEffect": "disabled", + "KVAvailabilityThreshold": "20", "KvLatencyAvailabilityPolicyEffect": "disabled", + "HSMsAvailabilityAlertState": "true", + "activityKVDeletePolicyEffect": "deployIfNotExists", + "ALZMonitorResourceGroupTags": { + "Project": "amba-monitoring" + }, "KVRequestAlertState": "true", - "HSMsLatencyAvailabilityEvaluationFrequency": "PT5M", + "KVCapacityAlertSeverity": "1", + "KVRequestEvaluationFrequency": "PT5M", + "KvAvailabilityPolicyEffect": "disabled", + "KVCapacityAlertState": "true", + "activityHSMsDeleteAlertState": "true", + "KVRequestWindowSize": "PT5M", + "HSMsLatencyAvailabilityWindowSize": "PT5M", "activityKVDeleteAlertState": "true", + "KvAvailabilityWindowSize": "PT1M", + "KVCapacityThreshold": "75", + "KvLatencyAvailabilityThreshold": "1000", + "HSMsLatencyAvailabilityAlertState": "true", + "KVRequestPolicyEffect": "disabled", "HSMsAvailabilityWindowSize": "PT1M", - "HSMsAvailabilityPolicyEffect": "disabled", - "HSMsLatencyAvailabilityAlertSeverity": "3", - "KvLatencyAvailabilityAlertSeverity": "3", - "HSMsAvailabilityAlertState": "true", - "HSMsLatencyAvailabilityPolicyEffect": "disabled", + "HSMsLatencyAvailabilityEvaluationFrequency": "PT5M", + "KvAvailabilityEvaluationFrequency": "PT1M", + "ALZMonitorResourceGroupLocation": "eastus", "KvAvailabilityAlertSeverity": "1", - "KVCapacityThreshold": "75", - "KVCapacityAlertSeverity": "1", - "KvAvailabilityEvaluationFrequency": "PT1M" + "KVRequestAlertSeverity": "2", + "activityHSMsDeletePolicyEffect": "deployIfNotExists", + "KvAvailabilityAlertState": "true", + "HSMsAvailabilityEvaluationFrequency": "PT1M", + "HSMsAvailabilityAlertSeverity": "1" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-keymanagement-policySet.jsonc b/Definitions/policyAssignments/alerting-keymanagement-policySet.jsonc index 91bc714..97830e3 100644 --- a/Definitions/policyAssignments/alerting-keymanagement-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-keymanagement-policySet.jsonc @@ -20,57 +20,57 @@ "_deployed_by_amba": true }, "parameters": { - "ALZMonitorResourceGroupTags": { - "Project": "amba-monitoring" - }, - "KVCapacityAlertState": "true", - "KVCapacityWindowSize": "PT5M", - "activityKVDeletePolicyEffect": "deployIfNotExists", - "KVRequestWindowSize": "PT5M", "ALZMonitorDisableTagName": "MonitorDisable", - "activityHSMsDeleteAlertState": "true", - "HSMsLatencyAvailabilityWindowSize": "PT5M", - "KvLatencyAvailabilityWindowSize": "PT5M", - "KvAvailabilityPolicyEffect": "disabled", "KvLatencyAvailabilityAlertState": "true", - "KVCapacityEvaluationFrequency": "PT1M", - "KvAvailabilityAlertState": "true", - "KVRequestAlertSeverity": "2", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "KVRequestPolicyEffect": "disabled", - "HSMsAvailabilityEvaluationFrequency": "PT1M", - "ALZMonitorResourceGroupLocation": "eastus", - "KvLatencyAvailabilityThreshold": "1000", - "HSMsAvailabilityThreshold": "20", - "KVRequestEvaluationFrequency": "PT5M", + "KvLatencyAvailabilityWindowSize": "PT5M", "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "activityHSMsDeletePolicyEffect": "deployIfNotExists", - "KVAvailabilityThreshold": "20", "HSMsLatencyAvailabilityThreshold": "1000", - "HSMsLatencyAvailabilityAlertSeverity": "3", + "KvLatencyAvailabilityAlertSeverity": "3", "KVCapacityPolicyEffect": "disabled", "KvLatencyAvailabilityEvaluationFrequency": "PT5M", - "KvAvailabilityWindowSize": "PT1M", - "HSMsAvailabilityAlertSeverity": "1", + "HSMsLatencyAvailabilityAlertSeverity": "3", + "HSMsLatencyAvailabilityPolicyEffect": "disabled", + "HSMsAvailabilityPolicyEffect": "disabled", + "KVAvailabilityThreshold": "20", "KvLatencyAvailabilityPolicyEffect": "disabled", + "HSMsLatencyAvailabilityAlertState": "true", + "KVCapacityWindowSize": "PT5M", + "activityKVDeletePolicyEffect": "deployIfNotExists", + "ALZMonitorResourceGroupTags": { + "Project": "amba-monitoring" + }, + "HSMsLatencyAvailabilityWindowSize": "PT5M", "KVRequestAlertState": "true", - "HSMsLatencyAvailabilityEvaluationFrequency": "PT5M", + "KVCapacityAlertSeverity": "1", + "KVRequestEvaluationFrequency": "PT5M", + "KvAvailabilityPolicyEffect": "disabled", + "KVCapacityAlertState": "true", + "activityHSMsDeleteAlertState": "true", + "KVRequestWindowSize": "PT5M", + "KVCapacityEvaluationFrequency": "PT1M", + "activityHSMsDeletePolicyEffect": "deployIfNotExists", "activityKVDeleteAlertState": "true", + "KvAvailabilityWindowSize": "PT1M", + "KVCapacityThreshold": "75", + "KvLatencyAvailabilityThreshold": "1000", + "HSMsAvailabilityThreshold": "20", + "KVRequestPolicyEffect": "disabled", "HSMsAvailabilityWindowSize": "PT1M", - "HSMsAvailabilityPolicyEffect": "disabled", - "KvLatencyAvailabilityAlertSeverity": "3", - "HSMsAvailabilityAlertState": "true", - "HSMsLatencyAvailabilityPolicyEffect": "disabled", + "HSMsLatencyAvailabilityEvaluationFrequency": "PT5M", + "KvAvailabilityEvaluationFrequency": "PT1M", "KvAvailabilityAlertSeverity": "1", - "KVCapacityThreshold": "75", - "KVCapacityAlertSeverity": "1", - "HSMsLatencyAvailabilityAlertState": "true", - "KvAvailabilityEvaluationFrequency": "PT1M" + "KVRequestAlertSeverity": "2", + "HSMsAvailabilityAlertState": "true", + "ALZMonitorResourceGroupLocation": "eastus", + "KvAvailabilityAlertState": "true", + "HSMsAvailabilityEvaluationFrequency": "PT1M", + "HSMsAvailabilityAlertSeverity": "1" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-loadbalancing-policySet.jsonc b/Definitions/policyAssignments/alerting-loadbalancing-policySet.jsonc index f0b37fd..6a41c94 100644 --- a/Definitions/policyAssignments/alerting-loadbalancing-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-loadbalancing-policySet.jsonc @@ -20,142 +20,142 @@ "_deployed_by_amba": true }, "parameters": { - "PIPVIPAvailabilityPolicyEffect": "deployIfNotExists", - "AGWComputeUnitsWindowSize": "PT5M", - "FDBackendHealthPolicyEffect": "deployIfNotExists", - "PIPDDoSAttackEvaluationFrequency": "PT5M", + "AGWResponseStatusAlertSensitivity": "Medium", + "CDNPOriginHealthPercentagePolicyEffect": "deployIfNotExists", "PIPVIPAvailabilityAlertState": "true", - "AGWCapacityUnitsAlertSeverity": "2", + "AGWResponseStatusWindowSize": "PT5M", + "AGWBackendLastByteResponseTimeAlertState": "true", + "AGWCapacityUnitsPolicyEffect": "deployIfNotExists", + "PIPBytesInDDoSAlertState": "true", + "AGWComputeUnitsPolicyEffect": "deployIfNotExists", + "PIPBytesInDDoSPolicyEffect": "disabled", + "CDNPPercentage4XXWindowSize": "PT5M", + "CDNPOriginLatencyEvaluationFrequency": "PT1M", + "LBGlobalBackendAvailabilityWindowSize": "PT5M", "LBHealthProbeStatusPolicyEffect": "deployIfNotExists", - "AGWResponseStatusAlertState": "true", - "CDNPOriginHealthPercentageAlertSeverity": "2", - "LBUsedSNATPortsAlertSeverity": "1", - "FDBackendRequestLatencyPolicyEffect": "deployIfNotExists", - "LBDatapathAvailabilityAlertSeverity": "0", - "CDNPOriginHealthPercentageWindowSize": "PT5M", - "CDNPOriginHealthPercentageEvaluationFrequency": "PT1M", - "CDNPOriginLatencyPolicyEffect": "disabled", - "PIPPacketsInDDoSAlertState": "true", - "CDNPPercentage5XXEvaluationFrequency": "PT1M", - "AGWApplicationGatewayTotalTimePolicyEffect": "deployIfNotExists", - "AGWApplicationGatewayTotalTimeEvaluationFrequency": "PT1M", - "AGWUnhealthyHostCountWindowSize": "PT5M", + "VNETDDOSAttackAlertState": "true", + "TMEndpointHealthWindowSize": "PT5M", + "AGWResponseStatusPolicyEffect": "deployIfNotExists", + "PIPVIPAvailabilityWindowSize": "PT5M", "AGWFailedRequestsAlertSeverity": "2", - "LBHealthProbeStatusWindowSize": "PT5M", - "AGWUnhealthyHostCountEvaluationFrequency": "PT1M", - "AGWCPUUtilAlertSeverity": "2", - "VNETDDOSAttackEvaluationFrequency": "PT1M", - "AGWFailedRequestsPolicyEffect": "deployIfNotExists", - "AGWComputeUnitsEvaluationFrequency": "PT1M", - "PIPPacketsInDDoSAlertSeverity": "4", - "AGWFailedRequestsWindowSize": "PT5M", - "PIPDDoSAttackThreshold": "0", - "LBUsedSNATPortsPolicyEffect": "deployIfNotExists", - "TMEndpointHealthPolicyEffect": "deployIfNotExists", - "AGWUnhealthyHostCountAlertSeverity": "2", - "ALZMonitorDisableTagName": "MonitorDisable", - "AGWResponseStatusEvaluationFrequency": "PT1M", - "CDNPOriginHealthPercentagePolicyEffect": "deployIfNotExists", + "LBUsedSNATPortsWindowSize": "PT5M", + "PIPPacketsInDDoSAlertState": "true", + "CDNPOriginLatencyAlertState": "true", "AGWCapacityUnitsWindowSize": "PT5M", - "AGWBackendLastByteResponseTimeWindowSize": "PT5M", - "LBGlobalBackendAvailabilityAlertState": "true", - "PIPBytesInDDoSAlertSeverity": "4", - "VNETDDOSAttackWindowSize": "PT5M", - "PIPPacketsInDDoSThreshold": "40000", - "AGWComputeUnitsPolicyEffect": "deployIfNotExists", - "CDNPOriginHealthPercentageAlertState": "true", + "AGWComputeUnitsWindowSize": "PT5M", + "FDBackendHealthAlertSeverity": "2", + "LBDatapathAvailabilityEvaluationFrequency": "PT1M", + "CDNPPercentage5XXPolicyEffect": "deployIfNotExists", + "AGWApplicationGatewayTotalTimeWindowSize": "PT5M", + "AGWApplicationGatewayTotalTimeAlertState": "true", + "CDNPOriginHealthPercentageEvaluationFrequency": "PT1M", + "LBDatapathAvailabilityPolicyEffect": "deployIfNotExists", + "AGWApplicationGatewayTotalTimeEvaluationFrequency": "PT1M", "PIPVIPAvailabilityThreshold": "1", - "AGWBackendLastByteResponseTimeAlertSensitivity": "Medium", - "AGWCPUUtilWindowSize": "PT5M", - "CDNPPercentage4XXWindowSize": "PT5M", - "AGWUnhealthyHostCountAlertState": "true", - "FDBackendRequestLatencyEvaluationFrequency": "PT1M", - "AGWResponseStatusAlertSensitivity": "Medium", - "AGWCPUUtilEvaluationFrequency": "PT1M", - "AGWApplicationGatewayTotalTimeAlertSeverity": "2", - "AGWBackendLastByteResponseTimeEvaluationFrequency": "PT1M", - "PIPBytesInDDoSEvaluationFrequency": "PT5M", + "FDBackendRequestLatencyPolicyEffect": "deployIfNotExists", + "PIPVIPAvailabilityPolicyEffect": "deployIfNotExists", + "AGWCapacityUnitsAlertSeverity": "2", + "LBGlobalBackendAvailabilityPolicyEffect": "deployIfNotExists", "PIPDDoSAttackAlertState": "true", - "LBGlobalBackendAvailabilityEvaluationFrequency": "PT1M", - "AGWCapacityUnitsAlertState": "true", - "AGWComputeUnitsAlertSeverity": "2", - "AGWCPUUtilAlertState": "true", - "PIPPacketsInDDoSEvaluationFrequency": "PT5M", - "AGWBackendLastByteResponseTimePolicyEffect": "deployIfNotExists", - "LBGlobalBackendAvailabilityWindowSize": "PT5M", - "PIPPacketsInDDoSWindowSize": "PT5M", + "CDNPOriginLatencyWindowSize": "PT5M", + "AGWCapacityUnitsEvaluationFrequency": "PT1M", + "LBUsedSNATPortsAlertState": "true", + "CDNPOriginLatencyAlertSeverity": "2", "CDNPPercentage5XXAlertSeverity": "2", - "AGWResponseStatusPolicyEffect": "deployIfNotExists", - "VNETDDOSAttackAlertState": "true", + "CDNPPercentage4XXAlertState": "true", + "FDBackendRequestLatencyAlertState": "true", + "AGWComputeUnitsEvaluationFrequency": "PT1M", + "VNETDDOSAttackPolicyEffect": "deployIfNotExists", + "PIPPacketsInDDoSAlertSeverity": "4", + "AGWBackendLastByteResponseTimeAlertSeverity": "2", + "PIPPacketsInDDoSWindowSize": "PT5M", + "AGWCPUUtilAlertState": "true", + "LBDatapathAvailabilityAlertState": "true", "AGWApplicationGatewayTotalTimeAlertSensitivity": "Medium", + "LBDatapathAvailabilityAlertSeverity": "0", + "AGWBackendLastByteResponseTimeWindowSize": "PT5M", + "PIPPacketsInDDoSEvaluationFrequency": "PT5M", "CDNPPercentage4XXAlertSeverity": "2", - "CDNPPercentage5XXAlertState": "true", - "CDNPOriginLatencyEvaluationFrequency": "PT1M", - "LBDatapathAvailabilityEvaluationFrequency": "PT1M", - "FDBackendRequestLatencyWindowSize": "PT5M", + "TMEndpointHealthAlertState": "true", + "LBDatapathAvailabilityWindowSize": "PT5M", + "LBUsedSNATPortsEvaluationFrequency": "PT1M", + "PIPDDoSAttackEvaluationFrequency": "PT5M", + "FDBackendHealthEvaluationFrequency": "PT1M", + "PIPBytesInDDoSThreshold": "8000000", + "AGWFailedRequestsAlertSensitivity": "Medium", + "FDBackendRequestLatencyAlertSeverity": "2", + "AGWResponseStatusAlertSeverity": "2", + "PIPDDoSAttackThreshold": "0", + "PIPBytesInDDoSEvaluationFrequency": "PT5M", + "PIPBytesInDDoSWindowSize": "PT5M", + "AGWApplicationGatewayTotalTimePolicyEffect": "deployIfNotExists", + "FDBackendRequestLatencyEvaluationFrequency": "PT1M", + "CDNPPercentage4XXPolicyEffect": "deployIfNotExists", + "CDNPOriginHealthPercentageWindowSize": "PT5M", "PIPDDoSAttackWindowSize": "PT5M", - "CDNPOriginLatencyWindowSize": "PT5M", - "FDBackendHealthAlertSeverity": "2", - "AGWBackendLastByteResponseTimeAlertState": "true", - "CDNPPercentage4XXAlertState": "true", - "PIPBytesInDDoSPolicyEffect": "disabled", + "VNETDDOSAttackThreshold": "1", + "FDBackendHealthPolicyEffect": "deployIfNotExists", + "AGWResponseStatusEvaluationFrequency": "PT1M", + "LBHealthProbeStatusEvaluationFrequency": "PT1M", + "AGWBackendLastByteResponseTimePolicyEffect": "deployIfNotExists", + "AGWUnhealthyHostCountAlertState": "true", "LBHealthProbeStatusAlertState": "true", - "PIPVIPAvailabilityAlertSeverity": "1", - "CDNPOriginLatencyAlertSeverity": "2", - "LBDatapathAvailabilityPolicyEffect": "deployIfNotExists", - "TMEndpointHealthWindowSize": "PT5M", - "LBGlobalBackendAvailabilityAlertSeverity": "0", - "LBUsedSNATPortsAlertState": "true", - "TMEndpointHealthEvaluationFrequency": "PT1M", - "AGWFailedRequestsAlertState": "true", - "FDBackendHealthWindowSize": "PT5M", - "FDBackendHealthAlertState": "true", - "PIPBytesInDDoSAlertState": "true", - "LBUsedSNATPortsEvaluationFrequency": "PT1M", - "CDNPOriginLatencyAlertState": "true", + "PIPPacketsInDDoSPolicyEffect": "disabled", + "PIPPacketsInDDoSThreshold": "40000", + "AGWCapacityUnitsAlertState": "true", "PIPVIPAvailabilityEvaluationFrequency": "PT1M", - "CDNPPercentage5XXWindowSize": "PT5M", - "LBDatapathAvailabilityWindowSize": "PT5M", - "AGWApplicationGatewayTotalTimeWindowSize": "PT5M", + "AGWUnhealthyHostCountEvaluationFrequency": "PT1M", + "AGWApplicationGatewayTotalTimeAlertSeverity": "2", + "AGWCPUUtilEvaluationFrequency": "PT1M", "AGWComputeUnitsAlertState": "true", - "PIPDDoSAttackAlertSeverity": "1", - "TMEndpointHealthAlertState": "true", - "AGWCapacityUnitsEvaluationFrequency": "PT1M", - "TMEndpointHealthAlertSeverity": "2", + "AGWUnhealthyHostCountWindowSize": "PT5M", + "CDNPOriginLatencyPolicyEffect": "disabled", + "AGWCPUUtilAlertSeverity": "2", + "LBUsedSNATPortsAlertSeverity": "1", + "FDBackendHealthAlertState": "true", + "LBHealthProbeStatusWindowSize": "PT5M", + "AGWComputeUnitsAlertSeverity": "2", + "AGWBackendLastByteResponseTimeAlertSensitivity": "Medium", + "LBHealthProbeStatusAlertSeverity": "2", + "LBGlobalBackendAvailabilityAlertState": "true", + "AGWFailedRequestsEvaluationFrequency": "PT1M", + "FDBackendHealthWindowSize": "PT5M", + "PIPVIPAvailabilityAlertSeverity": "1", + "LBUsedSNATPortsPolicyEffect": "deployIfNotExists", + "CDNPPercentage5XXEvaluationFrequency": "PT1M", + "AGWCPUUtilWindowSize": "PT5M", + "LBGlobalBackendAvailabilityEvaluationFrequency": "PT1M", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], + "AGWUnhealthyHostCountAlertSeverity": "2", "AGWCPUUtilPolicyEffect": "deployIfNotExists", - "AGWFailedRequestsAlertSensitivity": "Medium", - "PIPDDoSAttackPolicyEffect": "deployIfNotExists", - "AGWResponseStatusWindowSize": "PT5M", - "AGWApplicationGatewayTotalTimeAlertState": "true", - "AGWCapacityUnitsPolicyEffect": "deployIfNotExists", + "ALZMonitorDisableTagName": "MonitorDisable", + "PIPBytesInDDoSAlertSeverity": "4", + "CDNPPercentage5XXWindowSize": "PT5M", "AGWUnhealthyHostCountPolicyEffect": "deployIfNotExists", - "AGWBackendLastByteResponseTimeAlertSeverity": "2", - "FDBackendRequestLatencyAlertState": "true", - "LBHealthProbeStatusEvaluationFrequency": "PT1M", - "CDNPPercentage5XXPolicyEffect": "deployIfNotExists", - "VNETDDOSAttackPolicyEffect": "deployIfNotExists", - "LBGlobalBackendAvailabilityPolicyEffect": "deployIfNotExists", - "PIPVIPAvailabilityWindowSize": "PT5M", - "PIPBytesInDDoSThreshold": "8000000", - "LBDatapathAvailabilityAlertState": "true", - "VNETDDOSAttackThreshold": "1", - "VNETDDOSAttackAlertSeverity": "1", - "AGWFailedRequestsEvaluationFrequency": "PT1M", - "LBHealthProbeStatusAlertSeverity": "2", - "LBUsedSNATPortsWindowSize": "PT5M", + "PIPDDoSAttackAlertSeverity": "1", "CDNPPercentage4XXEvaluationFrequency": "PT1M", - "CDNPPercentage4XXPolicyEffect": "deployIfNotExists", - "FDBackendRequestLatencyAlertSeverity": "2", - "PIPBytesInDDoSWindowSize": "PT5M", - "AGWResponseStatusAlertSeverity": "2", - "PIPPacketsInDDoSPolicyEffect": "disabled", - "FDBackendHealthEvaluationFrequency": "PT1M" + "CDNPPercentage5XXAlertState": "true", + "AGWFailedRequestsWindowSize": "PT5M", + "LBGlobalBackendAvailabilityAlertSeverity": "0", + "FDBackendRequestLatencyWindowSize": "PT5M", + "TMEndpointHealthPolicyEffect": "deployIfNotExists", + "VNETDDOSAttackAlertSeverity": "1", + "AGWFailedRequestsAlertState": "true", + "TMEndpointHealthEvaluationFrequency": "PT1M", + "VNETDDOSAttackEvaluationFrequency": "PT1M", + "AGWResponseStatusAlertState": "true", + "CDNPOriginHealthPercentageAlertState": "true", + "AGWBackendLastByteResponseTimeEvaluationFrequency": "PT1M", + "TMEndpointHealthAlertSeverity": "2", + "CDNPOriginHealthPercentageAlertSeverity": "2", + "PIPDDoSAttackPolicyEffect": "deployIfNotExists", + "AGWFailedRequestsPolicyEffect": "deployIfNotExists", + "VNETDDOSAttackWindowSize": "PT5M" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-management-policySet.jsonc b/Definitions/policyAssignments/alerting-management-policySet.jsonc index 732fd6a..de36a2b 100644 --- a/Definitions/policyAssignments/alerting-management-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-management-policySet.jsonc @@ -20,51 +20,51 @@ "_deployed_by_amba": true }, "parameters": { - "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", - "LAWDailyCapLimitOperator": "GreaterThan", - "StorageAccountAvailabilityThreshold": "90", - "LAWDailyCapLimitWindowSize": "PT5M", - "LAWDailyCapLimitTimeAggregation": "Count", - "StorageAccountDeletePolicyEffect": "deployIfNotExists", - "AATotalJobAlertThreshold": "20", - "ALZMonitorDisableTagName": "MonitorDisable", - "activityLAWDeletePolicyEffect": "deployIfNotExists", - "LAWDailyCapLimitThreshold": "0", - "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "LAWDailyCapLimitEvaluationPeriods": "1", - "StorageAccountAvailabilityFrequency": "PT5M", - "AATotalJobAlertWindowSize": "PT5M", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "StorageAccountAvailabilityAlertState": "true", - "ALZMonitorResourceGroupLocation": "eastus", - "StorageAccountDeleteAlertState": "true", - "LAWDailyCapLimitAlertState": "true", - "AATotalJobAlertEvaluationFrequency": "PT1M", - "BYOUserAssignedManagedIdentityResourceId": "", - "LAWDailyCapLimitEvaluationFrequency": "PT5M", - "AATotalJobAlertAlertState": "true", - "StorageAccountAvailabilityWindowSize": "PT5M", - "activityLAWDeleteAlertState": "true", - "LAWDailyCapLimitAutoMitigate": "true", - "StorageAccountAvailabilityAlertSeverity": "1", - "activityLAWKeyRegenPolicyEffect": "deployIfNotExists", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", + "LAWDailyCapLimitOperator": "GreaterThan", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, "activityLAWKeyRegenAlertState": "true", - "LAWDailyCapLimitFailingPeriods": "1", "RVBackupHealthMonitorPolicyEffect": "modify", - "LAWDailyCapLimitSeverity": "1", + "LAWDailyCapLimitAutoMitigate": "true", + "LAWDailyCapLimitFailingPeriods": "1", + "StorageAccountAvailabilityFrequency": "PT5M", + "AATotalJobAlertAlertState": "true", + "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", + "ALZMonitorDisableTagName": "MonitorDisable", + "activityLAWKeyRegenPolicyEffect": "deployIfNotExists", + "AATotalJobAlertWindowSize": "PT5M", + "StorageAccountAvailabilityThreshold": "90", "AATotalJobAlertSeverity": "2", + "LAWDailyCapLimitThreshold": "0", + "LAWDailyCapLimitSeverity": "1", + "StorageAccountAvailabilityWindowSize": "PT5M", "StorageAccountAvailabilityPolicyEffect": "deployIfNotExists", + "LAWDailyCapLimitAlertState": "true", + "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", + "BYOUserAssignedManagedIdentityResourceId": "", + "AATotalJobAlertEvaluationFrequency": "PT1M", "LAWDailyCapLimitPolicyEffect": "deployIfNotExists", - "AATotalJobAlertPolicyEffect": "deployIfNotExists" + "AATotalJobAlertThreshold": "20", + "activityLAWDeleteAlertState": "true", + "AATotalJobAlertPolicyEffect": "deployIfNotExists", + "StorageAccountDeletePolicyEffect": "deployIfNotExists", + "StorageAccountAvailabilityAlertSeverity": "1", + "LAWDailyCapLimitEvaluationPeriods": "1", + "StorageAccountDeleteAlertState": "true", + "StorageAccountAvailabilityAlertState": "true", + "LAWDailyCapLimitTimeAggregation": "Count", + "ALZMonitorResourceGroupLocation": "eastus", + "LAWDailyCapLimitWindowSize": "PT5M", + "activityLAWDeletePolicyEffect": "deployIfNotExists", + "LAWDailyCapLimitEvaluationFrequency": "PT5M" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-networkchanges-policySet.jsonc b/Definitions/policyAssignments/alerting-networkchanges-policySet.jsonc index 81e4f67..27bfb28 100644 --- a/Definitions/policyAssignments/alerting-networkchanges-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-networkchanges-policySet.jsonc @@ -20,16 +20,16 @@ "_deployed_by_amba": true }, "parameters": { + "activityNSGDeletePolicyEffect": "deployIfNotExists", + "activityNSGDeleteAlertState": "true", "activityUDRUpdateAlertState": "true", "ALZMonitorDisableTagName": "MonitorDisable", - "activityNSGDeleteAlertState": "true", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "activityUDRUpdatePolicyEffect": "deployIfNotExists", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", "ALZMonitorResourceGroupLocation": "eastus", - "activityNSGDeletePolicyEffect": "deployIfNotExists", + "activityUDRUpdatePolicyEffect": "deployIfNotExists", "ALZMonitorDisableTagValues": [ "true", "Test", diff --git a/Definitions/policyAssignments/alerting-recoveryservices-policySet.jsonc b/Definitions/policyAssignments/alerting-recoveryservices-policySet.jsonc index 4e5a5d0..f64d639 100644 --- a/Definitions/policyAssignments/alerting-recoveryservices-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-recoveryservices-policySet.jsonc @@ -20,13 +20,13 @@ "_deployed_by_amba": true }, "parameters": { + "ALZMonitorDisableTagName": "MonitorDisable", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "ALZMonitorDisableTagName": "MonitorDisable", "RVBackupHealthMonitorPolicyEffect": "modify" }, "scope": { diff --git a/Definitions/policyAssignments/alerting-servicehealth-policySet.jsonc b/Definitions/policyAssignments/alerting-servicehealth-policySet.jsonc index 7eef589..16ec73f 100644 --- a/Definitions/policyAssignments/alerting-servicehealth-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-servicehealth-policySet.jsonc @@ -20,38 +20,38 @@ "_deployed_by_amba": true }, "parameters": { - "ALZMonitorDisableTagName": "MonitorDisable", - "ALZWebhookServiceUri": [], - "serviceHealthAdvisoryPolicyEffect": "deployIfNotExists", - "svcHlthSecAdvisoryAlertState": "true", - "ALZMonitorResourceGroupLocation": "eastus", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "serviceHealthMaintenancePolicyEffect": "deployIfNotExists", "ALZFunctionTriggerUrl": "", + "BYOActionGroup": [], + "serviceHealthIncidentPolicyEffect": "deployIfNotExists", + "SvcHlthMaintenanceAlertState": "true", + "SvcHlthIncidentAlertState": "true", + "BYOAlertProcessingRule": "", + "serviceHealthMaintenancePolicyEffect": "deployIfNotExists", + "serviceHealthSecurityPolicyEffect": "deployIfNotExists", + "ALZMonitorActionGroupEmail": [], "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "ResHlthUnhealthyAlertState": "true", - "ResHlthUnhealthyPolicyEffect": "deployIfNotExists", - "SvcHlthAdvisoryAlertState": "true", - "ALZFunctionResourceId": "", + "ALZWebhookServiceUri": [], + "ALZEventHubResourceId": [], + "ALZMonitorResourceGroupLocation": "eastus", + "ALZLogicappCallbackUrl": "", + "serviceHealthAdvisoryPolicyEffect": "deployIfNotExists", + "svcHlthSecAdvisoryAlertState": "true", + "ALZMonitorDisableTagName": "MonitorDisable", "ALZArmRoleId": [], + "ALZFunctionResourceId": "", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "serviceHealthSecurityPolicyEffect": "deployIfNotExists", - "SvcHlthIncidentAlertState": "true", - "serviceHealthIncidentPolicyEffect": "deployIfNotExists", + "ResHlthUnhealthyAlertState": "true", + "SvcHlthAdvisoryAlertState": "true", + "ResHlthUnhealthyPolicyEffect": "deployIfNotExists", "ALZLogicappResourceId": "", - "BYOAlertProcessingRule": "", - "ALZMonitorActionGroupEmail": [], - "ALZEventHubResourceId": [], - "BYOActionGroup": [], - "ALZLogicappCallbackUrl": "", - "SvcHlthMaintenanceAlertState": "true" + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-storage-policySet.jsonc b/Definitions/policyAssignments/alerting-storage-policySet.jsonc index bc99b13..930e995 100644 --- a/Definitions/policyAssignments/alerting-storage-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-storage-policySet.jsonc @@ -20,26 +20,26 @@ "_deployed_by_amba": true }, "parameters": { - "StorageAccountAvailabilityAlertSeverity": "1", - "StorageAccountAvailabilityFrequency": "PT5M", - "StorageAccountAvailabilityWindowSize": "PT5M", - "ALZMonitorResourceGroupLocation": "eastus", - "StorageAccountAvailabilityPolicyEffect": "deployIfNotExists", + "StorageAccountAvailabilityThreshold": "90", + "StorageAccountDeleteAlertState": "true", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "StorageAccountDeleteAlertState": "true", - "StorageAccountAvailabilityThreshold": "90", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", + "StorageAccountAvailabilityFrequency": "PT5M", + "ALZMonitorResourceGroupLocation": "eastus", + "StorageAccountAvailabilityAlertState": "true", + "ALZMonitorDisableTagName": "MonitorDisable", + "StorageAccountAvailabilityWindowSize": "PT5M", + "StorageAccountDeletePolicyEffect": "deployIfNotExists", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], - "StorageAccountDeletePolicyEffect": "deployIfNotExists", - "ALZMonitorDisableTagName": "MonitorDisable", - "StorageAccountAvailabilityAlertState": "true" + "StorageAccountAvailabilityPolicyEffect": "deployIfNotExists", + "StorageAccountAvailabilityAlertSeverity": "1", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-vm-policySet.jsonc b/Definitions/policyAssignments/alerting-vm-policySet.jsonc index b5c4f11..e0fc057 100644 --- a/Definitions/policyAssignments/alerting-vm-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-vm-policySet.jsonc @@ -20,185 +20,185 @@ "_deployed_by_amba": true }, "parameters": { - "VMHeartBeatRGWindowSize": "PT6H", - "VMNetworkOutAutoResolve": "true", - "VMDataDiskSpaceTimeAggregation": "Count", - "VMNetworkInAutoResolveTime": "00:10:00", - "VMHeartBeatRGAutoResolve": "true", - "VMOSDiskSpaceAlertSeverity": "2", - "VMNetworkOutOperator": "GreaterThan", - "VMOSDiskSpaceTimeAggregation": "Count", - "VMOSDiskReadLatencyAlertState": "true", - "VMNetworkInEvaluationPeriods": "1", - "VMOSDiskSpaceFailingPeriods": "1", - "VMHeartBeatRGAutoResolveTime": "00:10:00", - "VMDataDiskWriteLatencyEvaluationPeriods": "1", - "VMOSDiskReadLatencyComputersToInclude": [ - "*" - ], - "ALZMonitorResourceGroupLocation": "eastus", - "VMDataDiskReadLatencyPolicyEffect": "deployIfNotExists", - "VMPercentMemoryEvaluationFrequency": "PT5M", - "VMNetworkOutComputersToInclude": [ - "*" - ], - "VMPercentMemoryTimeAggregation": "Count", - "VMDataDiskSpaceAutoResolve": "true", - "VMDataDiskReadLatencyOperator": "GreaterThan", - "VMDataDiskSpaceThreshold": "10", - "VMNetworkInAlertState": "true", - "VMPercentMemoryAlertState": "true", + "VMDataDiskReadLatencyEvaluationPeriods": "1", + "VMOSDiskReadLatencyThreshold": "30", "VMNetworkInComputersToInclude": [ "*" ], - "VMNetworkOutAlertSeverity": "2", - "VMDataDiskSpaceAlertSeverity": "2", - "VMPercentCPUThreshold": "85", - "VMNetworkInOperator": "GreaterThan", - "VMDataDiskReadLatencyAutoMitigate": "true", - "VMNetworkOutAutoResolveTime": "00:10:00", - "VMPercentMemoryWindowSize": "PT15M", + "VMPercentMemoryAlertSeverity": "2", + "VMHeartBeatRGPolicyEffect": "deployIfNotExists", "VMDataDiskSpaceEvaluationFrequency": "PT5M", - "VMPercentMemoryAutoResolve": "true", - "VMOSDiskSpaceAutoResolve": "true", - "VMPercentCPUAlertSeverity": "2", - "VMPercentMemoryPolicyEffect": "deployIfNotExists", - "VMPercentCPUFailingPeriods": "1", - "VMDataDiskWriteLatencyComputersToInclude": [ - "*" - ], + "VMNetworkInPolicyEffect": "deployIfNotExists", + "VMPercentMemoryAlertState": "true", + "VMNetworkOutAutoResolveTime": "00:10:00", + "VMNetworkInFailingPeriods": "1", + "VMDataDiskSpaceOperator": "GreaterThan", + "VMNetworkInAlertSeverity": "2", + "VMDataDiskWriteLatencyThreshold": "30", + "VMOSDiskWriteLatencyOperator": "GreaterThan", + "VMOSDiskWriteLatencyAlertState": "true", "VMNetworkOutAlertState": "true", + "VMDataDiskSpaceFailingPeriods": "1", + "VMNetworkInEvaluationFrequency": "PT5M", + "VMNetworkOutAlertSeverity": "2", + "VMDataDiskSpaceThreshold": "10", + "VMDataDiskSpacePolicyEffect": "deployIfNotExists", + "VMDataDiskWriteLatencyEvaluationPeriods": "1", + "VMNetworkInAlertState": "true", "VMHeartBeatRGThreshold": "10", - "VMDataDiskReadLatencyAlertSeverity": "2", - "VMHeartBeatRGFailingPeriods": "1", - "VMDataDiskWriteLatencyThreshold": "30", - "VMPercentCPUAutoResolve": "true", + "VMPercentMemoryAutoResolve": "true", + "VMDataDiskSpaceEvaluationPeriods": "1", "VMHeartBeatRGComputersToInclude": [ "*" ], - "VMDataDiskWriteLatencyAlertSeverity": "2", - "VMOSDiskWriteLatencyAlertSeverity": "2", - "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", - "VMOSDiskWriteLatencyTimeAggregation": "Count", - "VMHeartBeatRGAlertSeverity": "1", - "VMDataDiskReadLatencyAlertState": "true", - "VMDataDiskSpaceFailingPeriods": "1", "VMPercentMemoryThreshold": "10", - "VMDataDiskReadLatencyEvaluationFrequency": "PT5M", - "VMDataDiskWriteLatencyAutoMitigate": "true", - "VMHeartBeatRGAutoMitigate": "true", - "VMOSDiskReadLatencyAutoResolveTime": "00:10:00", + "VMOSDiskSpaceFailingPeriods": "1", + "VMPercentCPUTimeAggregation": "Count", + "VMDataDiskWriteLatencyAutoResolve": "true", + "VMOSDiskWriteLatencyEvaluationFrequency": "PT5M", + "VMOSDiskWriteLatencyFailingPeriods": "1", "VMPercentCPUEvaluationFrequency": "PT5M", - "VMPercentMemoryOperator": "GreaterThan", - "VMDataDiskWriteLatencyAutoResolveTime": "00:10:00", - "VMOSDiskWriteLatencyComputersToInclude": [ - "*" - ], - "VMOSDiskReadLatencyTimeAggregation": "Count", - "VMPercentCPUAlertState": "true", - "VMOSDiskReadLatencyPolicyEffect": "deployIfNotExists", - "VMDataDiskSpaceWindowSize": "PT15M", - "VMDataDiskSpaceAutoResolveTime": "00:10:00", - "VMNetworkOutEvaluationFrequency": "PT5M", - "VMDataDiskSpaceEvaluationPeriods": "1", - "VMPercentCPUWindowSize": "PT15M", - "VMNetworkOutEvaluationPeriods": "1", - "VMNetworkInPolicyEffect": "deployIfNotExists", "VMDataDiskWriteLatencyFailingPeriods": "1", - "VMDataDiskWriteLatencyAutoResolve": "true", - "VMHeartBeatRGEvaluationFrequency": "PT5M", - "VMOSDiskSpaceAlertState": "true", - "VMOSDiskSpaceAutoMitigate": "true", - "VMOSDiskSpaceOperator": "GreaterThan", - "VMDataDiskReadLatencyFailingPeriods": "1", - "VMOSDiskSpaceEvaluationFrequency": "PT5M", - "VMNetworkOutPolicyEffect": "deployIfNotExists", - "VMDataDiskSpaceAutoMitigate": "true", - "VMDataDiskSpacePolicyEffect": "deployIfNotExists", - "VMHeartBeatRGPolicyEffect": "deployIfNotExists", - "VMDataDiskWriteLatencyEvaluationFrequency": "PT5M", - "VMOSDiskSpaceWindowSize": "PT15M", - "VMDataDiskWriteLatencyAlertState": "true", - "VMOSDiskSpaceComputersToInclude": [ - "*" - ], - "VMHeartBeatRGOperator": "GreaterThan", - "VMNetworkInFailingPeriods": "1", - "VMNetworkOutWindowSize": "PT15M", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", - "VMNetworkInAutoResolve": "true", - "VMDataDiskReadLatencyAutoResolve": "true", - "VMDataDiskReadLatencyThreshold": "30", - "VMDataDiskSpaceAlertState": "true", + "VMNetworkInThreshold": "10000000", + "VMHeartBeatRGAlertSeverity": "1", "VMOSDiskReadLatencyOperator": "GreaterThan", - "VMOSDiskWriteLatencyFailingPeriods": "1", - "VMOSDiskWriteLatencyWindowSize": "PT15M", - "VMPercentMemoryAutoMitigate": "true", - "VMNetworkInWindowSize": "PT15M", - "VMOSDiskWriteLatencyEvaluationPeriods": "1", - "VMOSDiskWriteLatencyPolicyEffect": "deployIfNotExists", - "VMNetworkOutTimeAggregation": "Count", - "VMNetworkInAlertSeverity": "2", - "VMPercentMemoryAlertSeverity": "2", + "VMDataDiskSpaceWindowSize": "PT15M", + "VMDataDiskWriteLatencyPolicyEffect": "deployIfNotExists", + "VMPercentMemoryEvaluationFrequency": "PT5M", + "VMOSDiskSpaceEvaluationPeriods": "1", + "VMPercentMemoryPolicyEffect": "deployIfNotExists", + "VMDataDiskReadLatencyFailingPeriods": "1", + "VMDataDiskSpaceAutoResolveTime": "00:10:00", + "VMDataDiskReadLatencyOperator": "GreaterThan", + "VMDataDiskWriteLatencyWindowSize": "PT15M", + "VMNetworkInOperator": "GreaterThan", "VMDataDiskReadLatencyWindowSize": "PT15M", "VMOSDiskWriteLatencyAutoMitigate": "true", - "VMNetworkOutAutoMitigate": "true", - "VMOSDiskReadLatencyAlertSeverity": "2", + "VMHeartBeatRGAlertState": "true", + "VMHeartBeatRGOperator": "GreaterThan", + "VMOSDiskSpaceAutoResolveTime": "00:10:00", + "VMHeartBeatRGFailingPeriods": "1", "VMPercentCPUAutoMitigate": "true", - "VMOSDiskWriteLatencyAlertState": "true", - "VMPercentMemoryFailingPeriods": "1", - "VMDataDiskWriteLatencyTimeAggregation": "Count", - "VMPercentCPUOperator": "GreaterThan", - "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", - "VMOSDiskReadLatencyWindowSize": "PT15M", + "VMNetworkInAutoResolve": "true", + "VMNetworkOutWindowSize": "PT15M", + "VMPercentCPUFailingPeriods": "1", + "VMNetworkInAutoResolveTime": "00:10:00", + "VMPercentCPUWindowSize": "PT15M", + "VMDataDiskReadLatencyAutoMitigate": "true", "VMOSDiskWriteLatencyAutoResolveTime": "00:10:00", - "VMNetworkOutThreshold": "10000000", - "VMNetworkInTimeAggregation": "Count", + "VMOSDiskSpaceOperator": "GreaterThan", + "ALZMonitorResourceGroupLocation": "eastus", "VMNetworkInAutoMitigate": "true", - "VMHeartBeatRGAlertState": "true", - "VMOSDiskWriteLatencyAutoResolve": "true", + "VMDataDiskSpaceTimeAggregation": "Count", + "VMOSDiskSpaceAutoMitigate": "true", + "VMPercentMemoryTimeAggregation": "Count", + "VMDataDiskReadLatencyEvaluationFrequency": "PT5M", + "VMPercentCPUAlertSeverity": "2", + "VMNetworkOutEvaluationPeriods": "1", + "VMOSDiskReadLatencyAutoMitigate": "true", + "VMOSDiskReadLatencyAlertState": "true", + "VMOSDiskReadLatencyAutoResolveTime": "00:10:00", + "VMOSDiskWriteLatencyAlertSeverity": "2", + "VMOSDiskReadLatencyAlertSeverity": "2", + "VMDataDiskSpaceAlertState": "true", + "VMOSDiskSpacePolicyEffect": "deployIfNotExists", "VMOSDiskReadLatencyEvaluationPeriods": "1", - "VMDataDiskWriteLatencyWindowSize": "PT15M", - "VMNetworkInThreshold": "10000000", - "VMNetworkOutFailingPeriods": "1", - "VMOSDiskWriteLatencyOperator": "GreaterThan", - "VMDataDiskSpaceOperator": "GreaterThan", - "VMOSDiskReadLatencyEvaluationFrequency": "PT5M", - "VMOSDiskReadLatencyFailingPeriods": "1", - "VMDataDiskWriteLatencyOperator": "GreaterThan", - "VMPercentCPUTimeAggregation": "Count", + "VMNetworkInWindowSize": "PT15M", + "VMNetworkInTimeAggregation": "Count", + "VMOSDiskSpaceComputersToInclude": [ + "*" + ], + "VMHeartBeatRGTimeAggregation": "Count", + "ALZMonitorDisableTagValues": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "VMOSDiskWriteLatencyAutoResolve": "true", "VMPercentCPUPolicyEffect": "deployIfNotExists", - "VMOSDiskSpacePolicyEffect": "deployIfNotExists", - "VMOSDiskWriteLatencyThreshold": "30", + "VMOSDiskWriteLatencyPolicyEffect": "deployIfNotExists", + "ALZMonitorDisableTagName": "MonitorDisable", + "VMNetworkOutComputersToInclude": [ + "*" + ], + "VMOSDiskSpaceAutoResolve": "true", + "VMHeartBeatRGAutoResolveTime": "00:10:00", + "VMHeartBeatRGAutoResolve": "true", + "VMPercentMemoryAutoMitigate": "true", + "VMPercentCPUAutoResolve": "true", + "VMPercentCPUThreshold": "85", "VMDataDiskReadLatencyAutoResolveTime": "00:10:00", + "VMDataDiskWriteLatencyAutoResolveTime": "00:10:00", + "VMDataDiskWriteLatencyAutoMitigate": "true", + "VMNetworkOutPolicyEffect": "deployIfNotExists", + "VMOSDiskWriteLatencyWindowSize": "PT15M", + "VMHeartBeatRGWindowSize": "PT6H", "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, - "VMNetworkInEvaluationFrequency": "PT5M", - "VMOSDiskWriteLatencyEvaluationFrequency": "PT5M", - "BYOUserAssignedManagedIdentityResourceId": "", - "VMOSDiskReadLatencyThreshold": "30", - "VMHeartBeatRGTimeAggregation": "Count", - "VMPercentMemoryAutoResolveTime": "00:10:00", + "VMOSDiskReadLatencyComputersToInclude": [ + "*" + ], + "VMNetworkInEvaluationPeriods": "1", + "VMPercentCPUOperator": "GreaterThan", + "VMOSDiskReadLatencyTimeAggregation": "Count", "VMDataDiskReadLatencyTimeAggregation": "Count", - "VMDataDiskReadLatencyComputersToInclude": [ + "VMDataDiskReadLatencyThreshold": "30", + "VMNetworkOutOperator": "GreaterThan", + "VMOSDiskSpaceTimeAggregation": "Count", + "VMDataDiskWriteLatencyComputersToInclude": [ "*" ], - "VMOSDiskReadLatencyAutoResolve": "true", - "ALZMonitorDisableTagValues": [ - "true", - "Test", - "Dev", - "Sandbox" + "VMNetworkOutFailingPeriods": "1", + "VMOSDiskSpaceWindowSize": "PT15M", + "VMDataDiskReadLatencyAlertSeverity": "2", + "VMDataDiskReadLatencyAlertState": "true", + "ALZUserAssignedManagedIdentityName": "id-amba-prod-001", + "VMOSDiskWriteLatencyTimeAggregation": "Count", + "VMDataDiskReadLatencyPolicyEffect": "deployIfNotExists", + "VMDataDiskReadLatencyComputersToInclude": [ + "*" ], - "VMOSDiskSpaceEvaluationPeriods": "1", - "VMDataDiskReadLatencyEvaluationPeriods": "1", + "VMDataDiskWriteLatencyAlertSeverity": "2", "VMPercentCPUAutoResolveTime": "00:10:00", - "ALZMonitorDisableTagName": "MonitorDisable", + "VMNetworkOutEvaluationFrequency": "PT5M", + "VMPercentMemoryAutoResolveTime": "00:10:00", + "VMOSDiskWriteLatencyThreshold": "30", + "VMPercentMemoryOperator": "GreaterThan", + "VMOSDiskWriteLatencyComputersToInclude": [ + "*" + ], + "VMOSDiskSpaceAlertSeverity": "2", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", + "VMNetworkOutTimeAggregation": "Count", + "VMOSDiskReadLatencyPolicyEffect": "deployIfNotExists", + "VMDataDiskWriteLatencyOperator": "GreaterThan", + "VMNetworkOutThreshold": "10000000", + "VMDataDiskReadLatencyAutoResolve": "true", + "VMDataDiskSpaceAlertSeverity": "2", + "VMPercentCPUAlertState": "true", + "VMDataDiskWriteLatencyAlertState": "true", + "VMDataDiskSpaceAutoMitigate": "true", + "VMPercentMemoryWindowSize": "PT15M", + "VMHeartBeatRGAutoMitigate": "true", + "VMOSDiskWriteLatencyEvaluationPeriods": "1", + "VMOSDiskReadLatencyFailingPeriods": "1", + "VMOSDiskSpaceAlertState": "true", + "VMDataDiskSpaceAutoResolve": "true", "VMOSDiskSpaceThreshold": "10", - "VMDataDiskWriteLatencyPolicyEffect": "deployIfNotExists", - "VMOSDiskReadLatencyAutoMitigate": "true", - "VMOSDiskSpaceAutoResolveTime": "00:10:00" + "BYOUserAssignedManagedIdentityResourceId": "", + "VMHeartBeatRGEvaluationFrequency": "PT5M", + "VMPercentMemoryFailingPeriods": "1", + "ALZManagementSubscriptionId": "8da8d616-a90e-446a-9098-ad7381ce56a7", + "VMNetworkOutAutoMitigate": "true", + "VMNetworkOutAutoResolve": "true", + "VMDataDiskWriteLatencyEvaluationFrequency": "PT5M", + "VMDataDiskWriteLatencyTimeAggregation": "Count", + "VMOSDiskSpaceEvaluationFrequency": "PT5M", + "VMOSDiskReadLatencyWindowSize": "PT15M", + "VMOSDiskReadLatencyEvaluationFrequency": "PT5M", + "VMOSDiskReadLatencyAutoResolve": "true" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/alerting-web-policySet.jsonc b/Definitions/policyAssignments/alerting-web-policySet.jsonc index 7502563..29911d7 100644 --- a/Definitions/policyAssignments/alerting-web-policySet.jsonc +++ b/Definitions/policyAssignments/alerting-web-policySet.jsonc @@ -20,35 +20,35 @@ "_deployed_by_amba": true }, "parameters": { - "WSFHttpQueueLengthWindowSize": "PT5M", - "ALZMonitorDisableTagName": "MonitorDisable", - "WSFCPUPercentageThreshold": "90", - "WSFHttpQueueLengthPolicyEffect": "deployIfNotExists", + "WSFCPUPercentageAlertSeverity": "2", + "WSFMemoryPercentagePolicyEffect": "deployIfNotExists", + "WSFMemoryPercentageAlertState": "true", + "WSFDiskQueueLengthWindowSize": "PT5M", + "WSFCPUPercentageWindowSize": "PT5M", "WSFHttpQueueLengthEvaluationFrequency": "PT1M", + "WSFCPUPercentageAlertState": "true", "WSFMemoryPercentageEvaluationFrequency": "PT1M", - "WSFDiskQueueLengthPolicyEffect": "deployIfNotExists", - "WSFCPUPercentageWindowSize": "PT5M", + "WSFHttpQueueLengthAlertState": "true", + "WSFDiskQueueLengthAlertState": "true", "WSFCPUPercentagePolicyEffect": "deployIfNotExists", - "WSFMemoryPercentageThreshold": "85", - "WSFCPUPercentageAlertState": "true", - "WSFCPUPercentageEvaluationFrequency": "PT1M", - "WSFDiskQueueLengthEvaluationFrequency": "PT1M", - "WSFMemoryPercentageAlertSeverity": "2", + "WSFMemoryPercentageWindowSize": "PT5M", + "WSFCPUPercentageThreshold": "90", + "ALZMonitorDisableTagName": "MonitorDisable", + "WSFHttpQueueLengthPolicyEffect": "deployIfNotExists", + "WSFHttpQueueLengthAlertSeverity": "2", + "WSFHttpQueueLengthWindowSize": "PT5M", "ALZMonitorDisableTagValues": [ "true", "Test", "Dev", "Sandbox" ], + "WSFCPUPercentageEvaluationFrequency": "PT1M", + "WSFDiskQueueLengthPolicyEffect": "deployIfNotExists", + "WSFMemoryPercentageAlertSeverity": "2", "WSFDiskQueueLengthAlertSeverity": "2", - "WSFMemoryPercentageAlertState": "true", - "WSFCPUPercentageAlertSeverity": "2", - "WSFHttpQueueLengthAlertSeverity": "2", - "WSFMemoryPercentageWindowSize": "PT5M", - "WSFMemoryPercentagePolicyEffect": "deployIfNotExists", - "WSFDiskQueueLengthAlertState": "true", - "WSFDiskQueueLengthWindowSize": "PT5M", - "WSFHttpQueueLengthAlertState": "true" + "WSFMemoryPercentageThreshold": "85", + "WSFDiskQueueLengthEvaluationFrequency": "PT1M" }, "scope": { "amba": [ diff --git a/Definitions/policyAssignments/notification-assets-policySet.jsonc b/Definitions/policyAssignments/notification-assets-policySet.jsonc index 66693b8..5764181 100644 --- a/Definitions/policyAssignments/notification-assets-policySet.jsonc +++ b/Definitions/policyAssignments/notification-assets-policySet.jsonc @@ -20,13 +20,19 @@ "_deployed_by_amba": true }, "parameters": { - "ALZWebhookServiceUri": [], - "ALZMonitorResourceGroupLocation": "eastus", - "ALZMonitorResourceGroupName": "rg-amba-monitoring-001", "ALZFunctionTriggerUrl": "", + "BYOActionGroup": [], + "BYOAlertProcessingRule": "", + "ALZMonitorActionGroupEmail": [], "ALZMonitorResourceGroupTags": { "Project": "amba-monitoring" }, + "ALZWebhookServiceUri": [], + "ALZEventHubResourceId": [], + "ALZMonitorResourceGroupLocation": "eastus", + "ALZLogicappCallbackUrl": "", + "ALZMonitorDisableTagName": "MonitorDisable", + "ALZArmRoleId": [], "ALZFunctionResourceId": "", "ALZMonitorDisableTagValues": [ "true", @@ -34,14 +40,8 @@ "Dev", "Sandbox" ], - "BYOActionGroup": [], - "ALZMonitorDisableTagName": "MonitorDisable", - "BYOAlertProcessingRule": "", - "ALZMonitorActionGroupEmail": [], - "ALZEventHubResourceId": [], - "ALZLogicappCallbackUrl": "", - "ALZArmRoleId": [], - "ALZLogicappResourceId": "" + "ALZLogicappResourceId": "", + "ALZMonitorResourceGroupName": "rg-amba-monitoring-001" }, "scope": { "amba": [ diff --git a/Definitions/policyDefinitions/Automation/deploy_aa_totaljob_alert.jsonc b/Definitions/policyDefinitions/Automation/deploy_aa_totaljob_alert.jsonc index d33d7b1..a100fea 100644 --- a/Definitions/policyDefinitions/Automation/deploy_aa_totaljob_alert.jsonc +++ b/Definitions/policyDefinitions/Automation/deploy_aa_totaljob_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Automation Account TotalJob Alert", "mode": "All", "metadata": { - "category": "Automation", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.2.0", + "category": "Automation", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1M", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,34 +55,16 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "windowSize": { + "effect": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "deployIfNotExists", "type": "String" }, "MonitorDisableTagName": { @@ -93,10 +75,10 @@ "defaultValue": "MonitorDisable", "type": "String" }, - "enabled": { + "autoMitigate": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ "true", @@ -120,6 +102,24 @@ "defaultValue": "2", "type": "String" }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Automation/automationAccounts" + "equals": "Microsoft.Automation/automationAccounts", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Automation/automationAccounts" + "equals": "Microsoft.Automation/automationAccounts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TotalJob" + "equals": "TotalJob", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Automation/automationAccounts/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Automation/automationAccounts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-TotalJob-threshold-override_'), field('tags._amba-TotalJob-threshold-override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-TotalJob-threshold-override_'), field('tags._amba-TotalJob-threshold-override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -206,18 +206,18 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "severity": { "value": "[parameters('severity')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-TotalJob-threshold-override_'), field('tags._amba-TotalJob-threshold-override_'), parameters('threshold'))]" }, @@ -238,16 +238,16 @@ "evaluationFrequency": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "windowSize": { "type": "String" }, "threshold": { @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,27 +272,30 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "severity": { "value": "[parameters('severity')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "autoMitigate": "[parameters('autoMitigate')]", "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]", + "scopes": [ + "[parameters('resourceId')]" + ], "criteria": { "allOf": [ { @@ -314,10 +318,7 @@ } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" - }, - "scopes": [ - "[parameters('resourceId')]" - ] + } }, "location": "global", "apiVersion": "2018-03-01", @@ -327,7 +328,6 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_cpu_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_cpu_alert.jsonc index 36715f1..c264575 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_cpu_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_cpu_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM CPU Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.4.0", + "category": "Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,22 @@ "defaultValue": "PT5M", "type": "String" }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -56,24 +56,24 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "alertResourceGroupLocation": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, "defaultValue": "centralus", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,18 +87,30 @@ "defaultValue": "PT15M", "type": "String" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "alertResourceGroupName": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" }, "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -109,8 +121,8 @@ }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,36 +134,32 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "85", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" }, + "UAMIResourceId": { + "metadata": { + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." + }, + "defaultValue": "", + "type": "string" + }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -164,32 +172,24 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, "defaultValue": "1", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" @@ -206,8 +206,8 @@ }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -221,8 +221,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -234,56 +234,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighCPUAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighCPUAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -312,6 +311,9 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, @@ -321,24 +323,21 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -352,7 +351,6 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { @@ -370,6 +368,9 @@ "windowSize": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "alertResourceGroupName": { "type": "string" }, @@ -379,24 +380,21 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, + "UAMIResourceId": { + "type": "string" + }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" }, @@ -411,12 +409,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -437,7 +436,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -454,12 +452,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine CPU", "displayName": "[concat(subscription().displayName, '-VMHighCPUAlert')]", + "description": "Log Alert for Virtual Machine CPU", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" @@ -476,6 +475,9 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, @@ -485,18 +487,15 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -509,9 +508,9 @@ }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -525,8 +524,8 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": [ "*" ] @@ -547,9 +546,9 @@ "Microsoft.Compute/virtualMachines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMHighCPUAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -561,23 +560,24 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMCPUAlert", "apiVersion": "2019-10-01", + "name": "VMCPUAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskreadlatency_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskreadlatency_alert.jsonc index d7f2155..f4be5d0 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskreadlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskreadlatency_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM dataDiskReadLatency Alert", "mode": "All", "metadata": { - "category": "Compute", "_deployed_by_amba": "True", "version": "1.4.0", + "category": "Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -56,8 +60,28 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -68,8 +92,8 @@ }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -83,30 +107,20 @@ "defaultValue": "PT15M", "type": "String" }, - "MonitorDisableTagName": { + "alertResourceGroupTags": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "defaultValue": { + "Project": "amba-monitoring" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "type": "Object" }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -118,40 +132,22 @@ "defaultValue": "2", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { + "UAMIResourceId": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "centralus", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -164,60 +160,64 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "operator": { + "evaluationPeriods": { "metadata": { - "displayName": "Operator" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." + }, + "defaultValue": "1", + "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ - "GreaterThan" + "deployIfNotExists", + "disabled" ], - "defaultValue": "GreaterThan", + "defaultValue": "deployIfNotExists", "type": "String" }, - "UAMIResourceId": { + "computersToInclude": { "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "defaultValue": "", - "type": "string" + "defaultValue": [ + "*" + ], + "type": "array" }, - "evaluationPeriods": { + "operator": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Operator" }, - "defaultValue": "1", + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,128 +310,128 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "severity": { "value": "[parameters('severity')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "operator": { + "value": "[parameters('operator')]" + }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, "autoMitigate": { "type": "String" }, - "windowSize": { - "type": "String" - }, "MonitorDisableTagName": { "type": "String" }, "enabled": { "type": "String" }, - "severity": { + "windowSize": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "alertResourceGroupLocation": { + "severity": { + "type": "String" + }, + "UAMIResourceId": { "type": "string" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "operator": { + "evaluationPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "computersToInclude": { + "type": "array" }, - "evaluationPeriods": { + "operator": { "type": "String" }, "autoResolveTime": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "autoResolve": { "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -440,29 +440,28 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "UAMIResourceId": { @@ -470,39 +469,43 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine dataDiskReadLatency", "displayName": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]", + "description": "Log Alert for Virtual Machine dataDiskReadLatency", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -510,26 +513,23 @@ "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ @@ -544,13 +544,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -571,8 +571,8 @@ "Microsoft.Compute/virtualMachines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]", "tags": { "_deployed_by_amba": true @@ -585,9 +585,9 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "VMdataDiskReadLatencyAlert", @@ -596,14 +596,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskspace_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskspace_alert.jsonc index 479e112..006aece 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskspace_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskspace_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM data Disk Space Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", + "version": "1.4.0", + "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,26 +58,42 @@ ], "type": "Array" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "enabled": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "centralus", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,30 +107,20 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "alertResourceGroupTags": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "defaultValue": { + "Project": "amba-monitoring" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "type": "Object" }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,36 +132,22 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "UAMIResourceId": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -164,36 +160,42 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, "defaultValue": "1", "type": "String" }, - "autoResolveTime": { + "effect": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "true", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, + "computersToInclude": { + "metadata": { + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, "operator": { "metadata": { "displayName": "Operator" @@ -204,20 +206,18 @@ "defaultValue": "GreaterThan", "type": "String" }, - "computersToInclude": { + "autoResolveTime": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "defaultValue": [ - "*" - ], - "type": "array" + "defaultValue": "true", + "type": "String" }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]" + "equals": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -304,135 +303,136 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, + "autoMitigate": { + "type": "String" + }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "enabled": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" - }, - "enabled": { - "type": "String" + "alertResourceGroupTags": { + "type": "object" }, "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" + "UAMIResourceId": { + "type": "string" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" }, - "autoResolveTime": { - "type": "String" + "computersToInclude": { + "type": "array" }, "operator": { "type": "String" }, - "computersToInclude": { - "type": "array" + "autoResolveTime": { + "type": "String" }, "autoResolve": { "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -453,7 +453,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -470,39 +469,43 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine dataDiskSpace", "displayName": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]", + "description": "Log Alert for Virtual Machine dataDiskSpace", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -510,27 +513,24 @@ "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -544,13 +544,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -560,20 +560,20 @@ } ] }, + "scopes": [ + "[subscription().Id]" + ], "ruleResolveConfiguration": { "timeToResolve": "[parameters('autoResolveTime')]", "autoResolved": "[parameters('autoResolve')]" }, - "scopes": [ - "[subscription().Id]" - ], "targetResourceTypes": [ "Microsoft.Compute/virtualMachines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -585,20 +585,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMdataDiskSpaceAlert", "apiVersion": "2019-10-01", + "name": "VMdataDiskSpaceAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskwritelatency_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskwritelatency_alert.jsonc index d35ea75..1e8dfda 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_datadiskwritelatency_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_datadiskwritelatency_alert.jsonc @@ -6,31 +6,35 @@ "description": "Policy to audit/deploy VM dataDiskWriteLatency Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.4.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Compute" }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +45,18 @@ "defaultValue": "PT5M", "type": "String" }, + "UAMIResourceId": { + "metadata": { + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." + }, + "defaultValue": "", + "type": "string" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,78 +66,56 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "alertResourceGroupLocation": { + "effect": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "centralus", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, - "windowSize": { + "MonitorDisableTagName": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, - "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "PT24H" - ], - "defaultValue": "PT15M", + "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupName": { + "failingPeriods": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "defaultValue": "rg-amba-monitoring-001", + "defaultValue": "1", "type": "String" }, - "enabled": { + "computersToInclude": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "allowedValues": [ - "true", - "false" + "defaultValue": [ + "*" ], - "defaultValue": "true", - "type": "String" + "type": "array" }, - "severity": { + "evaluationPeriods": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -134,24 +124,14 @@ "defaultValue": "true", "type": "String" }, - "threshold": { + "autoResolveTime": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "defaultValue": "30", + "defaultValue": "true", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,35 +142,25 @@ "defaultValue": "Count", "type": "String" }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, - "UAMIResourceId": { + "alertResourceGroupTags": { "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "", - "type": "string" - }, - "evaluationPeriods": { - "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "defaultValue": { + "Project": "amba-monitoring" }, - "defaultValue": "1", - "type": "String" + "type": "Object" }, - "autoResolveTime": { + "enabled": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Alert State", + "description": "Alert state for the alert" }, + "allowedValues": [ + "true", + "false" + ], "defaultValue": "true", "type": "String" }, @@ -204,20 +174,35 @@ "defaultValue": "GreaterThan", "type": "String" }, - "computersToInclude": { + "windowSize": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Window Size", + "description": "Window size for the alert" }, - "defaultValue": [ - "*" + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" ], - "type": "array" + "defaultValue": "PT15M", + "type": "String" + }, + "threshold": { + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "30", + "type": "String" }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -225,14 +210,29 @@ ], "defaultValue": "true", "type": "String" + }, + "severity": { + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -245,55 +245,60 @@ "details": { "type": "Microsoft.Insights/scheduledQueryRules", "resourceGroupName": "[parameters('alertResourceGroupName')]", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "existenceScope": "resourceGroup", + "deploymentScope": "subscription", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -301,128 +306,125 @@ } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], "deployment": { "properties": { "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, - "severity": { - "value": "[parameters('severity')]" + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, - "evaluationPeriods": { - "value": "[parameters('evaluationPeriods')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" + "enabled": { + "value": "[parameters('enabled')]" }, "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "mode": "incremental", "template": { "parameters": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "evaluationFrequency": { "type": "String" }, + "UAMIResourceId": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" - }, - "windowSize": { + "failingPeriods": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" + "computersToInclude": { + "type": "array" }, - "enabled": { + "evaluationPeriods": { "type": "String" }, - "severity": { + "autoMitigate": { "type": "String" }, - "autoMitigate": { + "autoResolveTime": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "timeAggregation": { + "enabled": { "type": "String" }, - "failingPeriods": { + "operator": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, - "evaluationPeriods": { + "windowSize": { "type": "String" }, - "autoResolveTime": { + "threshold": { "type": "String" }, - "operator": { + "autoResolve": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, - "autoResolve": { + "severity": { "type": "String" } }, @@ -430,9 +432,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -446,11 +448,11 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "mode": "Incremental", @@ -462,10 +464,10 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { + "UAMIResourceId": { "type": "string" }, - "UAMIResourceId": { + "enabled": { "type": "string" } }, @@ -474,106 +476,106 @@ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine dataDiskWriteLatency", "displayName": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]", + "description": "Log Alert for Virtual Machine dataDiskWriteLatency", "parameters": { - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" - }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" }, - "severity": { - "value": "[parameters('severity')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "scopes": [ + "[subscription().Id]" + ], + "targetResourceTypes": [ + "Microsoft.Compute/virtualMachines" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", "operator": "[parameters('operator')]", + "threshold": 0, + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] } - ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + ] } ] }, "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, - "scopes": [ - "[subscription().Id]" - ], - "targetResourceTypes": [ - "Microsoft.Compute/virtualMachines" - ] + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -589,8 +591,8 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "name": "VMdataDiskWriteLatencyAlert", "apiVersion": "2019-10-01", + "name": "VMdataDiskWriteLatencyAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -601,9 +603,7 @@ } }, "location": "australiaeast" - }, - "deploymentScope": "subscription", - "existenceScope": "resourceGroup" + } } } } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_heartbeat_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_heartbeat_alert.jsonc index 3c3d297..277c5f4 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_heartbeat_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_heartbeat_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.4.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,26 +58,42 @@ ], "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, - "alertResourceGroupLocation": { + "effect": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "centralus", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,18 +107,18 @@ "defaultValue": "PT6H", "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -107,89 +127,69 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "failingPeriods": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "timeAggregation": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "TimeAggregation" }, "allowedValues": [ - "true", - "false" + "Count" ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "10", + "defaultValue": "Count", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, - "timeAggregation": { + "severity": { "metadata": { - "displayName": "TimeAggregation" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ - "Count" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "Count", + "defaultValue": "1", "type": "String" }, - "failingPeriods": { + "evaluationPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { + "alertResourceGroupTags": { "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "", - "type": "string" + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" }, - "evaluationPeriods": { + "threshold": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "1", + "defaultValue": "10", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" @@ -206,8 +206,8 @@ }, "computersToInclude": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, "defaultValue": [ "*" @@ -216,8 +216,8 @@ }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -248,52 +248,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHeartBeatAlert')]" + "equals": "[concat(subscription().displayName, '-VMHeartBeatAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-override_\"); Heartbeat | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-override_\", tostring(tags.[\"_amba-Heartbeat-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-override_\"); Heartbeat | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-override_\", tostring(tags.[\"_amba-Heartbeat-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,48 +310,48 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -365,52 +365,51 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "MonitorDisableTagName": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "type": "string" }, "enabled": { "type": "String" }, - "severity": { - "type": "String" - }, - "autoMitigate": { + "failingPeriods": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, - "timeAggregation": { + "severity": { "type": "String" }, - "failingPeriods": { + "evaluationPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "evaluationPeriods": { + "threshold": { "type": "String" }, "autoResolveTime": { @@ -427,12 +426,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -446,14 +446,13 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -462,60 +461,61 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { + "UAMIResourceId": { "type": "string" }, - "UAMIResourceId": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine Heartbeat", "displayName": "[concat(subscription().displayName, '-VMHeartBeatAlert')]", + "description": "Log Alert for Virtual Machine Heartbeat", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -527,25 +527,32 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "ruleResolveConfiguration": { + "timeToResolve": "[parameters('autoResolveTime')]", + "autoResolved": "[parameters('autoResolve')]" + }, + "targetResourceTypes": [ + "Microsoft.Compute/virtualMachines" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", + "threshold": 0, "operator": "[parameters('operator')]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" } ], @@ -553,20 +560,13 @@ } ] }, - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "scopes": [ "[subscription().Id]" - ], - "targetResourceTypes": [ - "Microsoft.Compute/virtualMachines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMHeartBeatAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -578,20 +578,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HeartBeatAlert", "apiVersion": "2019-10-01", + "name": "HeartBeatAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_memory_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_memory_alert.jsonc index 570b0c5..69de508 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_memory_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_memory_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM Memory Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.4.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -54,22 +54,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -87,12 +71,12 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "MonitorDisableTagName": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "rg-amba-monitoring-001", + "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { @@ -107,6 +91,14 @@ "defaultValue": "true", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -122,16 +114,12 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "alertResourceGroupName": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "threshold": { @@ -142,16 +130,6 @@ "defaultValue": "10", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,6 +140,28 @@ "defaultValue": "Count", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertResourceGroupTags": { + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -178,6 +178,16 @@ "defaultValue": "", "type": "string" }, + "operator": { + "metadata": { + "displayName": "Operator" + }, + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", + "type": "String" + }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -194,16 +204,6 @@ "defaultValue": "true", "type": "String" }, - "operator": { - "metadata": { - "displayName": "Operator" - }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", - "type": "String" - }, "autoResolve": { "metadata": { "description": "Auto Resolve for the alert", @@ -221,8 +221,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -234,56 +234,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMLowMemoryAlert')]" + "equals": "[concat(subscription().displayName, '-VMLowMemoryAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -300,110 +299,109 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "MonitorDisableTagValues": { "type": "Array" }, + "windowSize": { + "type": "String" + }, "MonitorDisableTagName": { "type": "String" }, + "enabled": { + "type": "String" + }, "alertResourceGroupLocation": { "type": "string" }, - "windowSize": { + "severity": { "type": "String" }, "alertResourceGroupName": { "type": "string" }, - "enabled": { - "type": "String" - }, - "severity": { - "type": "String" - }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "timeAggregation": { - "type": "String" - }, "failingPeriods": { "type": "String" }, "UAMIResourceId": { "type": "string" }, - "evaluationPeriods": { + "operator": { "type": "String" }, - "autoResolveTime": { + "evaluationPeriods": { "type": "String" }, - "operator": { + "autoResolveTime": { "type": "String" }, "autoResolve": { @@ -414,9 +412,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[parameters('alertResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -424,29 +422,28 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "enabled": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -464,29 +461,29 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -508,10 +505,10 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -525,8 +522,8 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": [ "*" ] @@ -536,20 +533,20 @@ } ] }, + "scopes": [ + "[subscription().Id]" + ], "ruleResolveConfiguration": { "timeToResolve": "[parameters('autoResolveTime')]", "autoResolved": "[parameters('autoResolve')]" }, - "scopes": [ - "[subscription().Id]" - ], "targetResourceTypes": [ "Microsoft.Compute/virtualMachines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[concat(subscription().displayName, '-VMLowMemoryAlert')]", "apiVersion": "2022-08-01-preview", + "name": "[concat(subscription().displayName, '-VMLowMemoryAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -563,10 +560,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMMemoryAlert", "apiVersion": "2019-10-01", + "name": "VMMemoryAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -574,10 +572,12 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_networkin_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_networkin_alert.jsonc index 4df44e0..e0cac15 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_networkin_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_networkin_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM Network Read Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", + "version": "1.4.0", + "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,26 +58,42 @@ ], "type": "Array" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "enabled": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "centralus", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,30 +107,20 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "alertResourceGroupTags": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "defaultValue": { + "Project": "amba-monitoring" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "type": "Object" }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,36 +132,22 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "UAMIResourceId": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10000000", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -164,36 +160,42 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, "defaultValue": "1", "type": "String" }, - "autoResolveTime": { + "effect": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "true", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, + "computersToInclude": { + "metadata": { + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, "operator": { "metadata": { "displayName": "Operator" @@ -204,20 +206,18 @@ "defaultValue": "GreaterThan", "type": "String" }, - "computersToInclude": { + "autoResolveTime": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "defaultValue": [ - "*" - ], - "type": "array" + "defaultValue": "true", + "type": "String" }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -304,135 +303,136 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, + "autoMitigate": { + "type": "String" + }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "enabled": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" - }, - "enabled": { - "type": "String" + "alertResourceGroupTags": { + "type": "object" }, "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" + "UAMIResourceId": { + "type": "string" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" }, - "autoResolveTime": { - "type": "String" + "computersToInclude": { + "type": "array" }, "operator": { "type": "String" }, - "computersToInclude": { - "type": "array" + "autoResolveTime": { + "type": "String" }, "autoResolve": { "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -453,7 +453,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -470,39 +469,43 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine NetworkIn", "displayName": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]", + "description": "Log Alert for Virtual Machine NetworkIn", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -510,27 +513,24 @@ "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -544,13 +544,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "NetworkInterface", "operator": "Include", + "name": "NetworkInterface", "values": [ "*" ] @@ -560,20 +560,20 @@ } ] }, + "scopes": [ + "[subscription().Id]" + ], "ruleResolveConfiguration": { "timeToResolve": "[parameters('autoResolveTime')]", "autoResolved": "[parameters('autoResolve')]" }, - "scopes": [ - "[subscription().Id]" - ], "targetResourceTypes": [ "Microsoft.Compute/virtualMachines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMHighNetworkInAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -585,20 +585,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMNetworkInAlert", "apiVersion": "2019-10-01", + "name": "VMNetworkInAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_networkout_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_networkout_alert.jsonc index 9bab34f..cc7044f 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_networkout_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_networkout_alert.jsonc @@ -6,31 +6,35 @@ "description": "Policy to audit/deploy VM Network Out Alert", "mode": "All", "metadata": { - "category": "Compute", - "version": "1.4.0", "_deployed_by_amba": "True", + "version": "1.4.0", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Compute" }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +45,18 @@ "defaultValue": "PT5M", "type": "String" }, + "UAMIResourceId": { + "metadata": { + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." + }, + "defaultValue": "", + "type": "string" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -56,49 +68,42 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "failingPeriods": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "defaultValue": "centralus", + "defaultValue": "1", "type": "String" }, - "windowSize": { + "computersToInclude": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "PT24H" + "defaultValue": [ + "*" ], - "defaultValue": "PT15M", - "type": "String" + "type": "array" }, - "alertResourceGroupName": { + "evaluationPeriods": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "rg-amba-monitoring-001", + "defaultValue": "1", "type": "String" }, - "enabled": { + "autoMitigate": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -107,123 +112,118 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "autoResolveTime": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "true", "type": "String" }, - "autoMitigate": { + "timeAggregation": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "TimeAggregation" }, "allowedValues": [ - "true", - "false" + "Count" ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "10000000", + "defaultValue": "Count", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" }, - "timeAggregation": { + "enabled": { "metadata": { - "displayName": "TimeAggregation" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ - "Count" + "true", + "false" ], - "defaultValue": "Count", + "defaultValue": "true", "type": "String" }, - "failingPeriods": { + "windowSize": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Window Size", + "description": "Window size for the alert" }, - "defaultValue": "1", + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" + ], + "defaultValue": "PT15M", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, - "evaluationPeriods": { + "operator": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Operator" }, - "defaultValue": "1", + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", "type": "String" }, - "autoResolveTime": { + "threshold": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "true", + "defaultValue": "10000000", "type": "String" }, - "operator": { + "autoResolve": { "metadata": { - "displayName": "Operator" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ - "GreaterThan" + "true", + "false" ], - "defaultValue": "GreaterThan", + "defaultValue": "true", "type": "String" }, - "computersToInclude": { + "severity": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Severity", + "description": "Severity of the Alert" }, - "defaultValue": [ - "*" + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" ], - "type": "array" + "defaultValue": "2", + "type": "String" }, - "autoResolve": { + "effect": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" } }, @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,60 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "existenceScope": "resourceGroup", + "deploymentScope": "subscription", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -301,128 +305,124 @@ } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], "deployment": { "properties": { "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, - "severity": { - "value": "[parameters('severity')]" + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, - "evaluationPeriods": { - "value": "[parameters('evaluationPeriods')]" + "enabled": { + "value": "[parameters('enabled')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" + "windowSize": { + "value": "[parameters('windowSize')]" }, "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, - "mode": "incremental", "template": { "parameters": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "evaluationFrequency": { "type": "String" }, + "UAMIResourceId": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" - }, - "windowSize": { + "failingPeriods": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" + "computersToInclude": { + "type": "array" }, - "enabled": { + "evaluationPeriods": { "type": "String" }, - "severity": { + "autoMitigate": { "type": "String" }, - "autoMitigate": { + "autoResolveTime": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "timeAggregation": { + "enabled": { "type": "String" }, - "failingPeriods": { + "windowSize": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, - "evaluationPeriods": { + "operator": { "type": "String" }, - "autoResolveTime": { + "threshold": { "type": "String" }, - "operator": { + "autoResolve": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, - "autoResolve": { + "severity": { "type": "String" } }, @@ -430,9 +430,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[parameters('alertResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -446,14 +446,13 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -462,10 +461,10 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { + "UAMIResourceId": { "type": "string" }, - "UAMIResourceId": { + "enabled": { "type": "string" } }, @@ -474,106 +473,106 @@ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine NetworkOut", "displayName": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]", + "description": "Log Alert for Virtual Machine NetworkOut", "parameters": { - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" - }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" }, - "severity": { - "value": "[parameters('severity')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "scopes": [ + "[subscription().Id]" + ], + "targetResourceTypes": [ + "Microsoft.Compute/virtualMachines" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", "operator": "[parameters('operator')]", + "threshold": 0, + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "NetworkInterface", "operator": "Include", + "name": "NetworkInterface", "values": [ "*" ] } - ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + ] } ] }, "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, - "scopes": [ - "[subscription().Id]" - ], - "targetResourceTypes": [ - "Microsoft.Compute/virtualMachines" - ] + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]", "apiVersion": "2022-08-01-preview", + "name": "[concat(subscription().displayName, '-VMHighNetworkOutAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -587,10 +586,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMNetworkOutAlert", "apiVersion": "2019-10-01", + "name": "VMNetworkOutAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -598,12 +598,12 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "deploymentScope": "subscription", - "existenceScope": "resourceGroup" + "resourceGroupName": "[parameters('alertResourceGroupName')]" } } } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskreadlatency_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskreadlatency_alert.jsonc index e93d1b0..2388a93 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskreadlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskreadlatency_alert.jsonc @@ -6,8 +6,8 @@ "description": "Policy to audit/deploy VM OSDiskreadLatency Alert", "mode": "All", "metadata": { - "category": "Compute", "_deployed_by_amba": "True", + "category": "Compute", "version": "1.4.0", "alzCloudEnvironments": [ "AzureCloud" @@ -15,18 +15,6 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,19 +29,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -83,24 +58,16 @@ "defaultValue": "PT15M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -118,20 +85,16 @@ "defaultValue": "2", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { + "enabled": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Alert state for the alert", + "displayName": "Alert State" }, - "defaultValue": "centralus", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "threshold": { @@ -142,15 +105,26 @@ "defaultValue": "30", "type": "String" }, - "alertResourceGroupTags": { + "MonitorDisableTagValues": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": { - "Project": "amba-monitoring" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "type": "Object" + "defaultValue": "MonitorDisable", + "type": "String" }, "timeAggregation": { "metadata": { @@ -162,14 +136,6 @@ "defaultValue": "Count", "type": "String" }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, "operator": { "metadata": { "displayName": "Operator" @@ -180,6 +146,30 @@ "defaultValue": "GreaterThan", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, + "failingPeriods": { + "metadata": { + "description": "Number of failing periods before alert is fired", + "displayName": "Failing Periods" + }, + "defaultValue": "1", + "type": "String" + }, "UAMIResourceId": { "metadata": { "description": "The resource Id of the user assigned managed identity.", @@ -188,6 +178,16 @@ "defaultValue": "", "type": "string" }, + "computersToInclude": { + "metadata": { + "description": "Array of Computer to be monitored", + "displayName": "Computers to be included to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -204,15 +204,15 @@ "defaultValue": "true", "type": "String" }, - "computersToInclude": { + "alertResourceGroupTags": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" }, - "defaultValue": [ - "*" - ], - "type": "array" + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" }, "autoResolve": { "metadata": { @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,124 +303,122 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, "operator": { "value": "[parameters('operator')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, "autoMitigate": { "type": "String" }, "windowSize": { "type": "String" }, - "MonitorDisableTagName": { + "severity": { "type": "String" }, "enabled": { "type": "String" }, - "severity": { + "threshold": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" - }, - "alertResourceGroupLocation": { - "type": "string" + "MonitorDisableTagValues": { + "type": "Array" }, - "threshold": { + "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, - "failingPeriods": { + "operator": { "type": "String" }, - "operator": { + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, + "failingPeriods": { "type": "String" }, "UAMIResourceId": { "type": "string" }, + "computersToInclude": { + "type": "array" + }, "evaluationPeriods": { "type": "String" }, "autoResolveTime": { "type": "String" }, - "computersToInclude": { - "type": "array" + "alertResourceGroupTags": { + "type": "object" }, "autoResolve": { "type": "String" @@ -430,9 +428,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -443,26 +441,25 @@ "enabled": { "value": "[parameters('enabled')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupLocation": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -480,32 +477,32 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" + "severity": { + "value": "[parameters('severity')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" + "threshold": { + "value": "[parameters('threshold')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" @@ -513,15 +510,15 @@ "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" } @@ -529,51 +526,51 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": 0, "timeAggregation": "[parameters('timeAggregation')]", + "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, - "operator": "[parameters('operator')]", - "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] } ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "resourceIdColumn": "_ResourceId" } ] }, "scopes": [ "[subscription().Id]" ], - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "targetResourceTypes": [ "Microsoft.Compute/virtualMachines" - ] + ], + "ruleResolveConfiguration": { + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", "name": "[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -587,7 +584,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "VMOSDiskreadLatencyAlert", @@ -598,10 +596,12 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceScope": "resourceGroup", "deploymentScope": "subscription" } diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskspace_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskspace_alert.jsonc index c3996d0..8fdad9f 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskspace_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskspace_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM OSDiskSpace Alert", "mode": "All", "metadata": { - "category": "Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "version": "1.4.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Compute" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,22 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -62,12 +66,26 @@ "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "alertResourceGroupTags": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" }, - "defaultValue": "centralus", + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -87,14 +105,6 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -107,33 +117,6 @@ "defaultValue": "true", "type": "String" }, - "severity": { - "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" - }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", - "type": "String" - }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -142,16 +125,6 @@ "defaultValue": "10", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,12 +135,31 @@ "defaultValue": "Count", "type": "String" }, - "failingPeriods": { + "effect": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "description": "Effect of the policy", + "displayName": "Effect" }, - "defaultValue": "1", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", "type": "String" }, "UAMIResourceId": { @@ -178,14 +170,24 @@ "defaultValue": "", "type": "string" }, - "evaluationPeriods": { + "failingPeriods": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "description": "Number of failing periods before alert is fired", + "displayName": "Failing Periods" }, "defaultValue": "1", "type": "String" }, + "computersToInclude": { + "metadata": { + "description": "Array of Computer to be monitored", + "displayName": "Computers to be included to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, "autoResolveTime": { "metadata": { "description": "Auto Resolve time for the alert in ISO 8601 format", @@ -194,6 +196,14 @@ "defaultValue": "true", "type": "String" }, + "evaluationPeriods": { + "metadata": { + "description": "The number of aggregated lookback points.", + "displayName": "Evaluation Periods" + }, + "defaultValue": "1", + "type": "String" + }, "operator": { "metadata": { "displayName": "Operator" @@ -204,16 +214,6 @@ "defaultValue": "GreaterThan", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { "description": "Auto Resolve for the alert", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -248,52 +248,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]" + "equals": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,117 +310,116 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" + "severity": { + "value": "[parameters('severity')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, - "evaluationPeriods": { - "value": "[parameters('evaluationPeriods')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" + }, "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" - }, - "windowSize": { - "type": "String" - }, - "alertResourceGroupName": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "enabled": { + "autoMitigate": { "type": "String" }, - "severity": { + "windowSize": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, - "failingPeriods": { + "severity": { "type": "String" }, "UAMIResourceId": { "type": "string" }, - "evaluationPeriods": { + "failingPeriods": { "type": "String" }, + "computersToInclude": { + "type": "array" + }, "autoResolveTime": { "type": "String" }, - "operator": { + "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" + "operator": { + "type": "String" }, "autoResolve": { "type": "String" @@ -430,9 +429,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -453,7 +452,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -480,57 +478,57 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" + "severity": { + "value": "[parameters('severity')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, - "evaluationPeriods": { - "value": "[parameters('evaluationPeriods')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "evaluationPeriods": { + "value": "[parameters('evaluationPeriods')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -541,39 +539,39 @@ "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, "operator": "[parameters('operator')]", + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] } - ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + ] } ] }, - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "scopes": [ "[subscription().Id]" ], "targetResourceTypes": [ "Microsoft.Compute/virtualMachines" - ] + ], + "ruleResolveConfiguration": { + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -587,10 +585,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "VMOSDiskSpaceAlert", "apiVersion": "2019-10-01", + "name": "VMOSDiskSpaceAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -598,7 +597,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskwritelatency_alert.jsonc b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskwritelatency_alert.jsonc index 12f6c95..b8ab774 100644 --- a/Definitions/policyDefinitions/Compute/deploy_vm_osdiskwritelatency_alert.jsonc +++ b/Definitions/policyDefinitions/Compute/deploy_vm_osdiskwritelatency_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM OSDiskwriteLatency Alert", "mode": "All", "metadata": { - "category": "Compute", "_deployed_by_amba": "True", "version": "1.4.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -54,18 +54,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -103,6 +91,14 @@ "defaultValue": "true", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -126,14 +122,6 @@ "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -142,16 +130,6 @@ "defaultValue": "30", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,6 +140,28 @@ "defaultValue": "Count", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertResourceGroupTags": { + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -170,6 +170,14 @@ "defaultValue": "1", "type": "String" }, + "UAMIResourceId": { + "metadata": { + "description": "The resource Id of the user assigned managed identity.", + "displayName": "User Assigned managed Identity resource Id." + }, + "defaultValue": "", + "type": "string" + }, "operator": { "metadata": { "displayName": "Operator" @@ -180,14 +188,6 @@ "defaultValue": "GreaterThan", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let excludedVMSSNodes = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | extend isVMSS = isnotempty(properties.virtualMachineScaleSet) | where isVMSS | project id, name); let overridenResource = (arg(\"\").resources | where type =~ \"Microsoft.Compute/virtualMachines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.Compute/virtualMachines\" | where _ResourceId !in~ (excludedResources) | where _ResourceId !in~ (excludedVMSSNodes) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,19 +303,18 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -325,33 +324,33 @@ "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -365,18 +364,17 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, "autoMitigate": { "type": "String" }, + "MonitorDisableTagValues": { + "type": "Array" + }, "windowSize": { "type": "String" }, @@ -386,33 +384,33 @@ "enabled": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, "severity": { "type": "String" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { - "type": "string" - }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, - "failingPeriods": { - "type": "String" + "alertResourceGroupTags": { + "type": "object" }, - "operator": { + "failingPeriods": { "type": "String" }, "UAMIResourceId": { "type": "string" }, + "operator": { + "type": "String" + }, "evaluationPeriods": { "type": "String" }, @@ -430,9 +428,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -443,26 +441,25 @@ "enabled": { "value": "[parameters('enabled')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupLocation": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -480,12 +477,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -495,15 +492,15 @@ "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "threshold": { "value": "[parameters('threshold')]" }, @@ -544,13 +541,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -571,9 +568,9 @@ "Microsoft.Compute/virtualMachines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", "name": "[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -587,7 +584,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "VMOSDiskwriteLatencyAlert", @@ -598,12 +596,14 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_cpu_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_cpu_alert.jsonc index 16d9ca8..941b180 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_cpu_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_cpu_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM CPU Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.2.0", + "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,34 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -54,33 +70,16 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "windowSize": { + "effect": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "PT24H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT15M", + "defaultValue": "deployIfNotExists", "type": "String" }, "MonitorDisableTagName": { @@ -91,10 +90,10 @@ "defaultValue": "MonitorDisable", "type": "String" }, - "enabled": { + "autoMitigate": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ "true", @@ -118,20 +117,31 @@ "defaultValue": "2", "type": "String" }, - "alertResourceGroupName": { + "alertResourceGroupTags": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" }, - "alertResourceGroupLocation": { + "windowSize": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Window size for the alert", + "displayName": "Window Size" }, - "defaultValue": "centralus", + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" + ], + "defaultValue": "PT15M", "type": "String" }, "threshold": { @@ -142,16 +152,6 @@ "defaultValue": "85", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,14 +162,6 @@ "defaultValue": "Count", "type": "String" }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, "operator": { "metadata": { "displayName": "Operator" @@ -188,6 +180,14 @@ "defaultValue": "", "type": "string" }, + "failingPeriods": { + "metadata": { + "description": "Number of failing periods before alert is fired", + "displayName": "Failing Periods" + }, + "defaultValue": "1", + "type": "String" + }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -221,8 +221,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -234,55 +234,56 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighCPUAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighCPUAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -293,55 +294,54 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" + "enabled": { + "value": "[parameters('enabled')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "severity": { "value": "[parameters('severity')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "windowSize": { + "value": "[parameters('windowSize')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, "operator": { "value": "[parameters('operator')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -358,48 +358,48 @@ "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" + "alertResourceGroupName": { + "type": "string" }, - "autoMitigate": { - "type": "String" + "alertResourceGroupLocation": { + "type": "string" }, - "windowSize": { + "enabled": { "type": "String" }, + "MonitorDisableTagValues": { + "type": "Array" + }, "MonitorDisableTagName": { "type": "String" }, - "enabled": { + "autoMitigate": { "type": "String" }, "severity": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "alertResourceGroupLocation": { - "type": "string" + "windowSize": { + "type": "String" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, - "failingPeriods": { - "type": "String" - }, "operator": { "type": "String" }, "UAMIResourceId": { "type": "string" }, + "failingPeriods": { + "type": "String" + }, "evaluationPeriods": { "type": "String" }, @@ -411,6 +411,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", @@ -424,15 +425,15 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } @@ -440,20 +441,21 @@ "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "alertResourceGroupLocation": { "type": "string" }, + "enabled": { + "type": "string" + }, "UAMIResourceId": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", @@ -464,39 +466,39 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" + "enabled": { + "value": "[parameters('enabled')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "severity": { "value": "[parameters('severity')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "windowSize": { + "value": "[parameters('windowSize')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -508,21 +510,23 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "autoMitigate": "[parameters('autoMitigate')]", "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]", + "scopes": [ + "[subscription().Id]" + ], "criteria": { "allOf": [ { "threshold": 0, "timeAggregation": "[parameters('timeAggregation')]", + "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, - "operator": "[parameters('operator')]", - "resourceIdColumn": "_ResourceId", "dimensions": [ { "name": "Computer", @@ -532,20 +536,18 @@ ] } ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-UtilizationPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Processor\" and Name == \"UtilizationPercentage\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-UtilizationPercentage-threshold-override_\", tostring(tags.[\"_amba-UtilizationPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "resourceIdColumn": "_ResourceId" } ] }, - "scopes": [ - "[subscription().Id]" - ], - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "targetResourceTypes": [ "Microsoft.HybridCompute/machines" - ] + ], + "ruleResolveConfiguration": { + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", @@ -561,7 +563,6 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, @@ -572,14 +573,13 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskreadlatency_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskreadlatency_alert.jsonc index 46bd9cd..f4bf496 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskreadlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskreadlatency_alert.jsonc @@ -6,45 +6,35 @@ "description": "Policy to audit/deploy VM dataDiskReadLatency Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.2.0", + "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", "type": "String" }, - "evaluationFrequency": { + "alertResourceGroupName": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" }, - "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,47 +44,40 @@ ], "type": "Array" }, - "autoMitigate": { + "MonitorDisableTagName": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "MonitorDisable", "type": "String" }, - "windowSize": { + "effect": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "PT24H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT15M", + "defaultValue": "deployIfNotExists", "type": "String" }, - "MonitorDisableTagName": { + "alertResourceGroupTags": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "MonitorDisable", - "type": "String" + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -103,54 +86,73 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "evaluationFrequency": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "2", + "defaultValue": "PT5M", "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, - "alertResourceGroupLocation": { + "failingPeriods": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "defaultValue": "centralus", + "defaultValue": "1", "type": "String" }, - "threshold": { + "computersToInclude": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "defaultValue": "30", + "defaultValue": [ + "*" + ], + "type": "array" + }, + "evaluationPeriods": { + "metadata": { + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." + }, + "defaultValue": "1", "type": "String" }, - "alertResourceGroupTags": { + "autoMitigate": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": { - "Project": "amba-monitoring" + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "autoResolveTime": { + "metadata": { + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "type": "Object" + "defaultValue": "true", + "type": "String" }, "timeAggregation": { "metadata": { @@ -162,12 +164,21 @@ "defaultValue": "Count", "type": "String" }, - "failingPeriods": { + "windowSize": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Window Size", + "description": "Window size for the alert" }, - "defaultValue": "1", + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" + ], + "defaultValue": "PT15M", "type": "String" }, "operator": { @@ -180,50 +191,39 @@ "defaultValue": "GreaterThan", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, - "evaluationPeriods": { + "threshold": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "1", + "defaultValue": "30", "type": "String" }, - "autoResolveTime": { + "autoResolve": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, + "allowedValues": [ + "true", + "false" + ], "defaultValue": "true", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, - "autoResolve": { + "severity": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ - "true", - "false" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "true", + "defaultValue": "2", "type": "String" } }, @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,55 +244,56 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,166 +304,166 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup", "deployment": { "properties": { "parameters": { - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" }, - "timeAggregation": { - "value": "[parameters('timeAggregation')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "timeAggregation": { + "value": "[parameters('timeAggregation')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, - "mode": "incremental", "template": { "parameters": { - "evaluationFrequency": { - "type": "String" + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" }, "MonitorDisableTagValues": { "type": "Array" }, - "autoMitigate": { - "type": "String" - }, - "windowSize": { - "type": "String" - }, "MonitorDisableTagName": { "type": "String" }, + "alertResourceGroupTags": { + "type": "object" + }, "enabled": { "type": "String" }, - "severity": { + "evaluationFrequency": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" - }, - "alertResourceGroupLocation": { + "UAMIResourceId": { "type": "string" }, - "threshold": { + "failingPeriods": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" + "computersToInclude": { + "type": "array" }, - "timeAggregation": { + "evaluationPeriods": { "type": "String" }, - "failingPeriods": { + "autoMitigate": { "type": "String" }, - "operator": { + "autoResolveTime": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "timeAggregation": { + "type": "String" }, - "evaluationPeriods": { + "windowSize": { "type": "String" }, - "autoResolveTime": { + "operator": { "type": "String" }, - "computersToInclude": { - "type": "array" + "threshold": { + "type": "String" }, "autoResolve": { "type": "String" + }, + "severity": { + "type": "String" } }, "contentVersion": "1.0.0.0", "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { "resourceGroup": "[parameters('alertResourceGroupName')]", "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "UAMIResourceId": { @@ -473,84 +474,95 @@ "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", + "apiVersion": "2022-08-01-preview", "properties": { - "description": "Log Alert for Virtual Machine dataDiskReadLatency", "displayName": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]", + "description": "Log Alert for Virtual Machine dataDiskReadLatency", "parameters": { - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "computersToInclude": { + "value": "[parameters('computersToInclude')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, + "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "ruleResolveConfiguration": { + "timeToResolve": "[parameters('autoResolveTime')]", + "autoResolved": "[parameters('autoResolve')]" + }, + "targetResourceTypes": [ + "Microsoft.HybridCompute/machines" + ], + "scopes": [ + "[subscription().Id]" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", "operator": "[parameters('operator')]", + "threshold": 0, "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -559,20 +571,9 @@ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\", \"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" } ] - }, - "scopes": [ - "[subscription().Id]" - ], - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, - "targetResourceTypes": [ - "Microsoft.HybridCompute/machines" - ] + } }, "location": "[parameters('alertResourceGroupLocation')]", - "apiVersion": "2022-08-01-preview", "name": "[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]", "tags": { "_deployed_by_amba": true @@ -587,9 +588,9 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "apiVersion": "2019-10-01", "name": "HybridVMdataDiskReadLatencyAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" @@ -598,12 +599,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" - }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + } } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskspace_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskspace_alert.jsonc index 03b7123..20bf9e0 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskspace_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskspace_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM data Disk Space Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,26 +58,42 @@ ], "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, - "alertResourceGroupLocation": { + "effect": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "centralus", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,18 +107,18 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -107,10 +127,28 @@ "defaultValue": "true", "type": "String" }, + "failingPeriods": { + "metadata": { + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" + }, + "defaultValue": "1", + "type": "String" + }, + "timeAggregation": { + "metadata": { + "displayName": "TimeAggregation" + }, + "allowedValues": [ + "Count" + ], + "defaultValue": "Count", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,74 +160,36 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { + "evaluationPeriods": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "10", + "defaultValue": "1", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" }, - "timeAggregation": { - "metadata": { - "displayName": "TimeAggregation" - }, - "allowedValues": [ - "Count" - ], - "defaultValue": "Count", - "type": "String" - }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, - "evaluationPeriods": { + "threshold": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "1", + "defaultValue": "10", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" @@ -206,8 +206,8 @@ }, "computersToInclude": { "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, "defaultValue": [ "*" @@ -216,8 +216,8 @@ }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -248,52 +248,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-Data-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,48 +310,48 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -365,52 +365,51 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "MonitorDisableTagName": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "type": "string" }, "enabled": { "type": "String" }, - "severity": { - "type": "String" - }, - "autoMitigate": { + "failingPeriods": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, - "timeAggregation": { + "severity": { "type": "String" }, - "failingPeriods": { + "evaluationPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "evaluationPeriods": { + "threshold": { "type": "String" }, "autoResolveTime": { @@ -427,12 +426,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -446,14 +446,13 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -462,60 +461,61 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { + "UAMIResourceId": { "type": "string" }, - "UAMIResourceId": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine dataDiskSpace", "displayName": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]", + "description": "Log Alert for Virtual Machine dataDiskSpace", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -527,30 +527,37 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "ruleResolveConfiguration": { + "timeToResolve": "[parameters('autoResolveTime')]", + "autoResolved": "[parameters('autoResolve')]" + }, + "targetResourceTypes": [ + "Microsoft.HybridCompute/machines" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", + "threshold": 0, "operator": "[parameters('operator')]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -560,20 +567,13 @@ } ] }, - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "scopes": [ "[subscription().Id]" - ], - "targetResourceTypes": [ - "Microsoft.HybridCompute/machines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -585,20 +585,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMdataDiskSpaceAlert", "apiVersion": "2019-10-01", + "name": "HybridVMdataDiskSpaceAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskwritelatency_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskwritelatency_alert.jsonc index ae86b7d..f782209 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskwritelatency_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_datadiskwritelatency_alert.jsonc @@ -6,31 +6,62 @@ "description": "Policy to audit/deploy VM dataDiskWriteLatency Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", + "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + ] }, "parameters": { - "effect": { + "evaluationFrequency": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -39,24 +70,30 @@ "defaultValue": "true", "type": "String" }, - "evaluationFrequency": { + "MonitorDisableTagName": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "true", + "false" ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -70,10 +107,20 @@ "defaultValue": "PT15M", "type": "String" }, + "alertResourceGroupTags": { + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -85,38 +132,18 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "String" @@ -131,85 +158,66 @@ "defaultValue": "Count", "type": "String" }, - "alertResourceGroupTags": { + "failingPeriods": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" + "defaultValue": "1", + "type": "String" }, - "operator": { + "evaluationPeriods": { "metadata": { - "displayName": "Operator" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", + "defaultValue": "1", "type": "String" }, - "MonitorDisableTagValues": { + "effect": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "deployIfNotExists", + "disabled" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "deployIfNotExists", "type": "String" }, - "failingPeriods": { + "computersToInclude": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "defaultValue": "1", - "type": "String" + "defaultValue": [ + "*" + ], + "type": "array" }, - "evaluationPeriods": { + "operator": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Operator" }, - "defaultValue": "1", + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -217,22 +225,14 @@ ], "defaultValue": "true", "type": "String" - }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk !in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-Data-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,47 +303,48 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, - "timeAggregation": { - "value": "[parameters('timeAggregation')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, - "operator": { - "value": "[parameters('operator')]" + "severity": { + "value": "[parameters('severity')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" + "threshold": { + "value": "[parameters('threshold')]" + }, + "timeAggregation": { + "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" @@ -351,86 +352,86 @@ "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "operator": { + "value": "[parameters('operator')]" + }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "String" - }, "evaluationFrequency": { "type": "String" }, - "windowSize": { - "type": "String" - }, - "severity": { - "type": "String" - }, - "autoMitigate": { - "type": "String" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "threshold": { + "MonitorDisableTagValues": { + "type": "Array" + }, + "autoMitigate": { "type": "String" }, - "timeAggregation": { + "MonitorDisableTagName": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "operator": { + "severity": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" + "UAMIResourceId": { + "type": "string" }, - "MonitorDisableTagName": { + "threshold": { "type": "String" }, - "failingPeriods": { + "timeAggregation": { "type": "String" }, - "evaluationPeriods": { + "failingPeriods": { "type": "String" }, - "autoResolveTime": { + "evaluationPeriods": { "type": "String" }, "computersToInclude": { "type": "array" }, - "autoResolve": { + "operator": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "autoResolveTime": { + "type": "String" + }, + "autoResolve": { + "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -439,117 +440,117 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, + "enabled": { + "type": "string" + }, "UAMIResourceId": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine dataDiskWriteLatency", "displayName": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]", + "description": "Log Alert for Virtual Machine dataDiskWriteLatency", "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" - }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" } }, - "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": 0, "timeAggregation": "[parameters('timeAggregation')]", - "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "operator": "[parameters('operator')]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -570,8 +571,8 @@ "Microsoft.HybridCompute/machines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]", "tags": { "_deployed_by_amba": true @@ -584,9 +585,9 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "HybridVMdataDiskWriteLatencyAlert", @@ -595,15 +596,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "resourceGroupName": "[parameters('alertResourceGroupName')]", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_disconnected_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_disconnected_alert.jsonc index 9a95525..6796948 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_disconnected_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_disconnected_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to Deploy Hybrid VM Disconnected Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.3.0", "_deployed_by_amba": "True", + "version": "1.3.0", + "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -46,10 +34,26 @@ "defaultValue": "PT10M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -59,26 +63,42 @@ ], "type": "Array" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "enabled": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "centralus", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT12H", @@ -87,30 +107,20 @@ "defaultValue": "P1D", "type": "String" }, - "alertResourceGroupName": { + "alertResourceGroupTags": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "defaultValue": { + "Project": "amba-monitoring" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "type": "Object" }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,22 +132,18 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "UAMIResourceId": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold in timespan value for the Hybrid VM Disconnected alert", - "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)" + "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)", + "description": "Threshold in timespan value for the Hybrid VM Disconnected alert" }, "allowedValues": [ "5m", @@ -157,16 +163,6 @@ "defaultValue": "10m", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -179,26 +175,30 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { + "evaluationPeriods": { "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "", - "type": "string" + "defaultValue": "1", + "type": "String" }, - "evaluationPeriods": { + "effect": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "1", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, "operator": { @@ -216,8 +216,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -229,56 +229,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | where parse_json(tostring(tags.{0})) !in~ (\"{1}\") | where tostring(properties.status) == \"Disconnected\" | extend appliedThresholdString = iif(tags contains \"_amba-Disconnected-threshold-override_\", tostring(tags.[\"_amba-Disconnected-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = totimespan(appliedThresholdString) | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate >= ago(appliedThreshold) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | where parse_json(tostring(tags.{0})) !in~ (\"{1}\") | where tostring(properties.status) == \"Disconnected\" | extend appliedThresholdString = iif(tags contains \"_amba-Disconnected-threshold-override_\", tostring(tags.[\"_amba-Disconnected-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = totimespan(appliedThresholdString) | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate >= ago(appliedThreshold) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -289,51 +288,52 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -341,51 +341,50 @@ "value": "[parameters('operator')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, + "autoMitigate": { + "type": "String" + }, "MonitorDisableTagName": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "enabled": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" - }, - "enabled": { - "type": "String" + "alertResourceGroupTags": { + "type": "object" }, "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" + "UAMIResourceId": { + "type": "string" }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" }, @@ -394,12 +393,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -420,7 +420,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -437,39 +436,43 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Hybrid VM in disconnected state. Not being connected, prevents extensions to be correctly managed from the portal and Azure policies to be correctly applied. Ensure that both server the specific service (Azure Hybrid Instance Metadata Service on Windows or azcmagent on Linux) are running.", "displayName": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]", + "description": "Hybrid VM in disconnected state. Not being connected, prevents extensions to be correctly managed from the portal and Azure policies to be correctly applied. Ensure that both server the specific service (Azure Hybrid Instance Metadata Service on Windows or azcmagent on Linux) are running.", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -477,18 +480,15 @@ "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -502,8 +502,8 @@ "resourceIdColumn": "id", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": [ "*" ] @@ -520,9 +520,9 @@ "Microsoft.HybridCompute/machines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -534,20 +534,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMDisconnectedAlert", "apiVersion": "2019-10-01", + "name": "HybridVMDisconnectedAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_heartbeat_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_heartbeat_alert.jsonc index d3ea83a..3d92c7e 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_heartbeat_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_heartbeat_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -54,22 +54,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -87,12 +71,12 @@ "defaultValue": "PT6H", "type": "String" }, - "alertResourceGroupName": { + "MonitorDisableTagName": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "rg-amba-monitoring-001", + "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { @@ -107,6 +91,14 @@ "defaultValue": "true", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -122,16 +114,12 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "alertResourceGroupName": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "threshold": { @@ -142,16 +130,6 @@ "defaultValue": "10", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,6 +140,28 @@ "defaultValue": "Count", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertResourceGroupTags": { + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -178,6 +178,16 @@ "defaultValue": "", "type": "string" }, + "operator": { + "metadata": { + "displayName": "Operator" + }, + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", + "type": "String" + }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -194,16 +204,6 @@ "defaultValue": "true", "type": "String" }, - "operator": { - "metadata": { - "displayName": "Operator" - }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", - "type": "String" - }, "computersToInclude": { "metadata": { "description": "Array of Computer to be monitored", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-override_\"); Heartbeat | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-override_\", tostring(tags.[\"_amba-Heartbeat-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-Heartbeat-threshold-override_\"); Heartbeat | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\"minute\",now(),TimeGenerated) | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-Heartbeat-threshold-override_\", tostring(tags.[\"_amba-Heartbeat-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,54 +309,54 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, @@ -365,58 +364,57 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "MonitorDisableTagValues": { "type": "Array" }, + "windowSize": { + "type": "String" + }, "MonitorDisableTagName": { "type": "String" }, + "enabled": { + "type": "String" + }, "alertResourceGroupLocation": { "type": "string" }, - "windowSize": { + "severity": { "type": "String" }, "alertResourceGroupName": { "type": "string" }, - "enabled": { - "type": "String" - }, - "severity": { - "type": "String" - }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "timeAggregation": { - "type": "String" - }, "failingPeriods": { "type": "String" }, "UAMIResourceId": { "type": "string" }, - "evaluationPeriods": { + "operator": { "type": "String" }, - "autoResolveTime": { + "evaluationPeriods": { "type": "String" }, - "operator": { + "autoResolveTime": { "type": "String" }, "computersToInclude": { @@ -430,9 +428,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[parameters('alertResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -440,29 +438,28 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "enabled": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -480,29 +477,29 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "threshold": { "value": "[parameters('threshold')]" @@ -527,10 +524,10 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -544,8 +541,8 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" } ], @@ -553,20 +550,20 @@ } ] }, + "scopes": [ + "[subscription().Id]" + ], "ruleResolveConfiguration": { "timeToResolve": "[parameters('autoResolveTime')]", "autoResolved": "[parameters('autoResolve')]" }, - "scopes": [ - "[subscription().Id]" - ], "targetResourceTypes": [ "Microsoft.HybridCompute/machines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", - "name": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]", "apiVersion": "2022-08-01-preview", + "name": "[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -580,10 +577,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMHeartBeatAlert", "apiVersion": "2019-10-01", + "name": "HybridVMHeartBeatAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -591,10 +589,12 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_memory_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_memory_alert.jsonc index 4879105..a5487d4 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_memory_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_memory_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM Memory Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,26 @@ "defaultValue": "PT5M", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -54,26 +58,42 @@ ], "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, - "alertResourceGroupLocation": { + "effect": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "centralus", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,18 +107,18 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -107,10 +127,28 @@ "defaultValue": "true", "type": "String" }, + "failingPeriods": { + "metadata": { + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" + }, + "defaultValue": "1", + "type": "String" + }, + "timeAggregation": { + "metadata": { + "displayName": "TimeAggregation" + }, + "allowedValues": [ + "Count" + ], + "defaultValue": "Count", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,74 +160,36 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { + "evaluationPeriods": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "10", + "defaultValue": "1", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" }, - "timeAggregation": { - "metadata": { - "displayName": "TimeAggregation" - }, - "allowedValues": [ - "Count" - ], - "defaultValue": "Count", - "type": "String" - }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, - "evaluationPeriods": { + "threshold": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "1", + "defaultValue": "10", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" @@ -206,8 +206,8 @@ }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -221,8 +221,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -238,52 +238,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Memory\" and Name == \"AvailableMB\" | extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-AvailableMemoryPercentage-threshold-override_\", tostring(tags.[\"_amba-AvailableMemoryPercentage-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -300,48 +300,48 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "failingPeriods": { + "value": "[parameters('failingPeriods')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -352,52 +352,51 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, "MonitorDisableTagValues": { "type": "Array" }, - "MonitorDisableTagName": { + "autoMitigate": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" + "MonitorDisableTagName": { + "type": "String" }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { + "UAMIResourceId": { "type": "string" }, "enabled": { "type": "String" }, - "severity": { - "type": "String" - }, - "autoMitigate": { + "failingPeriods": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, - "timeAggregation": { + "severity": { "type": "String" }, - "failingPeriods": { + "evaluationPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "alertResourceGroupTags": { + "type": "object" }, - "evaluationPeriods": { + "threshold": { "type": "String" }, "autoResolveTime": { @@ -411,12 +410,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -430,14 +430,13 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -446,60 +445,61 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { + "UAMIResourceId": { "type": "string" }, - "UAMIResourceId": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine Memory", "displayName": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]", + "description": "Log Alert for Virtual Machine Memory", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, - "threshold": { - "value": "[parameters('threshold')]" - }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "threshold": { + "value": "[parameters('threshold')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, @@ -508,25 +508,32 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "ruleResolveConfiguration": { + "timeToResolve": "[parameters('autoResolveTime')]", + "autoResolved": "[parameters('autoResolve')]" + }, + "targetResourceTypes": [ + "Microsoft.HybridCompute/machines" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", + "threshold": 0, "operator": "[parameters('operator')]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": [ "*" ] @@ -536,20 +543,13 @@ } ] }, - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "scopes": [ "[subscription().Id]" - ], - "targetResourceTypes": [ - "Microsoft.HybridCompute/machines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -561,20 +561,20 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMMemoryAlert", "apiVersion": "2019-10-01", + "name": "HybridVMMemoryAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkin_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkin_alert.jsonc index ab70990..99ad65c 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkin_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkin_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM Nework Read Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", "version": "1.2.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Hybrid Compute" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,33 +29,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -87,12 +58,19 @@ "defaultValue": "PT15M", "type": "String" }, - "alertResourceGroupName": { + "severity": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "rg-amba-monitoring-001", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", "type": "String" }, "enabled": { @@ -107,31 +85,29 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "2", - "type": "String" + "type": "Array" }, - "autoMitigate": { + "effect": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "threshold": { @@ -142,15 +118,13 @@ "defaultValue": "10000000", "type": "String" }, - "alertResourceGroupTags": { + "MonitorDisableTagName": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "type": "Object" + "defaultValue": "MonitorDisable", + "type": "String" }, "timeAggregation": { "metadata": { @@ -162,6 +136,24 @@ "defaultValue": "Count", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "operator": { + "metadata": { + "displayName": "Operator" + }, + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", + "type": "String" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -170,6 +162,14 @@ "defaultValue": "1", "type": "String" }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "UAMIResourceId": { "metadata": { "description": "The resource Id of the user assigned managed identity.", @@ -178,6 +178,16 @@ "defaultValue": "", "type": "string" }, + "computersToInclude": { + "metadata": { + "description": "Array of Computer to be monitored", + "displayName": "Computers to be included to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -194,25 +204,15 @@ "defaultValue": "true", "type": "String" }, - "operator": { + "alertResourceGroupTags": { "metadata": { - "displayName": "Operator" + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", - "type": "String" - }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" + "defaultValue": { + "Project": "amba-monitoring" }, - "defaultValue": [ - "*" - ], - "type": "array" + "type": "Object" }, "autoResolve": { "metadata": { @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -310,129 +309,129 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "severity": { + "value": "[parameters('severity')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "operator": { - "value": "[parameters('operator')]" - }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, - "MonitorDisableTagName": { + "autoMitigate": { "type": "String" }, - "alertResourceGroupLocation": { - "type": "string" - }, "windowSize": { "type": "String" }, - "alertResourceGroupName": { - "type": "string" + "severity": { + "type": "String" }, "enabled": { "type": "String" }, - "severity": { + "MonitorDisableTagValues": { + "type": "Array" + }, + "threshold": { "type": "String" }, - "autoMitigate": { + "MonitorDisableTagName": { "type": "String" }, - "threshold": { + "timeAggregation": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" + "alertResourceGroupLocation": { + "type": "string" }, - "timeAggregation": { + "operator": { "type": "String" }, "failingPeriods": { "type": "String" }, + "alertResourceGroupName": { + "type": "string" + }, "UAMIResourceId": { "type": "string" }, + "computersToInclude": { + "type": "array" + }, "evaluationPeriods": { "type": "String" }, "autoResolveTime": { "type": "String" }, - "operator": { - "type": "String" - }, - "computersToInclude": { - "type": "array" + "alertResourceGroupTags": { + "type": "object" }, "autoResolve": { "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -440,29 +439,28 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { + "enabled": { + "value": "[parameters('enabled')]" + }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "enabled": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -470,6 +468,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", @@ -480,100 +479,100 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "severity": { + "value": "[parameters('severity')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, "threshold": { "value": "[parameters('threshold')]" }, + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": 0, "timeAggregation": "[parameters('timeAggregation')]", + "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, - "operator": "[parameters('operator')]", - "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "NetworkInterface", "operator": "Include", + "name": "NetworkInterface", "values": [ "*" ] } ], - "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-ReadBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "resourceIdColumn": "_ResourceId" } ] }, - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, "scopes": [ "[subscription().Id]" ], "targetResourceTypes": [ "Microsoft.HybridCompute/machines" - ] + ], + "ruleResolveConfiguration": { + "autoResolved": "[parameters('autoResolve')]", + "timeToResolve": "[parameters('autoResolveTime')]" + } }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -585,23 +584,24 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMVMNetworkInAlert", "apiVersion": "2019-10-01", + "name": "HybridVMVMNetworkInAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkout_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkout_alert.jsonc index 8037e34..9275324 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkout_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_networkout_alert.jsonc @@ -6,19 +6,56 @@ "description": "Policy to audit/deploy VM Network Out Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.2.0", + "_deployed_by_amba": "True", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + "version": "1.2.0", + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "effect": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ "deployIfNotExists", @@ -27,10 +64,20 @@ "defaultValue": "deployIfNotExists", "type": "String" }, + "alertResourceGroupTags": { + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -41,8 +88,8 @@ }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -53,72 +100,58 @@ "defaultValue": "PT5M", "type": "String" }, - "windowSize": { + "UAMIResourceId": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "PT24H" - ], - "defaultValue": "PT15M", - "type": "String" + "defaultValue": "", + "type": "string" }, - "severity": { + "failingPeriods": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "computersToInclude": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "allowedValues": [ - "true", - "false" + "defaultValue": [ + "*" ], - "defaultValue": "true", - "type": "String" + "type": "array" }, - "alertResourceGroupLocation": { + "evaluationPeriods": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "centralus", + "defaultValue": "1", "type": "String" }, - "alertResourceGroupName": { + "autoMitigate": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": "rg-amba-monitoring-001", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, - "threshold": { + "autoResolveTime": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, - "defaultValue": "10000000", + "defaultValue": "true", "type": "String" }, "timeAggregation": { @@ -131,15 +164,22 @@ "defaultValue": "Count", "type": "String" }, - "alertResourceGroupTags": { + "windowSize": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Window Size", + "description": "Window size for the alert" }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" + ], + "defaultValue": "PT15M", + "type": "String" }, "operator": { "metadata": { @@ -151,65 +191,18 @@ "defaultValue": "GreaterThan", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "failingPeriods": { - "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" - }, - "defaultValue": "1", - "type": "String" - }, - "evaluationPeriods": { - "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" - }, - "defaultValue": "1", - "type": "String" - }, - "autoResolveTime": { + "threshold": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "true", + "defaultValue": "10000000", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -218,21 +211,28 @@ "defaultValue": "true", "type": "String" }, - "UAMIResourceId": { + "severity": { "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." + "displayName": "Severity", + "description": "Severity of the Alert" }, - "defaultValue": "", - "type": "string" + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,55 +244,56 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,167 +304,168 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "deploymentScope": "subscription", + "existenceScope": "resourceGroup", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, - "timeAggregation": { - "value": "[parameters('timeAggregation')]" + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, - "operator": { - "value": "[parameters('operator')]" + "enabled": { + "value": "[parameters('enabled')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "timeAggregation": { + "value": "[parameters('timeAggregation')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "String" - }, - "evaluationFrequency": { - "type": "String" - }, - "windowSize": { - "type": "String" - }, - "severity": { - "type": "String" - }, - "autoMitigate": { - "type": "String" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "threshold": { - "type": "String" + "MonitorDisableTagValues": { + "type": "Array" }, - "timeAggregation": { + "MonitorDisableTagName": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "operator": { + "enabled": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, - "MonitorDisableTagName": { + "evaluationFrequency": { "type": "String" }, + "UAMIResourceId": { + "type": "string" + }, "failingPeriods": { "type": "String" }, + "computersToInclude": { + "type": "array" + }, "evaluationPeriods": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "autoResolveTime": { "type": "String" }, - "computersToInclude": { - "type": "array" + "timeAggregation": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "operator": { + "type": "String" + }, + "threshold": { + "type": "String" }, "autoResolve": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "severity": { + "type": "String" } }, "contentVersion": "1.0.0.0", "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { "resourceGroup": "[parameters('alertResourceGroupName')]", "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, + "enabled": { + "type": "string" + }, "UAMIResourceId": { "type": "string" } @@ -472,84 +474,95 @@ "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", + "apiVersion": "2022-08-01-preview", "properties": { - "description": "Log Alert for Virtual Machine NetworkOut", "displayName": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]", + "description": "Log Alert for Virtual Machine NetworkOut", "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, - "evaluationFrequency": { - "value": "[parameters('evaluationFrequency')]" - }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" - }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" }, "autoResolve": { "value": "[parameters('autoResolve')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" + "severity": { + "value": "[parameters('severity')]" } }, "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "ruleResolveConfiguration": { + "timeToResolve": "[parameters('autoResolveTime')]", + "autoResolved": "[parameters('autoResolve')]" + }, + "targetResourceTypes": [ + "Microsoft.HybridCompute/machines" + ], + "scopes": [ + "[subscription().Id]" + ], "criteria": { "allOf": [ { - "threshold": 0, - "timeAggregation": "[parameters('timeAggregation')]", - "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "timeAggregation": "[parameters('timeAggregation')]", + "operator": "[parameters('operator')]", + "threshold": 0, "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "NetworkInterface", "operator": "Include", + "name": "NetworkInterface", "values": [ "*" ] @@ -558,20 +571,9 @@ "query": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\" | extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteBytesPerSecond-Data-threshold-override_\", tostring(tags.[\"_amba-WriteBytesPerSecond-Data-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" } ] - }, - "scopes": [ - "[subscription().Id]" - ], - "ruleResolveConfiguration": { - "timeToResolve": "[parameters('autoResolveTime')]", - "autoResolved": "[parameters('autoResolve')]" - }, - "targetResourceTypes": [ - "Microsoft.HybridCompute/machines" - ] + } }, "location": "[parameters('alertResourceGroupLocation')]", - "apiVersion": "2022-08-01-preview", "name": "[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]", "tags": { "_deployed_by_amba": true @@ -586,9 +588,9 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "apiVersion": "2019-10-01", "name": "HybridVMVMNetworkOutAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" @@ -597,13 +599,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" - }, - "existenceScope": "resourceGroup", - "resourceGroupName": "[parameters('alertResourceGroupName')]", - "deploymentScope": "subscription" + } } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskreadlatency_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskreadlatency_alert.jsonc index c11fce2..1b583fd 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskreadlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskreadlatency_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VM OSDiskreadLatency Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", "_deployed_by_amba": "True", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -41,6 +29,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -54,18 +54,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -103,6 +91,14 @@ "defaultValue": "true", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -126,14 +122,6 @@ "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -142,16 +130,6 @@ "defaultValue": "30", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" - }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -162,6 +140,28 @@ "defaultValue": "Count", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertResourceGroupTags": { + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -170,6 +170,14 @@ "defaultValue": "1", "type": "String" }, + "UAMIResourceId": { + "metadata": { + "description": "The resource Id of the user assigned managed identity.", + "displayName": "User Assigned managed Identity resource Id." + }, + "defaultValue": "", + "type": "string" + }, "operator": { "metadata": { "displayName": "Operator" @@ -180,14 +188,6 @@ "defaultValue": "GreaterThan", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -231,8 +231,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-ReadLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-ReadLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,19 +303,18 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -325,33 +324,33 @@ "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -365,18 +364,17 @@ "value": "[parameters('autoResolve')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, "autoMitigate": { "type": "String" }, + "MonitorDisableTagValues": { + "type": "Array" + }, "windowSize": { "type": "String" }, @@ -386,33 +384,33 @@ "enabled": { "type": "String" }, + "alertResourceGroupLocation": { + "type": "string" + }, "severity": { "type": "String" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { - "type": "string" - }, "threshold": { "type": "String" }, - "alertResourceGroupTags": { - "type": "object" - }, "timeAggregation": { "type": "String" }, - "failingPeriods": { - "type": "String" + "alertResourceGroupTags": { + "type": "object" }, - "operator": { + "failingPeriods": { "type": "String" }, "UAMIResourceId": { "type": "string" }, + "operator": { + "type": "String" + }, "evaluationPeriods": { "type": "String" }, @@ -430,9 +428,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -443,26 +441,25 @@ "enabled": { "value": "[parameters('enabled')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupLocation": { + "alertResourceGroupName": { "type": "string" }, "UAMIResourceId": { @@ -480,12 +477,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -495,15 +492,15 @@ "enabled": { "value": "[parameters('enabled')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "severity": { "value": "[parameters('severity')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "threshold": { "value": "[parameters('threshold')]" }, @@ -544,13 +541,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -571,9 +568,9 @@ "Microsoft.HybridCompute/machines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", "name": "[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": { "_deployed_by_amba": true }, @@ -587,7 +584,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "HybridVMOSDiskreadLatencyAlert", @@ -598,12 +596,14 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskspace_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskspace_alert.jsonc index 19b23af..4670fd7 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskspace_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskspace_alert.jsonc @@ -6,31 +6,62 @@ "description": "Policy to audit/deploy VM OSDiskSpace Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", + "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + ] }, "parameters": { - "effect": { + "evaluationFrequency": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "alertResourceGroupLocation": { + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -39,24 +70,30 @@ "defaultValue": "true", "type": "String" }, - "evaluationFrequency": { + "MonitorDisableTagName": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "true", + "false" ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -70,10 +107,20 @@ "defaultValue": "PT15M", "type": "String" }, + "alertResourceGroupTags": { + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "Project": "amba-monitoring" + }, + "type": "Object" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -85,38 +132,18 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, - "alertResourceGroupName": { + "UAMIResourceId": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "defaultValue": "", + "type": "string" }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "String" @@ -131,85 +158,66 @@ "defaultValue": "Count", "type": "String" }, - "alertResourceGroupTags": { + "failingPeriods": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, - "defaultValue": { - "Project": "amba-monitoring" - }, - "type": "Object" + "defaultValue": "1", + "type": "String" }, - "operator": { + "evaluationPeriods": { "metadata": { - "displayName": "Operator" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", + "defaultValue": "1", "type": "String" }, - "MonitorDisableTagValues": { + "effect": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "deployIfNotExists", + "disabled" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "deployIfNotExists", "type": "String" }, - "failingPeriods": { + "computersToInclude": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" }, - "defaultValue": "1", - "type": "String" + "defaultValue": [ + "*" + ], + "type": "array" }, - "evaluationPeriods": { + "operator": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Operator" }, - "defaultValue": "1", + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -217,22 +225,14 @@ ], "defaultValue": "true", "type": "String" - }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -247,52 +247,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-FreeSpacePercentage-OS-threshold-override_\", tostring(tags.[\"_amba-FreeSpacePercentage-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -303,47 +303,48 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" }, - "timeAggregation": { - "value": "[parameters('timeAggregation')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('MonitorDisableTagName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, - "operator": { - "value": "[parameters('operator')]" + "severity": { + "value": "[parameters('severity')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" }, - "MonitorDisableTagName": { - "value": "[parameters('MonitorDisableTagName')]" + "threshold": { + "value": "[parameters('threshold')]" + }, + "timeAggregation": { + "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" @@ -351,86 +352,86 @@ "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "operator": { + "value": "[parameters('operator')]" + }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "String" - }, "evaluationFrequency": { "type": "String" }, - "windowSize": { - "type": "String" - }, - "severity": { - "type": "String" - }, - "autoMitigate": { - "type": "String" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "threshold": { + "MonitorDisableTagValues": { + "type": "Array" + }, + "autoMitigate": { "type": "String" }, - "timeAggregation": { + "MonitorDisableTagName": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, - "operator": { + "severity": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" + "UAMIResourceId": { + "type": "string" }, - "MonitorDisableTagName": { + "threshold": { "type": "String" }, - "failingPeriods": { + "timeAggregation": { "type": "String" }, - "evaluationPeriods": { + "failingPeriods": { "type": "String" }, - "autoResolveTime": { + "evaluationPeriods": { "type": "String" }, "computersToInclude": { "type": "array" }, - "autoResolve": { + "operator": { "type": "String" }, - "UAMIResourceId": { - "type": "string" + "autoResolveTime": { + "type": "String" + }, + "autoResolve": { + "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -439,117 +440,117 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, + "enabled": { + "type": "string" + }, "UAMIResourceId": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine OSDiskSpace", "displayName": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]", + "description": "Log Alert for Virtual Machine OSDiskSpace", "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "threshold": { - "value": "[parameters('threshold')]" - }, "MonitorDisableTagValues": { "value": "[parameters('MonitorDisableTagValues')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "MonitorDisableTagName": { "value": "[parameters('MonitorDisableTagName')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, - "autoResolveTime": { - "value": "[parameters('autoResolveTime')]" - }, "computersToInclude": { "value": "[parameters('computersToInclude')]" }, + "autoResolveTime": { + "value": "[parameters('autoResolveTime')]" + }, "autoResolve": { "value": "[parameters('autoResolve')]" - }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" } }, - "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": 0, "timeAggregation": "[parameters('timeAggregation')]", - "operator": "[parameters('operator')]", "failingPeriods": { "numberOfEvaluationPeriods": "[parameters('evaluationPeriods')]", "minFailingPeriodsToAlert": "[parameters('failingPeriods')]" }, + "operator": "[parameters('operator')]", "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -570,8 +571,8 @@ "Microsoft.HybridCompute/machines" ] }, - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2022-08-01-preview", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]", "tags": { "_deployed_by_amba": true @@ -584,9 +585,9 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "HybridVMOSDiskSpaceAlert", @@ -595,15 +596,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "resourceGroupName": "[parameters('alertResourceGroupName')]", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskwritelatency_alert.jsonc b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskwritelatency_alert.jsonc index 7dc907b..894b23e 100644 --- a/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskwritelatency_alert.jsonc +++ b/Definitions/policyDefinitions/Hybrid Compute/deploy_hybrid_vm_osdiskwritelatency_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VM OSDiskwriteLatency Alert", "mode": "All", "metadata": { - "category": "Hybrid Compute", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.2.0", + "category": "Hybrid Compute", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT5M", @@ -41,10 +29,22 @@ "defaultValue": "PT5M", "type": "String" }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -56,24 +56,24 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "alertResourceGroupLocation": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, "defaultValue": "centralus", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT5M", @@ -87,18 +87,30 @@ "defaultValue": "PT15M", "type": "String" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "alertResourceGroupName": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" }, "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -109,8 +121,8 @@ }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,36 +134,32 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" }, + "UAMIResourceId": { + "metadata": { + "displayName": "User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity." + }, + "defaultValue": "", + "type": "string" + }, "timeAggregation": { "metadata": { "displayName": "TimeAggregation" @@ -164,32 +172,24 @@ }, "failingPeriods": { "metadata": { - "description": "Number of failing periods before alert is fired", - "displayName": "Failing Periods" + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" }, "defaultValue": "1", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { - "description": "The number of aggregated lookback points.", - "displayName": "Evaluation Periods" + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." }, "defaultValue": "1", "type": "String" }, "autoResolveTime": { "metadata": { - "description": "Auto Resolve time for the alert in ISO 8601 format", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" }, "defaultValue": "true", "type": "String" @@ -204,20 +204,10 @@ "defaultValue": "GreaterThan", "type": "String" }, - "computersToInclude": { - "metadata": { - "description": "Array of Computer to be monitored", - "displayName": "Computers to be included to be monitored" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, "autoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "Auto Resolve" + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" }, "allowedValues": [ "true", @@ -225,14 +215,24 @@ ], "defaultValue": "true", "type": "String" + }, + "computersToInclude": { + "metadata": { + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" + }, + "defaultValue": [ + "*" + ], + "type": "array" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.HybridCompute/machines" + "equals": "Microsoft.HybridCompute/machines", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -244,56 +244,55 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/scheduledQueryRules", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/displayName", - "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]" + "equals": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]", + "field": "Microsoft.Insights/scheduledQueryRules/displayName" }, { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[subscription().id]" + "equals": "[subscription().id]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]" + "equals": "[format('let policyThresholdString = \"{2}\"; let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.HybridCompute/machines\" | project _ResourceId = id, tags | where parse_json(tostring(tags.{0})) in~ (\"{1}\")); let overridenResource = (arg(\"\").resources | where type == \"microsoft.hybridcompute/machines\" | project _ResourceId = tolower(id), tags | where tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\"); InsightsMetrics | where _ResourceId has \"Microsoft.HybridCompute/machines\" | where _ResourceId !in~ (excludedResources) | where Origin == \"vm.azm.ms\" | where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\" | extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"]) | where Disk in (\"C:\",\"/\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains \"_amba-WriteLatencyMs-OS-threshold-override_\", tostring(tags.[\"_amba-WriteLatencyMs-OS-threshold-override_\"]), policyThresholdString) | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'), parameters('threshold'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -322,6 +321,9 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, @@ -331,24 +333,21 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, + "UAMIResourceId": { + "value": "[parameters('UAMIResourceId')]" + }, "timeAggregation": { "value": "[parameters('timeAggregation')]" }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "UAMIResourceId": { - "value": "[parameters('UAMIResourceId')]" - }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, @@ -358,14 +357,13 @@ "operator": { "value": "[parameters('operator')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" } }, - "mode": "incremental", "template": { "parameters": { "evaluationFrequency": { @@ -383,6 +381,9 @@ "windowSize": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "alertResourceGroupName": { "type": "string" }, @@ -392,24 +393,21 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, "alertResourceGroupTags": { "type": "object" }, + "UAMIResourceId": { + "type": "string" + }, "timeAggregation": { "type": "String" }, "failingPeriods": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" }, @@ -419,20 +417,21 @@ "operator": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "autoResolve": { "type": "String" + }, + "computersToInclude": { + "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -453,7 +452,6 @@ "value": "[parameters('UAMIResourceId')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -470,12 +468,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", "properties": { - "description": "Log Alert for Virtual Machine OSDiskwriteLatency", "displayName": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]", + "description": "Log Alert for Virtual Machine OSDiskwriteLatency", "parameters": { "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" @@ -492,6 +491,9 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, @@ -501,36 +503,33 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, - "failingPeriods": { - "value": "[parameters('failingPeriods')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "failingPeriods": { + "value": "[parameters('failingPeriods')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" }, "autoResolveTime": { "value": "[parameters('autoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('computersToInclude')]" - }, "autoResolve": { "value": "[parameters('autoResolve')]" + }, + "computersToInclude": { + "value": "[parameters('computersToInclude')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { @@ -544,13 +543,13 @@ "resourceIdColumn": "_ResourceId", "dimensions": [ { - "name": "Computer", "operator": "Include", + "name": "Computer", "values": "[parameters('computersToInclude')]" }, { - "name": "Disk", "operator": "Include", + "name": "Disk", "values": [ "*" ] @@ -571,9 +570,9 @@ "Microsoft.HybridCompute/machines" ] }, + "apiVersion": "2022-08-01-preview", "location": "[parameters('alertResourceGroupLocation')]", "name": "[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]", - "apiVersion": "2022-08-01-preview", "tags": { "_deployed_by_amba": true }, @@ -585,23 +584,24 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "HybridVMOSDiskwriteLatencyAlert", "apiVersion": "2019-10-01", + "name": "HybridVMOSDiskwriteLatencyAlert", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('alertResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_activitylog_keyvault_delete.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_activitylog_keyvault_delete.jsonc index 06f2983..818a8c3 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_activitylog_keyvault_delete.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_activitylog_keyvault_delete.jsonc @@ -6,31 +6,35 @@ "description": "Policy to Deploy Activity Log Key Vault Delete Alert", "mode": "All", "metadata": { - "category": "Key Vault", "_deployed_by_amba": "True", "version": "1.1.0", + "category": "Key Vault", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -42,16 +46,16 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -60,39 +64,35 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "_deployed_by_amba": true }, "type": "Object" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.KeyVault/vaults/delete" + "equals": "Microsoft.KeyVault/vaults/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -154,29 +154,28 @@ "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "alertResourceGroupTags": { @@ -184,11 +183,12 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -197,24 +197,24 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -232,12 +232,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.KeyVault/vaults/delete" + "equals": "Microsoft.KeyVault/vaults/delete", + "field": "operationName" }, { "field": "status", @@ -248,17 +248,17 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", + "location": "global", "name": "ActivityKeyVaultDelete", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityKeyVaultDelete", @@ -267,14 +267,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_activitylog_managedhsms_delete.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_activitylog_managedhsms_delete.jsonc index ad63c0e..a870a24 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_activitylog_managedhsms_delete.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_activitylog_managedhsms_delete.jsonc @@ -6,37 +6,21 @@ "description": "Policy to Deploy Activity Log Managed HSMs Delete Alert", "mode": "All", "metadata": { - "category": "Key Vault", - "version": "1.0.0", + "_deployed_by_amba": "True", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + "version": "1.0.0", + "category": "Key Vault", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, - "enabled": { + "alertResourceGroupName": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "alertResourceGroupLocation": { @@ -47,24 +31,18 @@ "defaultValue": "centralus", "type": "String" }, - "alertResourceGroupName": { + "enabled": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Alert state for the alert", + "displayName": "Alert State" }, - "defaultValue": "rg-amba-monitoring-001", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, - "alertResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "_deployed_by_amba": true - }, - "type": "Object" - }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -78,6 +56,18 @@ ], "type": "Array" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -85,14 +75,24 @@ }, "defaultValue": "MonitorDisable", "type": "String" + }, + "alertResourceGroupTags": { + "metadata": { + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" + }, + "defaultValue": { + "_deployed_by_amba": true + }, + "type": "Object" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/managedHSMs" + "equals": "microsoft.keyvault/managedHSMs", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -104,11 +104,13 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", + "name": "ActivityManagedHSMDelete", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +121,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.KeyVault/ManagedHSMs/delete" + "equals": "Microsoft.KeyVault/ManagedHSMs/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -149,18 +151,17 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "name": "ActivityManagedHSMDelete", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" @@ -169,13 +170,13 @@ "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" }, "alertResourceGroupTags": { @@ -183,6 +184,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", @@ -196,24 +198,25 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -225,18 +228,15 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.KeyVault/managedHSMs/delete" + "equals": "Microsoft.KeyVault/managedHSMs/delete", + "field": "operationName" }, { "field": "status", @@ -245,7 +245,10 @@ ] } ] - } + }, + "scopes": [ + "[subscription().id]" + ] }, "location": "global", "apiVersion": "2020-10-01", @@ -255,7 +258,6 @@ } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, @@ -266,15 +268,13 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "resourceGroupName": "[parameters('alertResourceGroupName')]", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_availability_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_availability_alert.jsonc index c5161dc..04e0276 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_availability_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_availability_alert.jsonc @@ -6,13 +6,13 @@ "description": "Policy to audit/deploy KeyVault Availability Alert", "mode": "All", "metadata": { - "category": "Key Vault", "version": "1.2.0", + "category": "Key Vault", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { "effect": { @@ -42,25 +42,16 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +72,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +87,18 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "threshold": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -120,12 +107,25 @@ "defaultValue": "true", "type": "String" }, - "threshold": { + "MonitorDisableTagValues": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": "90", + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "Availability" + "equals": "Availability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,21 +206,21 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -238,19 +238,19 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "enabled": { "type": "String" }, "resourceName": { @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,37 +272,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "Availability", - "operator": "LessThan", "metricNamespace": "microsoft.keyvault/vaults", "criterionType": "StaticThresholdCriterion", - "metricName": "Availability" + "metricName": "Availability", + "name": "Availability", + "operator": "LessThan" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,15 +311,14 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-Availability')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-Availability')]", + "location": "global", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_capacity_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_capacity_alert.jsonc index e0f54c1..e20e309 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_capacity_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_capacity_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy KeyVault Capacity Alert", "mode": "All", "metadata": { - "category": "Key Vault", "version": "1.2.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Key Vault" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +60,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +75,10 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -120,6 +87,31 @@ "defaultValue": "true", "type": "String" }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +119,22 @@ }, "defaultValue": "75", "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "SaturationShoebox" + "equals": "SaturationShoebox", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-SaturationShoebox-threshold-Override_'), field('tags._amba-SaturationShoebox-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-SaturationShoebox-threshold-Override_'), field('tags._amba-SaturationShoebox-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,17 +206,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-SaturationShoebox-threshold-Override_'), field('tags._amba-SaturationShoebox-threshold-Override_'), parameters('threshold'))]" @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,16 +237,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { @@ -262,6 +261,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,36 +271,36 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "SaturationShoebox", - "operator": "GreaterThan", "metricNamespace": "microsoft.keyvault/vaults", + "operator": "GreaterThan", "criterionType": "StaticThresholdCriterion", + "name": "SaturationShoebox", "metricName": "SaturationShoebox" } ], @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-CapacityAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_latency_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_latency_alert.jsonc index 0478b6d..e480a9c 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_latency_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_latency_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy KeyVault Latency Alert", "mode": "All", "metadata": { - "category": "Key Vault", "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Key Vault", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,8 +45,8 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -67,36 +55,18 @@ "defaultValue": "true", "type": "String" }, - "windowSize": { - "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "String" - }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -105,10 +75,28 @@ "defaultValue": "true", "type": "String" }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,19 +110,31 @@ }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "1000", "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ServiceApiLatency" + "equals": "ServiceApiLatency", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -209,12 +209,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -225,13 +225,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -241,10 +240,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -255,13 +254,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -274,12 +274,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -289,16 +289,16 @@ }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "ServiceApiLatency", "timeAggregation": "Average", "operator": "GreaterThan", + "name": "ServiceApiLatency", "metricNamespace": "microsoft.keyvault/vaults", "criterionType": "StaticThresholdCriterion", "metricName": "ServiceApiLatency" @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-LatencyAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_requests_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_requests_alert.jsonc index c8b977c..c2b6af6 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_keyvault_requests_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_keyvault_requests_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy KeyVault Requests Alert", "mode": "All", "metadata": { - "category": "Key Vault", "version": "1.3.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Key Vault" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +60,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +75,10 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -119,14 +86,47 @@ ], "defaultValue": "true", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.keyvault/vaults" + "equals": "microsoft.keyvault/vaults", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ServiceApiResult" + "equals": "ServiceApiResult", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/vaults/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -206,23 +206,22 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -235,16 +234,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "resourceName": { @@ -256,6 +255,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -265,38 +265,38 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "timeAggregation": "Average", + "metricNamespace": "microsoft.keyvault/vaults", + "operator": "GreaterThan", + "criterionType": "DynamicThresholdCriterion", "name": "ServiceApiResult", + "alertSensitivity": "Medium", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, - "operator": "GreaterThan", - "metricNamespace": "microsoft.keyvault/vaults", - "criterionType": "DynamicThresholdCriterion", - "metricName": "ServiceApiResult", - "alertSensitivity": "Medium" + "metricName": "ServiceApiResult" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-RequestsAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_availability_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_availability_alert.jsonc index 7c90699..42d5fcd 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_availability_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_availability_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Managed HSMs Availability Alert", "mode": "All", "metadata": { - "category": "Key Vault", "version": "1.0.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Key Vault" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +60,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +75,10 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -120,6 +87,31 @@ "defaultValue": "true", "type": "String" }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +119,22 @@ }, "defaultValue": "90", "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/managedHSMs" + "equals": "microsoft.keyvault/managedHSMs", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.KeyVault/ManagedHSMs" + "equals": "Microsoft.KeyVault/ManagedHSMs", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "Availability" + "equals": "Availability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,17 +206,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,16 +237,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { @@ -262,6 +261,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,36 +271,36 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "Availability", - "operator": "LessThan", "metricNamespace": "microsoft.keyvault/managedHSMs", + "operator": "LessThan", "criterionType": "StaticThresholdCriterion", + "name": "Availability", "metricName": "Availability" } ], @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-Availability')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_latency_alert.jsonc b/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_latency_alert.jsonc index f363c5a..d3774e4 100644 --- a/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_latency_alert.jsonc +++ b/Definitions/policyDefinitions/Key Vault/deploy_managedhsms_latency_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy Managed HSMs Latency Alert", "mode": "All", "metadata": { - "category": "Key Vault", - "version": "1.1.0", "_deployed_by_amba": "True", + "version": "1.1.0", + "category": "Key Vault", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -55,18 +43,42 @@ ], "type": "Array" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -81,22 +93,10 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -108,24 +108,24 @@ "defaultValue": "3", "type": "String" }, - "autoMitigate": { + "threshold": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "1000", "type": "String" }, - "threshold": { + "effect": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Effect", + "description": "Effect of the policy" }, - "defaultValue": "1000", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.keyvault/managedHSMs" + "equals": "microsoft.keyvault/managedHSMs", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.KeyVault/managedHSMs" + "equals": "Microsoft.KeyVault/managedHSMs", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ServiceApiLatency" + "equals": "ServiceApiLatency", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.keyvault/managedHSMs', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,18 +206,18 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ServiceApiLatency-threshold-Override_'), field('tags._amba-ServiceApiLatency-threshold-Override_'), parameters('threshold'))]" }, @@ -225,29 +225,28 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, "enabled": { "type": "String" }, - "severity": { + "windowSize": { "type": "String" }, - "autoMitigate": { + "severity": { "type": "String" }, "threshold": { @@ -255,13 +254,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,34 +271,34 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "ServiceApiLatency", "operator": "GreaterThan", + "name": "ServiceApiLatency", "metricNamespace": "Microsoft.KeyVault/managedHSMs", "criterionType": "StaticThresholdCriterion", "metricName": "ServiceApiLatency" @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-LatencyAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_delete.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_delete.jsonc index da29eb7..f4de616 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_delete.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_delete.jsonc @@ -6,25 +6,34 @@ "description": "Policy to Deploy Activity Log LA Workspace Delete Alert", "mode": "All", "metadata": { - "category": "Monitoring", + "_deployed_by_amba": "True", "version": "1.1.0", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { + "MonitorDisableTagValues": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "deployIfNotExists", + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { @@ -55,6 +64,18 @@ "defaultValue": "rg-amba-monitoring-001", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "alertResourceGroupTags": { "metadata": { "description": "Tags on the Resource group the alert is placed in", @@ -64,35 +85,14 @@ "_deployed_by_amba": true }, "type": "Object" - }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.OperationalInsights/workspaces" + "equals": "Microsoft.OperationalInsights/workspaces", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.OperationalInsights/workspaces/delete" + "equals": "Microsoft.OperationalInsights/workspaces/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -166,7 +166,6 @@ "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { "enabled": { @@ -186,9 +185,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -203,7 +202,6 @@ "value": "[parameters('alertResourceGroupName')]" } }, - "mode": "Incremental", "template": { "parameters": { "enabled": { @@ -231,12 +229,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.OperationalInsights/workspaces/delete" + "equals": "Microsoft.OperationalInsights/workspaces/delete", + "field": "operationName" }, { "field": "status", @@ -247,9 +245,9 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", "name": "ActivityLAWorkspaceDelete", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -257,7 +255,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityLAWorkspaceDelete", @@ -268,13 +267,14 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", "resourceGroupName": "[parameters('alertResourceGroupName')]", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_keyregen.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_keyregen.jsonc index 022af41..74f42db 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_keyregen.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_laworkspace_keyregen.jsonc @@ -6,25 +6,29 @@ "description": "Policy to Deploy Activity Log LA Workspace Regenerate Key Alert", "mode": "All", "metadata": { - "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "version": "1.1.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Monitoring" }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { @@ -48,21 +52,15 @@ "defaultValue": "MonitorDisable", "type": "String" }, - "alertResourceGroupLocation": { + "alertResourceGroupTags": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Tags on the Resource group the alert is placed in", + "displayName": "Resource Group Tags" }, - "defaultValue": "centralus", - "type": "String" - }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "defaultValue": { + "Project": "amba-monitoring" }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" + "type": "Object" }, "enabled": { "metadata": { @@ -76,23 +74,25 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupTags": { + "effect": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "Project": "amba-monitoring" + "description": "Effect of the policy", + "displayName": "Effect" }, - "type": "Object" + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.OperationalInsights/workspaces" + "equals": "Microsoft.OperationalInsights/workspaces", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -105,12 +105,11 @@ "details": { "type": "Microsoft.Insights/activityLogAlerts", "resourceGroupName": "[parameters('alertResourceGroupName')]", - "name": "ActivityLAWorkspaceRegenKey", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -121,24 +120,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action" + "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -151,6 +150,7 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "name": "ActivityLAWorkspaceRegenKey", "deployment": { "properties": { "parameters": { @@ -160,14 +160,13 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "incremental", "template": { "parameters": { "alertResourceGroupLocation": { @@ -176,20 +175,20 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { - "type": "string" - }, "alertResourceGroupTags": { "type": "object" + }, + "enabled": { + "type": "string" } }, "contentVersion": "1.0.0.0", "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -204,7 +203,6 @@ "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { "alertResourceGroupName": { @@ -232,12 +230,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action" + "equals": "Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action", + "field": "operationName" }, { "field": "status", @@ -248,9 +246,9 @@ ] } }, + "apiVersion": "2020-10-01", "location": "global", "name": "ActivityLAWorkspaceRegenKey", - "apiVersion": "2020-10-01", "tags": { "_deployed_by_amba": true } @@ -258,10 +256,11 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "ActivityLAWorkspaceRegenKey", "apiVersion": "2019-10-01", + "name": "ActivityLAWorkspaceRegenKey", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -269,7 +268,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_resourcehealth_unhealthy_alert.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_resourcehealth_unhealthy_alert.jsonc index 3027b2e..131611b 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_resourcehealth_unhealthy_alert.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_resourcehealth_unhealthy_alert.jsonc @@ -6,15 +6,23 @@ "description": "Policy to Deploy Resource Health Unhealthy Alert", "mode": "All", "metadata": { + "version": "1.2.0", "category": "Monitoring", "_deployed_by_amba": "True", - "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "effect": { "metadata": { "description": "Effect of the policy", @@ -27,26 +35,21 @@ "defaultValue": "disabled", "type": "String" }, - "MonitorDisableTagValues": { + "alertResourceGroupLocation": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" + "defaultValue": "centralus", + "type": "String" }, - "MonitorDisableTagName": { + "BYOActionGroup": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", + "displayName": "Customer defined Action Group Resource IDs" }, - "defaultValue": "MonitorDisable", - "type": "String" + "defaultValue": [], + "type": "array" }, "enabled": { "metadata": { @@ -60,22 +63,6 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { "description": "Tags on the Resource group the alert is placed in", @@ -86,21 +73,34 @@ }, "type": "Object" }, - "BYOActionGroup": { + "MonitorDisableTagValues": { "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": [], - "type": "array" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -112,11 +112,12 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "anyOf": [ @@ -165,12 +166,12 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ResourceHealth" + "equals": "ResourceHealth", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] } @@ -183,86 +184,102 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('alertResourceGroupTags')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('alertResourceGroupTags')]" } }, "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupTags": { - "type": "object" - }, "BYOActionGroup": { "type": "array" + }, + "enabled": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" } }, "contentVersion": "1.0.0.0", + "variables": { + "copy": [ + { + "name": "varActionGroupIds", + "mode": "serial", + "count": "[length(parameters('BYOActionGroup'))]", + "input": { + "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" + } + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { "resourceGroup": "[parameters('alertResourceGroupName')]", "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "BYOActionGroup": { "type": "array" + }, + "enabled": { + "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Resource Health Unhealthy Alert", "parameters": { @@ -271,36 +288,33 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ResourceHealth" + "equals": "ResourceHealth", + "field": "category" }, { "anyOf": [ { - "field": "properties.cause", - "equals": "PlatformInitiated" + "equals": "PlatformInitiated", + "field": "properties.cause" }, { - "field": "properties.cause", - "equals": "UserInitiated" + "equals": "UserInitiated", + "field": "properties.cause" } ] }, { "anyOf": [ { - "field": "properties.currentHealthStatus", - "equals": "Degraded" + "equals": "Degraded", + "field": "properties.currentHealthStatus" }, { - "field": "properties.currentHealthStatus", - "equals": "Unavailable" + "equals": "Unavailable", + "field": "properties.currentHealthStatus" } ] } @@ -313,18 +327,21 @@ "webhookProperties": {} } ] - } + }, + "scopes": [ + "[subscription().id]" + ] }, "location": "global", - "apiVersion": "2020-10-01", + "condition": "[empty(parameters('BYOActionGroup'))]", "name": "ResourceHealthUnhealthyAlert", "tags": { "_deployed_by_amba": true - }, - "condition": "[empty(parameters('BYOActionGroup'))]" + } }, { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Resource Health Unhealthy Alert", "parameters": { @@ -333,36 +350,33 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ResourceHealth" + "equals": "ResourceHealth", + "field": "category" }, { "anyOf": [ { - "field": "properties.cause", - "equals": "PlatformInitiated" + "equals": "PlatformInitiated", + "field": "properties.cause" }, { - "field": "properties.cause", - "equals": "UserInitiated" + "equals": "UserInitiated", + "field": "properties.cause" } ] }, { "anyOf": [ { - "field": "properties.currentHealthStatus", - "equals": "Degraded" + "equals": "Degraded", + "field": "properties.currentHealthStatus" }, { - "field": "properties.currentHealthStatus", - "equals": "Unavailable" + "equals": "Unavailable", + "field": "properties.currentHealthStatus" } ] } @@ -370,47 +384,33 @@ }, "actions": { "actionGroups": "[variables('varActionGroupIds')]" - } + }, + "scopes": [ + "[subscription().id]" + ] }, "location": "global", - "apiVersion": "2020-10-01", + "condition": "[not(empty(parameters('BYOActionGroup')))]", "name": "ResourceHealthUnhealthyAlert", "tags": { "_deployed_by_amba": true - }, - "condition": "[not(empty(parameters('BYOActionGroup')))]" + } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "apiVersion": "2019-10-01", "name": "ResourceHealtAlert", "dependsOn": [ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]" ] } ], - "variables": { - "copy": [ - { - "name": "varActionGroupIds", - "mode": "serial", - "count": "[length(parameters('BYOActionGroup'))]", - "input": { - "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" - } - } - ] - }, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" } }, "location": "australiaeast" - }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + } } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_healthadvisory.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_healthadvisory.jsonc index 4ef389a..2863de2 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_healthadvisory.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_healthadvisory.jsonc @@ -6,31 +6,35 @@ "description": "Policy to Deploy Service Health Advisory Alert", "mode": "All", "metadata": { - "category": "Monitoring", "_deployed_by_amba": "True", - "version": "1.3.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.3.0", + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -42,44 +46,28 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", - "type": "String" - }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", + "defaultValue": "disabled", "type": "String" }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "_deployed_by_amba": true @@ -88,16 +76,28 @@ }, "ALZMonitorActionGroupEmail": { "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" + "displayName": "Action Group Email Addresses", + "description": "Email addresses to send alerts to" }, "defaultValue": [], "type": "Array" }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "BYOActionGroup": { "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" + "displayName": "Customer defined Action Group Resource IDs", + "description": "The Resource IDs of existing Action Groups currently deployed in the environment." }, "defaultValue": [], "type": "array" @@ -107,8 +107,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -120,11 +120,12 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "anyOf": [ @@ -173,24 +174,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "properties.incidentType" + "equals": "properties.incidentType", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ActionRequired" + "equals": "ActionRequired", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] } @@ -203,47 +204,47 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { - "type": "string" - }, "alertResourceGroupTags": { "type": "object" }, "ALZMonitorActionGroupEmail": { "type": "Array" }, + "enabled": { + "type": "string" + }, "BYOActionGroup": { "type": "array" } @@ -252,41 +253,41 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { "resourceGroup": "[parameters('alertResourceGroupName')]", "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "ALZMonitorActionGroupEmail": { "type": "Array" }, + "enabled": { + "type": "string" + }, "BYOActionGroup": { "type": "array" } @@ -295,6 +296,7 @@ "resources": [ { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Service Health Advisory Alert", "parameters": { @@ -303,21 +305,21 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "ActionRequired" + "equals": "ActionRequired", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": [ { @@ -327,15 +329,15 @@ } }, "location": "Global", - "apiVersion": "2020-10-01", "name": "ServiceHealthAdvisoryEvent", + "condition": "[empty(parameters('BYOActionGroup'))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[empty(parameters('BYOActionGroup'))]" + } }, { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Service Health Advisory Alert", "parameters": { @@ -344,39 +346,38 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "ActionRequired" + "equals": "ActionRequired", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": "[variables('varActionGroupIds')]" } }, "location": "Global", - "apiVersion": "2020-10-01", "name": "ServiceHealthAdvisoryEvent", + "condition": "[not(empty(parameters('BYOActionGroup')))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[not(empty(parameters('BYOActionGroup')))]" + } } ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "apiVersion": "2019-10-01", "name": "ServiceHealthHealth", "dependsOn": [ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]" @@ -396,12 +397,11 @@ ] }, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" - }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + } } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_incident.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_incident.jsonc index e50bba1..2e11024 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_incident.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_incident.jsonc @@ -6,15 +6,23 @@ "description": "Policy to Deploy Service Health Incident Alert", "mode": "All", "metadata": { + "version": "1.3.0", "category": "Monitoring", "_deployed_by_amba": "True", - "version": "1.3.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "effect": { "metadata": { "description": "Effect of the policy", @@ -27,26 +35,21 @@ "defaultValue": "disabled", "type": "String" }, - "MonitorDisableTagValues": { + "alertResourceGroupLocation": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" + "defaultValue": "centralus", + "type": "String" }, - "MonitorDisableTagName": { + "BYOActionGroup": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", + "displayName": "Customer defined Action Group Resource IDs" }, - "defaultValue": "MonitorDisable", - "type": "String" + "defaultValue": [], + "type": "array" }, "enabled": { "metadata": { @@ -60,22 +63,6 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { "description": "Tags on the Resource group the alert is placed in", @@ -94,21 +81,34 @@ "defaultValue": [], "type": "Array" }, - "BYOActionGroup": { + "MonitorDisableTagValues": { "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": [], - "type": "array" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -120,11 +120,12 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "anyOf": [ @@ -173,24 +174,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "properties.incidentType" + "equals": "properties.incidentType", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Incident" + "equals": "Incident", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -203,98 +204,114 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourcegroup", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" } }, "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "alertResourceGroupLocation": { "type": "string" }, + "BYOActionGroup": { + "type": "array" + }, + "enabled": { + "type": "string" + }, "alertResourceGroupTags": { "type": "object" }, "ALZMonitorActionGroupEmail": { "type": "Array" - }, - "BYOActionGroup": { - "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": { + "copy": [ + { + "name": "varActionGroupIds", + "mode": "serial", + "count": "[length(parameters('BYOActionGroup'))]", + "input": { + "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" + } + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { "resourceGroup": "[parameters('alertResourceGroupName')]", "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" } }, "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "BYOActionGroup": { + "type": "array" + }, + "enabled": { "type": "string" }, "ALZMonitorActionGroupEmail": { "type": "Array" - }, - "BYOActionGroup": { - "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Service Health Incident Alert", "parameters": { @@ -303,18 +320,15 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Incident" + "equals": "Incident", + "field": "properties.incidentType" } ] }, @@ -324,18 +338,21 @@ "actionGroupId": "[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]" } ] - } + }, + "scopes": [ + "[subscription().id]" + ] }, "location": "global", - "apiVersion": "2020-10-01", + "condition": "[empty(parameters('BYOActionGroup'))]", "name": "ServiceHealthIncident", "tags": { "_deployed_by_amba": true - }, - "condition": "[empty(parameters('BYOActionGroup'))]" + } }, { "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", "properties": { "description": "Service Health Incident Alert", "parameters": { @@ -344,64 +361,47 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Incident" + "equals": "Incident", + "field": "properties.incidentType" } ] }, "actions": { "actionGroups": "[variables('varActionGroupIds')]" - } + }, + "scopes": [ + "[subscription().id]" + ] }, "location": "global", - "apiVersion": "2020-10-01", + "condition": "[not(empty(parameters('BYOActionGroup')))]", "name": "ServiceHealthIncident", "tags": { "_deployed_by_amba": true - }, - "condition": "[not(empty(parameters('BYOActionGroup')))]" + } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "apiVersion": "2019-10-01", "name": "ServiceHealthIncident", "dependsOn": [ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]" ] } ], - "variables": { - "copy": [ - { - "name": "varActionGroupIds", - "mode": "serial", - "count": "[length(parameters('BYOActionGroup'))]", - "input": { - "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" - } - } - ] - }, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" } }, "location": "australiaeast" - }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + } } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_maintenance.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_maintenance.jsonc index d10f060..c515651 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_maintenance.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_maintenance.jsonc @@ -6,48 +6,31 @@ "description": "Policy to Deploy Service Health Maintenance Alert", "mode": "All", "metadata": { - "category": "Monitoring", - "version": "1.3.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.3.0", + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { + "alertResourceGroupName": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "MonitorDisableTagValues": { + "ALZMonitorActionGroupEmail": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Email addresses to send alerts to", + "displayName": "Action Group Email Addresses" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], + "defaultValue": [], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "alertResourceGroupLocation": { "metadata": { "description": "Location of the Resource group the alert is placed in", @@ -56,14 +39,6 @@ "defaultValue": "centralus", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -76,6 +51,39 @@ "defaultValue": "true", "type": "String" }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "alertResourceGroupTags": { "metadata": { "description": "Tags on the Resource group the alert is placed in", @@ -86,14 +94,6 @@ }, "type": "Object" }, - "ALZMonitorActionGroupEmail": { - "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" - }, - "defaultValue": [], - "type": "Array" - }, "BYOActionGroup": { "metadata": { "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", @@ -107,8 +107,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -124,8 +124,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "anyOf": [ @@ -174,24 +174,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "properties.incidentType" + "equals": "properties.incidentType", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Maintenance" + "equals": "Maintenance", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -207,21 +207,21 @@ "deployment": { "properties": { "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" + }, "enabled": { "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -229,10 +229,13 @@ "mode": "incremental", "template": { "parameters": { - "alertResourceGroupLocation": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "ALZMonitorActionGroupEmail": { + "type": "Array" + }, + "alertResourceGroupLocation": { "type": "string" }, "enabled": { @@ -241,20 +244,29 @@ "alertResourceGroupTags": { "type": "object" }, - "ALZMonitorActionGroupEmail": { - "type": "Array" - }, "BYOActionGroup": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": { + "copy": [ + { + "name": "varActionGroupIds", + "mode": "serial", + "count": "[length(parameters('BYOActionGroup'))]", + "input": { + "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" + } + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", "location": "[parameters('alertResourceGroupLocation')]", - "name": "[parameters('alertResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -265,12 +277,12 @@ "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -281,17 +293,18 @@ "alertResourceGroupName": { "type": "string" }, - "enabled": { - "type": "string" - }, "ALZMonitorActionGroupEmail": { "type": "Array" }, + "enabled": { + "type": "string" + }, "BYOActionGroup": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -303,21 +316,21 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Maintenance" + "equals": "Maintenance", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": [ { @@ -327,12 +340,12 @@ } }, "location": "global", - "name": "ServiceHealthPlannedMaintenance", "apiVersion": "2020-10-01", + "name": "ServiceHealthPlannedMaintenance", + "condition": "[empty(parameters('BYOActionGroup'))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[empty(parameters('BYOActionGroup'))]" + } }, { "type": "microsoft.insights/activityLogAlerts", @@ -344,57 +357,44 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Maintenance" + "equals": "Maintenance", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": "[variables('varActionGroupIds')]" } }, "location": "global", - "name": "ServiceHealthPlannedMaintenance", "apiVersion": "2020-10-01", + "name": "ServiceHealthPlannedMaintenance", + "condition": "[not(empty(parameters('BYOActionGroup')))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[not(empty(parameters('BYOActionGroup')))]" + } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "name": "ServiceHealthMaintenance", "apiVersion": "2019-10-01", + "name": "ServiceHealthMaintenance", "dependsOn": [ "[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]" ] } ], - "variables": { - "copy": [ - { - "name": "varActionGroupIds", - "mode": "serial", - "count": "[length(parameters('BYOActionGroup'))]", - "input": { - "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" - } - } - ] - }, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" } }, diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_securityadvisory.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_securityadvisory.jsonc index 3d8834b..e5d5f4a 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_securityadvisory.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_servicehealth_securityadvisory.jsonc @@ -6,46 +6,37 @@ "description": "Policy to Deploy Service Health Security Advisory Alert", "mode": "All", "metadata": { - "category": "Monitoring", "_deployed_by_amba": "True", - "version": "1.3.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.3.0", + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { + "alertResourceGroupName": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "MonitorDisableTagValues": { + "ALZMonitorActionGroupEmail": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Email addresses to send alerts to", + "displayName": "Action Group Email Addresses" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], + "defaultValue": [], "type": "Array" }, - "MonitorDisableTagName": { + "alertResourceGroupLocation": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" }, - "defaultValue": "MonitorDisable", + "defaultValue": "centralus", "type": "String" }, "enabled": { @@ -60,20 +51,37 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { + "MonitorDisableTagValues": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": "rg-amba-monitoring-001", + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", "type": "String" }, - "alertResourceGroupLocation": { + "MonitorDisableTagName": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "centralus", + "defaultValue": "MonitorDisable", "type": "String" }, "alertResourceGroupTags": { @@ -86,14 +94,6 @@ }, "type": "Object" }, - "ALZMonitorActionGroupEmail": { - "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" - }, - "defaultValue": [], - "type": "Array" - }, "BYOActionGroup": { "metadata": { "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", @@ -107,8 +107,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -120,11 +120,12 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", + "resourceGroupName": "[parameters('alertResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "anyOf": [ @@ -173,24 +174,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "properties.incidentType" + "equals": "properties.incidentType", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Security" + "equals": "Security", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -203,25 +204,24 @@ "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -229,26 +229,38 @@ "mode": "incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, + "ALZMonitorActionGroupEmail": { + "type": "Array" + }, "alertResourceGroupLocation": { "type": "string" }, + "enabled": { + "type": "string" + }, "alertResourceGroupTags": { "type": "object" }, - "ALZMonitorActionGroupEmail": { - "type": "Array" - }, "BYOActionGroup": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": { + "copy": [ + { + "name": "varActionGroupIds", + "mode": "serial", + "count": "[length(parameters('BYOActionGroup'))]", + "input": { + "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" + } + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", @@ -262,15 +274,15 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -278,20 +290,21 @@ "mode": "Incremental", "template": { "parameters": { - "enabled": { - "type": "string" - }, "alertResourceGroupName": { "type": "string" }, "ALZMonitorActionGroupEmail": { "type": "Array" }, + "enabled": { + "type": "string" + }, "BYOActionGroup": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -303,21 +316,21 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Security" + "equals": "Security", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": [ { @@ -329,10 +342,10 @@ "location": "global", "apiVersion": "2020-10-01", "name": "ServiceHealthSecurityIncident", + "condition": "[empty(parameters('BYOActionGroup'))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[empty(parameters('BYOActionGroup'))]" + } }, { "type": "microsoft.insights/activityLogAlerts", @@ -344,21 +357,21 @@ } }, "enabled": "[parameters('enabled')]", - "scopes": [ - "[subscription().id]" - ], "condition": { "allOf": [ { - "field": "category", - "equals": "ServiceHealth" + "equals": "ServiceHealth", + "field": "category" }, { - "field": "properties.incidentType", - "equals": "Security" + "equals": "Security", + "field": "properties.incidentType" } ] }, + "scopes": [ + "[subscription().id]" + ], "actions": { "actionGroups": "[variables('varActionGroupIds')]" } @@ -366,13 +379,12 @@ "location": "global", "apiVersion": "2020-10-01", "name": "ServiceHealthSecurityIncident", + "condition": "[not(empty(parameters('BYOActionGroup')))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[not(empty(parameters('BYOActionGroup')))]" + } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, @@ -383,25 +395,13 @@ ] } ], - "variables": { - "copy": [ - { - "name": "varActionGroupIds", - "mode": "serial", - "count": "[length(parameters('BYOActionGroup'))]", - "input": { - "actionGroupId": "[trim(parameters('BYOActionGroup')[copyIndex('varActionGroupIds')])]" - } - } - ] - }, "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" } }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_storageaccount_delete.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_storageaccount_delete.jsonc index 7140d04..7ba7461 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_activitylog_storageaccount_delete.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_activitylog_storageaccount_delete.jsonc @@ -6,13 +6,13 @@ "description": "Policy to Deploy Activity Log Storage Account Delete Alert", "mode": "All", "metadata": { - "category": "Monitoring", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", + "category": "Monitoring", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { "effect": { @@ -27,6 +27,18 @@ "defaultValue": "deployIfNotExists", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -40,6 +52,14 @@ ], "type": "Array" }, + "alertResourceGroupName": { + "metadata": { + "description": "Resource group the alert is placed in", + "displayName": "Resource Group Name" + }, + "defaultValue": "rg-amba-monitoring-001", + "type": "String" + }, "MonitorDisableTagName": { "metadata": { "description": "Tag name to disable monitoring on resource. Set to true if monitoring should be disabled", @@ -56,26 +76,6 @@ "defaultValue": "centralus", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { "description": "Tags on the Resource group the alert is placed in", @@ -104,8 +104,9 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/activityLogAlerts", - "resourceGroupName": "[parameters('alertResourceGroupName')]", - "name": "Activity Log Storage Account Delete", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], "existenceCondition": { "allOf": [ { @@ -148,20 +149,18 @@ } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], + "name": "Activity Log Storage Account Delete", "deployment": { "properties": { "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" @@ -170,13 +169,13 @@ "mode": "incremental", "template": { "parameters": { - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupTags": { @@ -188,8 +187,8 @@ { "type": "Microsoft.Resources/resourceGroups", "location": "[parameters('alertResourceGroupLocation')]", - "name": "[parameters('alertResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -197,20 +196,20 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "enabled": { "value": "[parameters('enabled')]" + }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" } }, "mode": "Incremental", "template": { "parameters": { - "alertResourceGroupName": { + "enabled": { "type": "string" }, - "enabled": { + "alertResourceGroupName": { "type": "string" } }, @@ -249,8 +248,8 @@ } }, "location": "global", - "name": "Activity Log Storage Account Delete", "apiVersion": "2020-10-01", + "name": "Activity Log Storage Account Delete", "tags": { "_deployed_by_amba": true } @@ -260,8 +259,8 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "name": "ActivitySADelete", "apiVersion": "2019-10-01", + "name": "ActivitySADelete", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" ] @@ -273,8 +272,9 @@ }, "location": "australiaeast" }, - "deploymentScope": "subscription", - "existenceScope": "resourcegroup" + "existenceScope": "resourcegroup", + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription" } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_alertprocessing_rule.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_alertprocessing_rule.jsonc index fd4a1ee..d75e11b 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_alertprocessing_rule.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_alertprocessing_rule.jsonc @@ -6,15 +6,23 @@ "description": "Policy to deploy Action Group and Alert Processing Rule for all AMBA alerts", "mode": "All", "metadata": { - "category": "Monitoring", - "version": "1.3.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.4.0", + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "ALZMonitorActionGroupEmail": { + "metadata": { + "description": "Email addresses to send alerts to", + "displayName": "Action Group Email Addresses" + }, + "defaultValue": [], + "type": "Array" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -36,6 +44,14 @@ "defaultValue": "MonitorDisable", "type": "String" }, + "BYOActionGroup": { + "metadata": { + "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", + "displayName": "Customer defined Action Group Resource IDs" + }, + "defaultValue": [], + "type": "array" + }, "ALZMonitorResourceGroupName": { "metadata": { "description": "Resource group the alert is placed in", @@ -62,13 +78,13 @@ }, "type": "Object" }, - "ALZMonitorActionGroupEmail": { + "BYOAlertProcessingRule": { "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" + "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment", + "displayName": "Customer defined Alert Processing Rule Resource ID" }, - "defaultValue": [], - "type": "Array" + "defaultValue": "", + "type": "String" }, "ALZLogicappCallbackUrl": { "metadata": { @@ -78,14 +94,6 @@ "defaultValue": "", "type": "String" }, - "BYOAlertProcessingRule": { - "metadata": { - "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment", - "displayName": "Customer defined Alert Processing Rule Resource ID" - }, - "defaultValue": "", - "type": "String" - }, "ALZFunctionTriggerUrl": { "metadata": { "description": "URL that triggers the Function", @@ -118,14 +126,6 @@ "defaultValue": "", "type": "String" }, - "BYOActionGroup": { - "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" - }, - "defaultValue": [], - "type": "array" - }, "ALZWebhookServiceUri": { "metadata": { "description": "Indicates the service uri(s) of the webhook to send alerts to", @@ -147,8 +147,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -168,8 +168,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.AlertsManagement/actionRules/description", - "equals": "AMBA Notification Assets - Alert Processing Rule for Subscription" + "equals": "AMBA Notification Assets - Alert Processing Rule for Subscription", + "field": "Microsoft.AlertsManagement/actionRules/description" } ] }, @@ -179,6 +179,12 @@ "deployment": { "properties": { "parameters": { + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" + }, "ALZMonitorResourceGroupName": { "value": "[parameters('ALZMonitorResourceGroupName')]" }, @@ -188,15 +194,12 @@ "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" + "BYOAlertProcessingRule": { + "value": "[parameters('BYOAlertProcessingRule')]" }, "ALZLogicappCallbackUrl": { "value": "[parameters('ALZLogicappCallbackUrl')]" }, - "BYOAlertProcessingRule": { - "value": "[parameters('BYOAlertProcessingRule')]" - }, "ALZFunctionTriggerUrl": { "value": "[parameters('ALZFunctionTriggerUrl')]" }, @@ -209,9 +212,6 @@ "ALZFunctionResourceId": { "value": "[parameters('ALZFunctionResourceId')]" }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" - }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, @@ -222,6 +222,12 @@ "mode": "incremental", "template": { "parameters": { + "ALZMonitorActionGroupEmail": { + "type": "Array" + }, + "BYOActionGroup": { + "type": "array" + }, "ALZMonitorResourceGroupName": { "type": "string" }, @@ -231,13 +237,10 @@ "ALZMonitorResourceGroupTags": { "type": "object" }, - "ALZMonitorActionGroupEmail": { - "type": "Array" - }, - "ALZLogicappCallbackUrl": { + "BYOAlertProcessingRule": { "type": "String" }, - "BYOAlertProcessingRule": { + "ALZLogicappCallbackUrl": { "type": "String" }, "ALZFunctionTriggerUrl": { @@ -252,9 +255,6 @@ "ALZFunctionResourceId": { "type": "string" }, - "BYOActionGroup": { - "type": "array" - }, "ALZWebhookServiceUri": { "type": "Array" }, @@ -263,12 +263,87 @@ } }, "contentVersion": "1.0.0.0", + "variables": { + "copy": [ + { + "name": "varEmailReceivers", + "mode": "serial", + "count": "[length(parameters('ALZMonitorActionGroupEmail'))]", + "input": { + "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]", + "useCommonAlertSchema": true, + "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]" + } + }, + { + "name": "varArmRoleReceivers", + "mode": "serial", + "count": "[length(parameters('ALZArmRoleId'))]", + "input": { + "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]", + "useCommonAlertSchema": true, + "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]" + } + }, + { + "name": "varEventHubReceivers", + "mode": "serial", + "count": "[length(parameters('ALZEventHubResourceId'))]", + "input": { + "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]", + "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]", + "useCommonAlertSchema": true, + "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]", + "tenantId": "[subscription().tenantId]", + "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]" + } + }, + { + "name": "varWebhookReceivers", + "mode": "serial", + "count": "[length(parameters('ALZWebhookServiceUri'))]", + "input": { + "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]", + "useCommonAlertSchema": true, + "tenantId": "null()", + "identifierUri": "null()", + "objectId": "null()", + "useAadAuth": "false", + "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]" + } + }, + { + "name": "varAGIds", + "mode": "serial", + "count": "[length(parameters('BYOActionGroup'))]", + "input": "[trim(parameters('BYOActionGroup')[copyIndex('varAGIds')])]" + } + ], + "varBYOAlertProcessingRule": "[if(empty(parameters('BYOAlertProcessingRule')), null(), trim(parameters('BYOAlertProcessingRule')))]", + "varLogicAppReceivers": [ + { + "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]", + "name": "AlzLA-0", + "useCommonAlertSchema": true, + "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]" + } + ], + "varAzureFunctionReceivers": [ + { + "name": "AlzFa-0", + "useCommonAlertSchema": true, + "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]", + "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]", + "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]" + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", "location": "[parameters('ALZMonitorResourceGroupLocation')]", - "name": "[parameters('ALZMonitorResourceGroupName')]", "apiVersion": "2021-04-01", + "name": "[parameters('ALZMonitorResourceGroupName')]", "tags": "[parameters('ALZMonitorResourceGroupTags')]" }, { @@ -276,18 +351,21 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "ALZMonitorResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, - "ALZLogicappCallbackUrl": { - "value": "[parameters('ALZLogicappCallbackUrl')]" + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" + }, + "ALZMonitorResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "BYOAlertProcessingRule": { "value": "[parameters('BYOAlertProcessingRule')]" }, + "ALZLogicappCallbackUrl": { + "value": "[parameters('ALZLogicappCallbackUrl')]" + }, "ALZFunctionTriggerUrl": { "value": "[parameters('ALZFunctionTriggerUrl')]" }, @@ -300,9 +378,6 @@ "ALZFunctionResourceId": { "value": "[parameters('ALZFunctionResourceId')]" }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" - }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, @@ -313,18 +388,21 @@ "mode": "Incremental", "template": { "parameters": { - "ALZMonitorResourceGroupName": { - "type": "string" - }, "ALZMonitorActionGroupEmail": { "type": "Array" }, - "ALZLogicappCallbackUrl": { + "BYOActionGroup": { + "type": "array" + }, + "ALZMonitorResourceGroupName": { "type": "string" }, "BYOAlertProcessingRule": { "type": "string" }, + "ALZLogicappCallbackUrl": { + "type": "string" + }, "ALZFunctionTriggerUrl": { "type": "string" }, @@ -337,9 +415,6 @@ "ALZFunctionResourceId": { "type": "string" }, - "BYOActionGroup": { - "type": "array" - }, "ALZWebhookServiceUri": { "type": "Array" }, @@ -348,26 +423,27 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/actionGroups", "properties": { "enabled": true, - "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]", - "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]", + "groupShortName": "ActGrp", + "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]", + "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]", "logicAppReceivers": "[if(empty(parameters('ALZLogicappResourceId')), null(), variables('varLogicAppReceivers'))]", + "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]", "webhookReceivers": "[if(empty(parameters('ALZWebhookServiceUri')), null(), variables('varWebhookReceivers'))]", - "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]", - "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]", - "groupShortName": "ActGrp" + "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]" }, "location": "Global", - "name": "[concat('ag-AMBA-', subscription().displayName, '-001')]", "apiVersion": "2023-01-01", + "name": "[concat('ag-AMBA-', subscription().displayName, '-001')]", + "condition": "[and(empty(parameters('BYOActionGroup')), empty(parameters('BYOAlertProcessingRule')))]", "tags": { "_deployed_by_amba": true - }, - "condition": "[and(empty(parameters('BYOActionGroup')), empty(parameters('BYOAlertProcessingRule')))]" + } }, { "type": "Microsoft.AlertsManagement/actionRules", @@ -379,109 +455,33 @@ ], "actions": [ { - "actionType": "AddActionGroups", - "actiongroupIds": "[if(empty(parameters('BYOActionGroup')), array(concat(subscription().Id, '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-', subscription().displayName, '-001')), variables('varAGIds'))]" + "actiongroupIds": "[if(empty(parameters('BYOActionGroup')), array(concat(subscription().Id, '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-', subscription().displayName, '-001')), variables('varAGIds'))]", + "actionType": "AddActionGroups" } ] }, "location": "Global", - "name": "[concat('apr-AMBA-',subscription().displayName, '-001')]", "apiVersion": "2021-08-08", + "name": "[concat('apr-AMBA-',subscription().displayName, '-001')]", + "condition": "[empty(parameters('BYOAlertProcessingRule'))]", "tags": { "_deployed_by_amba": true }, "dependsOn": [ "[concat('ag-AMBA-', subscription().displayName, '-001')]" - ], - "condition": "[empty(parameters('BYOAlertProcessingRule'))]" + ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, - "name": "ActionGroupDeployment", "apiVersion": "2019-10-01", + "name": "ActionGroupDeployment", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]" ] } ], - "variables": { - "varAzureFunctionReceivers": [ - { - "name": "AlzFa-0", - "useCommonAlertSchema": true, - "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]", - "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]", - "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]" - } - ], - "varLogicAppReceivers": [ - { - "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]", - "name": "AlzLA-0", - "useCommonSchema": true, - "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]" - } - ], - "copy": [ - { - "name": "varEmailReceivers", - "mode": "serial", - "count": "[length(parameters('ALZMonitorActionGroupEmail'))]", - "input": { - "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]", - "useCommonSchema": true, - "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]" - } - }, - { - "name": "varArmRoleReceivers", - "mode": "serial", - "count": "[length(parameters('ALZArmRoleId'))]", - "input": { - "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]", - "useCommonSchema": true, - "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]" - } - }, - { - "name": "varEventHubReceivers", - "mode": "serial", - "count": "[length(parameters('ALZEventHubResourceId'))]", - "input": { - "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]", - "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]", - "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]", - "useCommonAlertSchema": true, - "tenantId": "[subscription().tenantId]", - "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]" - } - }, - { - "name": "varWebhookReceivers", - "mode": "serial", - "count": "[length(parameters('ALZWebhookServiceUri'))]", - "input": { - "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]", - "useCommonAlertSchema": true, - "tenantId": "null()", - "identifierUri": "null()", - "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]", - "useAadAuth": "false", - "objectId": "null()" - } - }, - { - "name": "varAGIds", - "mode": "serial", - "count": "[length(parameters('BYOActionGroup'))]", - "input": "[trim(parameters('BYOActionGroup')[copyIndex('varAGIds')])]" - } - ], - "varBYOAlertProcessingRule": "[if(empty(parameters('BYOAlertProcessingRule')), null(), trim(parameters('BYOAlertProcessingRule')))]" - }, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } }, diff --git a/Definitions/policyDefinitions/Monitoring/deploy_laworkspace_dailycaplimitreached_alert.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_laworkspace_dailycaplimitreached_alert.jsonc index 58d2547..47f13e1 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_laworkspace_dailycaplimitreached_alert.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_laworkspace_dailycaplimitreached_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert", "mode": "All", "metadata": { - "category": "Monitoring", "_deployed_by_amba": "True", "version": "1.0.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -49,6 +37,18 @@ "defaultValue": "PT1H", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -62,18 +62,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -150,6 +138,18 @@ "defaultValue": "Count", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "failingPeriods": { "metadata": { "description": "Number of failing periods before alert is fired", @@ -158,6 +158,14 @@ "defaultValue": "1", "type": "String" }, + "UAMIResourceId": { + "metadata": { + "description": "The resource Id of the user assigned managed identity.", + "displayName": "User Assigned managed Identity resource Id." + }, + "defaultValue": "", + "type": "string" + }, "operator": { "metadata": { "displayName": "Operator" @@ -169,14 +177,6 @@ "defaultValue": "GreaterThan", "type": "String" }, - "UAMIResourceId": { - "metadata": { - "description": "The resource Id of the user assigned managed identity.", - "displayName": "User Assigned managed Identity resource Id." - }, - "defaultValue": "", - "type": "string" - }, "evaluationPeriods": { "metadata": { "description": "The number of aggregated lookback points.", @@ -190,8 +190,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.OperationalInsights/workspaces" + "equals": "Microsoft.OperationalInsights/workspaces", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -206,52 +206,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]", + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]" }, { - "field": "Microsoft.Insights/scheduledQueryRules/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/scheduledQueryRules/enabled" }, { - "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency" }, { - "field": "Microsoft.Insights/scheduledQueryRules/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/scheduledQueryRules/windowSize" }, { - "field": "Microsoft.Insights/scheduledQueryRules/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/scheduledQueryRules/severity" }, { - "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", - "equals": "[parameters('threshold')]" + "equals": "[parameters('threshold')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", - "equals": "[parameters('operator')]" + "equals": "[parameters('operator')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", - "equals": "[parameters('timeAggregation')]" + "equals": "[parameters('timeAggregation')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", - "equals": "[parameters('evaluationPeriods')]" + "equals": "[parameters('evaluationPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", - "equals": "[parameters('failingPeriods')]" + "equals": "[parameters('failingPeriods')]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", - "equals": "[format('let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | where parse_json(tostring(tags.{0})) in~ (\"{1}\") | project customerId = tostring(properties.customerId)); let workspaceResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | project id, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where TenantId !in~ (excludedResources) | where OperationCategory == \"Data Collection Status\" | where Detail has_any(\"RespectQuota\", \"OverQuota\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \"OverQuota\" | join hint.remote=left kind=inner workspaceResources on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'))]" + "equals": "[format('let excludedResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | where parse_json(tostring(tags.{0})) in~ (\"{1}\") | project customerId = tostring(properties.customerId)); let workspaceResources = (arg(\"\").resources | where type =~ \"Microsoft.OperationalInsights/workspaces\" | project id, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where TenantId !in~ (excludedResources) | where OperationCategory == \"Data Collection Status\" | where Detail has_any(\"RespectQuota\", \"OverQuota\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \"OverQuota\" | join hint.remote=left kind=inner workspaceResources on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\",\"'))]", + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query" }, { "field": "identity.userAssignedIdentities", @@ -274,12 +274,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -298,23 +298,22 @@ "timeAggregation": { "value": "[parameters('timeAggregation')]" }, - "resourceName": { - "value": "[field('name')]" - }, "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "resourceName": { + "value": "[field('name')]" + }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceLocation": { @@ -334,12 +333,12 @@ "evaluationFrequency": { "type": "String" }, - "MonitorDisableTagValues": { - "type": "Array" - }, "autoMitigate": { "type": "String" }, + "MonitorDisableTagValues": { + "type": "Array" + }, "windowSize": { "type": "String" }, @@ -358,6 +357,12 @@ "timeAggregation": { "type": "String" }, + "failingPeriods": { + "type": "String" + }, + "UAMIResourceId": { + "type": "string" + }, "resourceName": { "metadata": { "description": "Name of the resource", @@ -365,15 +370,9 @@ }, "type": "String" }, - "failingPeriods": { - "type": "String" - }, "operator": { "type": "String" }, - "UAMIResourceId": { - "type": "string" - }, "evaluationPeriods": { "type": "String" } @@ -389,12 +388,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "MonitorDisableTagValues": { - "value": "[parameters('MonitorDisableTagValues')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "MonitorDisableTagValues": { + "value": "[parameters('MonitorDisableTagValues')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -416,12 +415,12 @@ "failingPeriods": { "value": "[parameters('failingPeriods')]" }, - "operator": { - "value": "[parameters('operator')]" - }, "UAMIResourceId": { "value": "[parameters('UAMIResourceId')]" }, + "operator": { + "value": "[parameters('operator')]" + }, "evaluationPeriods": { "value": "[parameters('evaluationPeriods')]" } @@ -444,8 +443,8 @@ "resourceIdColumn": "id", "dimensions": [ { - "name": "workspaceName", "operator": "Include", + "name": "workspaceName", "values": [ "*" ] @@ -459,9 +458,9 @@ "[parameters('resourceId')]" ] }, - "location": "[parameters('resourceLocation')]", "apiVersion": "2022-08-01-preview", "name": "[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]", + "location": "[parameters('resourceLocation')]", "tags": { "_deployed_by_amba": true }, @@ -475,7 +474,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Monitoring/deploy_servicehealth_actiongroups.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_servicehealth_actiongroups.jsonc index e68974e..b548b4e 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_servicehealth_actiongroups.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_servicehealth_actiongroups.jsonc @@ -6,9 +6,9 @@ "description": "Policy to deploy action group for Service Health alerts", "mode": "All", "metadata": { - "category": "Monitoring", - "version": "1.3.0", "_deployed_by_amba": "True", + "version": "1.4.0", + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" @@ -17,8 +17,8 @@ "parameters": { "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -30,114 +30,114 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "ALZMonitorResourceGroupName": { "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" }, "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "ALZMonitorResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, - "ALZMonitorResourceGroupTags": { - "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" - }, - "defaultValue": { - "_deployed_by_amba": true - }, - "type": "Object" - }, "ALZMonitorActionGroupEmail": { "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" + "displayName": "Action Group Email Addresses", + "description": "Email addresses to send alerts to" }, "defaultValue": [], "type": "Array" }, - "ALZLogicappCallbackUrl": { + "ALZMonitorResourceGroupLocation": { "metadata": { - "description": "Callback URL that triggers the Logic App", - "displayName": "Logic App Callback URL" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "defaultValue": "", + "defaultValue": "centralus", "type": "String" }, - "BYOAlertProcessingRule": { + "ALZLogicappCallbackUrl": { "metadata": { - "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment", - "displayName": "Customer defined Alert Processing Rule Resource ID" + "displayName": "Logic App Callback URL", + "description": "Callback URL that triggers the Logic App" }, "defaultValue": "", "type": "String" }, - "ALZFunctionTriggerUrl": { + "BYOAlertProcessingRule": { "metadata": { - "description": "URL that triggers the Function", - "displayName": "Function Trigger URL" + "displayName": "Customer defined Alert Processing Rule Resource ID", + "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment" }, "defaultValue": "", "type": "String" }, - "ALZLogicappResourceId": { + "ALZFunctionResourceId": { "metadata": { - "description": "Logic App Resource Id for Action Group to send alerts to", - "displayName": "Logic App Resource Id" + "displayName": "Function Resource Id", + "description": "Function Resource Id for Action Group to send alerts to" }, "defaultValue": "", "type": "String" }, "ALZEventHubResourceId": { "metadata": { - "description": "Event Hub resource Ids for action group to send alerts to", - "displayName": "Event Hub resource Ids" + "displayName": "Event Hub resource Ids", + "description": "Event Hub resource Ids for action group to send alerts to" }, "defaultValue": [], "type": "array" }, - "ALZFunctionResourceId": { + "ALZLogicappResourceId": { "metadata": { - "description": "Function Resource Id for Action Group to send alerts to", - "displayName": "Function Resource Id" + "displayName": "Logic App Resource Id", + "description": "Logic App Resource Id for Action Group to send alerts to" }, "defaultValue": "", "type": "String" }, - "BYOActionGroup": { + "ALZFunctionTriggerUrl": { "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" + "displayName": "Function Trigger URL", + "description": "URL that triggers the Function" }, - "defaultValue": [], - "type": "array" + "defaultValue": "", + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "_deployed_by_amba": true + }, + "type": "Object" }, "ALZWebhookServiceUri": { "metadata": { - "description": "Indicates the service uri(s) of the webhook to send alerts to", - "displayName": "Webhook Service Uri(s)" + "displayName": "Webhook Service Uri(s)", + "description": "Indicates the service uri(s) of the webhook to send alerts to" }, "defaultValue": [], "type": "Array" }, + "BYOActionGroup": { + "metadata": { + "displayName": "Customer defined Action Group Resource IDs", + "description": "The Resource IDs of existing Action Groups currently deployed in the environment." + }, + "defaultValue": [], + "type": "array" + }, "ALZArmRoleId": { "metadata": { - "description": "Arm Built-in Role Ids for action group to send alerts to", - "displayName": "Arm Role Ids" + "displayName": "Arm Role Ids", + "description": "Arm Built-in Role Ids for action group to send alerts to" }, "defaultValue": [], "type": "array" @@ -147,8 +147,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -164,7 +164,6 @@ "effect": "deployIfNotExists", "details": { "type": "Microsoft.Insights/actionGroups", - "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]", "existenceCondition": { "allOf": [ { @@ -172,107 +171,175 @@ "equals": true }, { - "field": "Microsoft.Insights/actionGroups/groupShortName", - "equals": "SH-ActGrp" + "equals": "SH-ActGrp", + "field": "Microsoft.Insights/actionGroups/groupShortName" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], + "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]", "deployment": { "properties": { "parameters": { "ALZMonitorResourceGroupName": { "value": "[parameters('ALZMonitorResourceGroupName')]" }, - "ALZMonitorResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "ALZMonitorResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, + "ALZMonitorResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "ALZLogicappCallbackUrl": { "value": "[parameters('ALZLogicappCallbackUrl')]" }, "BYOAlertProcessingRule": { "value": "[parameters('BYOAlertProcessingRule')]" }, - "ALZFunctionTriggerUrl": { - "value": "[parameters('ALZFunctionTriggerUrl')]" - }, - "ALZLogicappResourceId": { - "value": "[parameters('ALZLogicappResourceId')]" + "ALZFunctionResourceId": { + "value": "[parameters('ALZFunctionResourceId')]" }, "ALZEventHubResourceId": { "value": "[parameters('ALZEventHubResourceId')]" }, - "ALZFunctionResourceId": { - "value": "[parameters('ALZFunctionResourceId')]" + "ALZLogicappResourceId": { + "value": "[parameters('ALZLogicappResourceId')]" }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" + "ALZFunctionTriggerUrl": { + "value": "[parameters('ALZFunctionTriggerUrl')]" + }, + "ALZMonitorResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" + }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" } }, - "mode": "incremental", "template": { "parameters": { "ALZMonitorResourceGroupName": { "type": "string" }, - "ALZMonitorResourceGroupLocation": { - "type": "string" - }, - "ALZMonitorResourceGroupTags": { - "type": "object" - }, "ALZMonitorActionGroupEmail": { "type": "Array" }, + "ALZMonitorResourceGroupLocation": { + "type": "string" + }, "ALZLogicappCallbackUrl": { "type": "String" }, "BYOAlertProcessingRule": { "type": "String" }, - "ALZFunctionTriggerUrl": { - "type": "String" - }, - "ALZLogicappResourceId": { + "ALZFunctionResourceId": { "type": "string" }, "ALZEventHubResourceId": { "type": "array" }, - "ALZFunctionResourceId": { + "ALZLogicappResourceId": { "type": "string" }, - "BYOActionGroup": { - "type": "array" + "ALZFunctionTriggerUrl": { + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "type": "object" }, "ALZWebhookServiceUri": { "type": "Array" }, + "BYOActionGroup": { + "type": "array" + }, "ALZArmRoleId": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": { + "varLogicAppReceivers": [ + { + "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]", + "name": "AlzLA-0", + "useCommonAlertSchema": true, + "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]" + } + ], + "varAzureFunctionReceivers": [ + { + "name": "AlzFa-0", + "useCommonAlertSchema": true, + "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]", + "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]", + "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]" + } + ], + "copy": [ + { + "name": "varEmailReceivers", + "mode": "serial", + "count": "[length(parameters('ALZMonitorActionGroupEmail'))]", + "input": { + "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]", + "useCommonAlertSchema": true, + "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]" + } + }, + { + "name": "varArmRoleReceivers", + "mode": "serial", + "count": "[length(parameters('ALZArmRoleId'))]", + "input": { + "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]", + "useCommonAlertSchema": true, + "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]" + } + }, + { + "name": "varEventHubReceivers", + "mode": "serial", + "count": "[length(parameters('ALZEventHubResourceId'))]", + "input": { + "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]", + "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]", + "useCommonAlertSchema": true, + "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]", + "tenantId": "[subscription().tenantId]", + "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]" + } + }, + { + "name": "varWebhookReceivers", + "mode": "serial", + "count": "[length(parameters('ALZWebhookServiceUri'))]", + "input": { + "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]", + "useCommonAlertSchema": true, + "tenantId": "null()", + "identifierUri": "null()", + "objectId": "null()", + "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]", + "useAadAuth": "false" + } + } + ] + }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('ALZMonitorResourceGroupLocation')]", "name": "[parameters('ALZMonitorResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('ALZMonitorResourceGroupTags')]" }, { @@ -292,29 +359,28 @@ "BYOAlertProcessingRule": { "value": "[parameters('BYOAlertProcessingRule')]" }, - "ALZFunctionTriggerUrl": { - "value": "[parameters('ALZFunctionTriggerUrl')]" - }, - "ALZLogicappResourceId": { - "value": "[parameters('ALZLogicappResourceId')]" + "ALZFunctionResourceId": { + "value": "[parameters('ALZFunctionResourceId')]" }, "ALZEventHubResourceId": { "value": "[parameters('ALZEventHubResourceId')]" }, - "ALZFunctionResourceId": { - "value": "[parameters('ALZFunctionResourceId')]" + "ALZLogicappResourceId": { + "value": "[parameters('ALZLogicappResourceId')]" }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" + "ALZFunctionTriggerUrl": { + "value": "[parameters('ALZFunctionTriggerUrl')]" }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" + }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" } }, - "mode": "Incremental", "template": { "parameters": { "ALZMonitorResourceGroupName": { @@ -329,132 +395,66 @@ "BYOAlertProcessingRule": { "type": "String" }, - "ALZFunctionTriggerUrl": { - "type": "string" - }, - "ALZLogicappResourceId": { + "ALZFunctionResourceId": { "type": "string" }, "ALZEventHubResourceId": { "type": "array" }, - "ALZFunctionResourceId": { + "ALZLogicappResourceId": { "type": "string" }, - "BYOActionGroup": { - "type": "array" + "ALZFunctionTriggerUrl": { + "type": "string" }, "ALZWebhookServiceUri": { "type": "Array" }, + "BYOActionGroup": { + "type": "array" + }, "ALZArmRoleId": { "type": "array" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/actionGroups", "properties": { "enabled": true, - "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]", - "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]", + "groupShortName": "SH-ActGrp", + "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]", + "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]", "logicAppReceivers": "[if(empty(parameters('ALZLogicappResourceId')), null(), variables('varLogicAppReceivers'))]", + "eventHubReceivers": "[if(empty(parameters('ALZEventHubResourceId')), null(), variables('varEventHubReceivers'))]", "webhookReceivers": "[if(empty(parameters('ALZWebhookServiceUri')), null(), variables('varWebhookReceivers'))]", - "armRoleReceivers": "[if(empty(parameters('ALZArmRoleId')), null(), variables('varArmRoleReceivers'))]", - "emailReceivers": "[if(empty(parameters('ALZMonitorActionGroupEmail')), null(), variables('varEmailReceivers'))]", - "groupShortName": "SH-ActGrp" + "azureFunctionReceivers": "[if(empty(parameters('ALZFunctionResourceId')), null(), variables('varAzureFunctionReceivers'))]" }, + "apiVersion": "2023-01-01", "location": "Global", "name": "[concat('ag-AMBA-SH-', subscription().displayName, '-001')]", - "apiVersion": "2023-01-01", "tags": { "_deployed_by_amba": true }, "condition": "[empty(parameters('BYOActionGroup'))]" } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "SH-ActionGroupDeployment", "apiVersion": "2019-10-01", + "name": "SH-ActionGroupDeployment", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]" ] } ], - "variables": { - "varAzureFunctionReceivers": [ - { - "name": "AlzFa-0", - "useCommonAlertSchema": true, - "functionAppResourceId": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/functions/')[0])]", - "httpTriggerUrl": "[if(empty(parameters('ALZFunctionTriggerUrl')), null(), trim(parameters('ALZFunctionTriggerUrl')))]", - "functionName": "[if(empty(parameters('ALZFunctionResourceId')), null(), split(trim(parameters('ALZFunctionResourceId')),'/')[10])]" - } - ], - "varLogicAppReceivers": [ - { - "resourceId": "[if(empty(parameters('ALZLogicappResourceId')), null(), trim(parameters('ALZLogicappResourceId')))]", - "name": "AlzLA-0", - "useCommonSchema": true, - "callbackUrl": "[if(empty(parameters('ALZLogicappCallbackUrl')), null(), trim(parameters('ALZLogicappCallbackUrl')))]" - } - ], - "copy": [ - { - "name": "varEmailReceivers", - "mode": "serial", - "count": "[length(parameters('ALZMonitorActionGroupEmail'))]", - "input": { - "name": "[concat('AlzMail-', indexOf(parameters('ALZMonitorActionGroupEmail'), parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')]))]", - "useCommonSchema": true, - "emailAddress": "[trim(parameters('ALZMonitorActionGroupEmail')[copyIndex('varEmailReceivers')])]" - } - }, - { - "name": "varArmRoleReceivers", - "mode": "serial", - "count": "[length(parameters('ALZArmRoleId'))]", - "input": { - "name": "[concat('AlzARM-', indexOf(parameters('ALZArmRoleId'), parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')]))]", - "useCommonSchema": true, - "roleId": "[trim(parameters('ALZArmRoleId')[copyIndex('varArmRoleReceivers')])]" - } - }, - { - "name": "varEventHubReceivers", - "mode": "serial", - "count": "[length(parameters('ALZEventHubResourceId'))]", - "input": { - "subscriptionId": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[2])]", - "name": "[concat('AlzEH-', indexOf(parameters('ALZEventHubResourceId'), parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]))]", - "eventHubName": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[10])]", - "useCommonAlertSchema": true, - "tenantId": "[subscription().tenantId]", - "eventHubNameSpace": "[if(empty(parameters('ALZEventHubResourceId')), null(), split(trim(parameters('ALZEventHubResourceId')[copyIndex('varEventHubReceivers')]),'/')[8])]" - } - }, - { - "name": "varWebhookReceivers", - "mode": "serial", - "count": "[length(parameters('ALZWebhookServiceUri'))]", - "input": { - "name": "[concat('AlzWh-', indexOf(parameters('ALZWebhookServiceUri'), parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')]))]", - "useCommonAlertSchema": true, - "tenantId": "null()", - "identifierUri": "null()", - "serviceUri": "[trim(parameters('ALZWebhookServiceUri')[copyIndex('varWebhookReceivers')])]", - "useAadAuth": "false", - "objectId": "null()" - } - } - ] - }, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, diff --git a/Definitions/policyDefinitions/Monitoring/deploy_suppression_alertprocessing_rule.jsonc b/Definitions/policyDefinitions/Monitoring/deploy_suppression_alertprocessing_rule.jsonc index 62a1fc0..cb6b550 100644 --- a/Definitions/policyDefinitions/Monitoring/deploy_suppression_alertprocessing_rule.jsonc +++ b/Definitions/policyDefinitions/Monitoring/deploy_suppression_alertprocessing_rule.jsonc @@ -6,13 +6,13 @@ "description": "Policy to deploy empty and disabled suppression Alert Processing Rule for all AMBA alerts", "mode": "All", "metadata": { - "category": "Monitoring", "version": "1.1.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Monitoring" }, "parameters": { "MonitorDisableTagValues": { @@ -67,8 +67,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Resources/subscriptions" + "equals": "Microsoft.Resources/subscriptions", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -80,12 +80,11 @@ "effect": "deployIfNotExists", "details": { "type": "Microsoft.AlertsManagement/actionRules", - "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]", "existenceCondition": { "allOf": [ { - "field": "Microsoft.AlertsManagement/actionRules/description", - "equals": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription" + "equals": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription", + "field": "Microsoft.AlertsManagement/actionRules/description" } ] }, @@ -105,7 +104,6 @@ "value": "[parameters('ALZMonitorResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { "ALZMonitorResourceGroupName": { @@ -119,12 +117,13 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", "location": "[parameters('ALZMonitorResourceGroupLocation')]", "name": "[parameters('ALZMonitorResourceGroupName')]", - "apiVersion": "2021-04-01", "tags": "[parameters('ALZMonitorResourceGroupTags')]" }, { @@ -136,7 +135,6 @@ "value": "[parameters('ALZMonitorResourceGroupName')]" } }, - "mode": "Incremental", "template": { "parameters": { "ALZMonitorResourceGroupName": { @@ -144,6 +142,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.AlertsManagement/actionRules", @@ -159,32 +158,33 @@ } ] }, + "apiVersion": "2021-08-08", "location": "Global", "name": "[concat('apr-AMBA-',subscription().displayName, '-002')]", - "apiVersion": "2021-08-08", "tags": { "_deployed_by_amba": true }, "dependsOn": [] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, - "name": "SuppressionRuleDeployment", "apiVersion": "2019-10-01", + "name": "SuppressionRuleDeployment", "dependsOn": [ "[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]" ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, + "resourceGroupName": "[parameters('ALZMonitorResourceGroupName')]", "deploymentScope": "subscription", "existenceScope": "resourceGroup" } diff --git a/Definitions/policyDefinitions/Network/deploy_activitylog_firewall_delete.jsonc b/Definitions/policyDefinitions/Network/deploy_activitylog_firewall_delete.jsonc index f8a21b4..d4c14ba 100644 --- a/Definitions/policyDefinitions/Network/deploy_activitylog_firewall_delete.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_activitylog_firewall_delete.jsonc @@ -6,27 +6,15 @@ "description": "Policy to Deploy Activity Log Azure Firewall Delete Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.1.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -60,6 +48,14 @@ "defaultValue": "true", "type": "String" }, + "alertResourceGroupLocation": { + "metadata": { + "description": "Location of the Resource group the alert is placed in", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "alertResourceGroupName": { "metadata": { "description": "Resource group the alert is placed in", @@ -68,12 +64,16 @@ "defaultValue": "rg-amba-monitoring-001", "type": "String" }, - "alertResourceGroupLocation": { + "effect": { "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" + "description": "Effect of the policy", + "displayName": "Effect" }, - "defaultValue": "centralus", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, "alertResourceGroupTags": { @@ -91,8 +91,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/azureFirewalls" + "equals": "Microsoft.Network/azureFirewalls", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.Network/azureFirewalls/delete" + "equals": "Microsoft.Network/azureFirewalls/delete", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] } @@ -150,33 +150,31 @@ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" ], "name": "ActivityAzureFirewallDelete", - "resourceGroupName": "[parameters('alertResourceGroupName')]", "deployment": { "properties": { "parameters": { "enabled": { "value": "[parameters('enabled')]" }, - "alertResourceGroupName": { - "value": "[parameters('alertResourceGroupName')]" - }, "alertResourceGroupLocation": { "value": "[parameters('alertResourceGroupLocation')]" }, + "alertResourceGroupName": { + "value": "[parameters('alertResourceGroupName')]" + }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { "enabled": { "type": "string" }, - "alertResourceGroupName": { + "alertResourceGroupLocation": { "type": "string" }, - "alertResourceGroupLocation": { + "alertResourceGroupName": { "type": "string" }, "alertResourceGroupTags": { @@ -187,9 +185,9 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2020-10-01", "name": "[parameters('alertResourceGroupName')]", + "location": "[parameters('alertResourceGroupLocation')]", "tags": "[parameters('alertResourceGroupTags')]" }, { @@ -204,7 +202,6 @@ "value": "[parameters('alertResourceGroupName')]" } }, - "mode": "Incremental", "template": { "parameters": { "enabled": { @@ -232,12 +229,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.Network/azurefirewalls/delete" + "equals": "Microsoft.Network/azurefirewalls/delete", + "field": "operationName" }, { "field": "status", @@ -248,9 +245,9 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", "name": "ActivityAzureFirewallDelete", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -258,7 +255,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityAzureFirewallDelete", @@ -269,12 +267,14 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourceGroup", - "deploymentScope": "subscription" + "resourceGroupName": "[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceScope": "resourceGroup" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_activitylog_nsg_delete.jsonc b/Definitions/policyDefinitions/Network/deploy_activitylog_nsg_delete.jsonc index 2353a9a..8a36298 100644 --- a/Definitions/policyDefinitions/Network/deploy_activitylog_nsg_delete.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_activitylog_nsg_delete.jsonc @@ -6,31 +6,35 @@ "description": "Policy to Deploy Activity Log NSG Delete Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.1.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -42,16 +46,16 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -60,39 +64,35 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/networkSecurityGroups" + "equals": "Microsoft.Network/networkSecurityGroups", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.Network/networkSecurityGroups/delete" + "equals": "Microsoft.Network/networkSecurityGroups/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -154,29 +154,28 @@ "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "alertResourceGroupTags": { @@ -184,11 +183,12 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -197,24 +197,24 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -232,12 +232,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.Network/networkSecurityGroups/delete" + "equals": "Microsoft.Network/networkSecurityGroups/delete", + "field": "operationName" }, { "field": "status", @@ -248,17 +248,17 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", + "location": "global", "name": "ActivityNSGDelete", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityNSGDelete", @@ -267,14 +267,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_activitylog_routetable_update.jsonc b/Definitions/policyDefinitions/Network/deploy_activitylog_routetable_update.jsonc index a2c8a2e..91df3a6 100644 --- a/Definitions/policyDefinitions/Network/deploy_activitylog_routetable_update.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_activitylog_routetable_update.jsonc @@ -6,31 +6,35 @@ "description": "Policy to Deploy Activity Log Route Table Update Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.1.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -42,16 +46,16 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -60,39 +64,35 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/routeTables" + "equals": "Microsoft.Network/routeTables", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.Network/routeTables/routes/write" + "equals": "Microsoft.Network/routeTables/routes/write", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -154,29 +154,28 @@ "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "alertResourceGroupTags": { @@ -184,11 +183,12 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -197,24 +197,24 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -232,12 +232,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.Network/routeTables/routes/write" + "equals": "Microsoft.Network/routeTables/routes/write", + "field": "operationName" }, { "field": "status", @@ -248,17 +248,17 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", + "location": "global", "name": "ActivityUDRUpdate", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityUDRUpdate", @@ -267,14 +267,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_activitylog_vpngateway_delete.jsonc b/Definitions/policyDefinitions/Network/deploy_activitylog_vpngateway_delete.jsonc index 449c5ce..f235201 100644 --- a/Definitions/policyDefinitions/Network/deploy_activitylog_vpngateway_delete.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_activitylog_vpngateway_delete.jsonc @@ -6,31 +6,35 @@ "description": "Policy to Deploy Activity Log VPN Gateway Delete Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.1.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { + "alertResourceGroupLocation": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "centralus", + "type": "String" + }, + "alertResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001", "type": "String" }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -42,16 +46,16 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -60,39 +64,35 @@ "defaultValue": "true", "type": "String" }, - "alertResourceGroupName": { - "metadata": { - "description": "Resource group the alert is placed in", - "displayName": "Resource Group Name" - }, - "defaultValue": "rg-amba-monitoring-001", - "type": "String" - }, - "alertResourceGroupLocation": { - "metadata": { - "description": "Location of the Resource group the alert is placed in", - "displayName": "Resource Group Location" - }, - "defaultValue": "centralus", - "type": "String" - }, "alertResourceGroupTags": { "metadata": { - "description": "Tags on the Resource group the alert is placed in", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" }, "defaultValue": { "Project": "amba-monitoring" }, "type": "Object" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/vpnGateways" + "equals": "Microsoft.Network/vpnGateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -107,8 +107,8 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/ActivityLogAlerts/enabled" }, { "equals": 2, @@ -119,24 +119,24 @@ { "allOf": [ { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", - "equals": "category" + "equals": "category", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field" }, { - "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", - "equals": "Administrative" + "equals": "Administrative", + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals" } ] }, { "allOf": [ { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field", - "equals": "operationName" + "equals": "operationName", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field" }, { - "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals", - "equals": "Microsoft.Network/vpnGateways/delete" + "equals": "Microsoft.Network/vpnGateways/delete", + "field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals" } ] } @@ -153,29 +153,28 @@ "deployment": { "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" + "alertResourceGroupLocation": { + "value": "[parameters('alertResourceGroupLocation')]" }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('alertResourceGroupLocation')]" + "enabled": { + "value": "[parameters('enabled')]" }, "alertResourceGroupTags": { "value": "[parameters('alertResourceGroupTags')]" } }, - "mode": "incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupLocation": { "type": "string" }, "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupLocation": { + "enabled": { "type": "string" }, "alertResourceGroupTags": { @@ -183,11 +182,12 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "location": "[parameters('alertResourceGroupLocation')]", "apiVersion": "2021-04-01", + "location": "[parameters('alertResourceGroupLocation')]", "name": "[parameters('alertResourceGroupName')]", "tags": "[parameters('alertResourceGroupTags')]" }, @@ -196,24 +196,24 @@ "type": "Microsoft.Resources/deployments", "properties": { "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "alertResourceGroupName": { "value": "[parameters('alertResourceGroupName')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, - "mode": "Incremental", "template": { "parameters": { - "enabled": { + "alertResourceGroupName": { "type": "string" }, - "alertResourceGroupName": { + "enabled": { "type": "string" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "microsoft.insights/activityLogAlerts", @@ -231,12 +231,12 @@ "condition": { "allOf": [ { - "field": "category", - "equals": "Administrative" + "equals": "Administrative", + "field": "category" }, { - "field": "operationName", - "equals": "Microsoft.Network/vpnGateways/delete" + "equals": "Microsoft.Network/vpnGateways/delete", + "field": "operationName" }, { "field": "status", @@ -247,17 +247,17 @@ ] } }, - "location": "global", "apiVersion": "2020-10-01", + "location": "global", "name": "ActivityVPNGatewayDelete", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "Incremental" }, "apiVersion": "2019-10-01", "name": "ActivityVPNGatewayDelete", @@ -266,14 +266,14 @@ ] } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" }, "location": "australiaeast" }, - "existenceScope": "resourcegroup", - "deploymentScope": "subscription" + "deploymentScope": "subscription", + "existenceScope": "resourcegroup" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_afw_firewallhealth_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_afw_firewallhealth_alert.jsonc index 2db02fa..9d18cda 100644 --- a/Definitions/policyDefinitions/Network/deploy_afw_firewallhealth_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_afw_firewallhealth_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy Azure Firewall FirewallHealth Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.2.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -42,10 +30,22 @@ "defaultValue": "PT1M", "type": "String" }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,16 +57,16 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -81,10 +81,22 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -95,8 +107,8 @@ }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -108,22 +120,10 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "90", "type": "String" @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/azureFirewalls" + "equals": "Microsoft.Network/azureFirewalls", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/azureFirewalls" + "equals": "Microsoft.Network/azureFirewalls", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "FirewallHealth" + "equals": "FirewallHealth", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-FirewallHealth-threshold-Override_'), field('tags._amba-FirewallHealth-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-FirewallHealth-threshold-Override_'), field('tags._amba-FirewallHealth-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -209,15 +209,15 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "enabled": { "value": "[parameters('enabled')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-FirewallHealth-threshold-Override_'), field('tags._amba-FirewallHealth-threshold-Override_'), parameters('threshold'))]" }, @@ -225,13 +225,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -241,13 +240,13 @@ "windowSize": { "type": "String" }, - "enabled": { + "autoMitigate": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, - "autoMitigate": { + "severity": { "type": "String" }, "threshold": { @@ -255,13 +254,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -274,31 +274,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "enabled": { "value": "[parameters('enabled')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "FirewallHealth", "operator": "LessThan", + "name": "FirewallHealth", "metricNamespace": "Microsoft.Network/azureFirewalls", "criterionType": "StaticThresholdCriterion", "metricName": "FirewallHealth" @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-FirewallHealth')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_afw_snatportutilization_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_afw_snatportutilization_alert.jsonc index 6c022b8..b76d22a 100644 --- a/Definitions/policyDefinitions/Network/deploy_afw_snatportutilization_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_afw_snatportutilization_alert.jsonc @@ -6,9 +6,9 @@ "description": "Policy to audit/deploy Azure Firewall SNATPortUtilization Alert", "mode": "All", "metadata": { + "version": "1.2.0", "category": "Network", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], @@ -42,19 +42,6 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +72,27 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "80", "type": "String" }, "enabled": { @@ -105,27 +107,25 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "1", - "type": "String" + "type": "Array" }, - "threshold": { + "MonitorDisableTagName": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "80", + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/azureFirewalls" + "equals": "Microsoft.Network/azureFirewalls", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/azureFirewalls" + "equals": "Microsoft.Network/azureFirewalls", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "SNATPortUtilization" + "equals": "SNATPortUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-SNATPortUtilization-threshold-Override_'), field('tags._amba-SNATPortUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-SNATPortUtilization-threshold-Override_'), field('tags._amba-SNATPortUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -212,15 +212,15 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-SNATPortUtilization-threshold-Override_'), field('tags._amba-SNATPortUtilization-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -244,15 +244,15 @@ "windowSize": { "type": "String" }, - "enabled": { - "type": "String" - }, "severity": { "type": "String" }, "threshold": { "type": "String" }, + "enabled": { + "type": "String" + }, "resourceName": { "metadata": { "description": "Name of the resource", @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -277,31 +278,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "SNATPortUtilization", "timeAggregation": "Average", - "operator": "GreaterThan", "metricNamespace": "Microsoft.Network/azureFirewalls", "criterionType": "StaticThresholdCriterion", - "metricName": "SNATPortUtilization" + "metricName": "SNATPortUtilization", + "name": "SNATPortUtilization", + "operator": "GreaterThan" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,15 +311,14 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-SNATPortUtilization')]", + "location": "global", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Network/deploy_dnsz_registrationcapacityutil_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_dnsz_registrationcapacityutil_alert.jsonc index 1c0111b..87151d2 100644 --- a/Definitions/policyDefinitions/Network/deploy_dnsz_registrationcapacityutil_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_dnsz_registrationcapacityutil_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Private DNS Zone Registration Capacity Utilization Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1H", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,14 +55,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -81,6 +73,14 @@ "defaultValue": "PT1H", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -108,18 +108,6 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +115,26 @@ }, "defaultValue": "80", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "VirtualNetworkWithRegistrationCapacityUtilization" + "equals": "VirtualNetworkWithRegistrationCapacityUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThanOrEqual" + "equals": "GreaterThanOrEqual", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,6 +206,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -215,9 +218,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkWithRegistrationCapacityUtilization-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,6 +237,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -247,9 +249,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -271,6 +270,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -280,25 +282,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Maximum", - "name": "VirtualNetworkWithRegistrationCapacityUtilization", "operator": "GreaterThanOrEqual", + "name": "VirtualNetworkWithRegistrationCapacityUtilization", "metricNamespace": "Microsoft.Network/privateDnsZones", "criterionType": "StaticThresholdCriterion", "metricName": "VirtualNetworkWithRegistrationCapacityUtilization" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-RequestsAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-RequestsAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ercir_arpavailability_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ercir_arpavailability_alert.jsonc index 34868b8..434e1ac 100644 --- a/Definitions/policyDefinitions/Network/deploy_ercir_arpavailability_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ercir_arpavailability_alert.jsonc @@ -6,8 +6,8 @@ "description": "Policy to audit/deploy ExpressRoute Circuits Arp Availability Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", + "category": "Network", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" @@ -15,18 +15,6 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,24 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -120,6 +87,18 @@ "defaultValue": "0", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +106,35 @@ }, "defaultValue": "90", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ArpAvailability" + "equals": "ArpAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ArpAvailability-threshold-Override_'), field('tags._amba-ArpAvailability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ArpAvailability-threshold-Override_'), field('tags._amba-ArpAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -212,12 +212,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ArpAvailability-threshold-Override_'), field('tags._amba-ArpAvailability-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -244,10 +243,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "threshold": { @@ -277,12 +276,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[parameters('threshold')]" } @@ -290,18 +289,18 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "ArpAvailability", "timeAggregation": "Average", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/expressRouteCircuits", "criterionType": "StaticThresholdCriterion", - "metricName": "ArpAvailability" + "operator": "LessThan", + "metricName": "ArpAvailability", + "name": "ArpAvailability" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-ArpAvailability')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ercir_bgpavailability_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ercir_bgpavailability_alert.jsonc index 6cb14c1..8f21368 100644 --- a/Definitions/policyDefinitions/Network/deploy_ercir_bgpavailability_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ercir_bgpavailability_alert.jsonc @@ -9,10 +9,10 @@ "category": "Network", "_deployed_by_amba": "True", "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { "effect": { @@ -42,19 +42,6 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,24 +72,12 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "threshold": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Threshold for the alert", + "displayName": "Threshold" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "90", "type": "String" }, "severity": { @@ -120,21 +95,46 @@ "defaultValue": "0", "type": "String" }, - "threshold": { + "enabled": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Alert state for the alert", + "displayName": "Alert State" }, - "defaultValue": "90", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -146,57 +146,57 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/metricAlerts", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "BgpAvailability" + "equals": "BgpAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], "deployment": { "properties": { "parameters": { @@ -212,14 +212,14 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "threshold": { + "value": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]" }, "severity": { "value": "[parameters('severity')]" }, - "threshold": { - "value": "[if(contains(field('tags'), '_amba-BgpAvailability-threshold-Override_'), field('tags._amba-BgpAvailability-threshold-Override_'), parameters('threshold'))]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" @@ -244,13 +244,13 @@ "windowSize": { "type": "String" }, - "enabled": { + "threshold": { "type": "String" }, "severity": { "type": "String" }, - "threshold": { + "enabled": { "type": "String" }, "resourceName": { @@ -261,7 +261,9 @@ "type": "String" } }, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -277,49 +279,47 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" + "threshold": { + "value": "[parameters('threshold')]" }, "severity": { "value": "[parameters('severity')]" }, - "threshold": { - "value": "[parameters('threshold')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "scopes": [ + "[parameters('resourceId')]" + ], "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "name": "BgpAvailability", - "timeAggregation": "Average", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/expressRouteCircuits", - "criterionType": "StaticThresholdCriterion", - "metricName": "BgpAvailability" + "metricName": "BgpAvailability", + "operator": "LessThan", + "timeAggregation": "Average", + "criterionType": "StaticThresholdCriterion" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" - }, - "scopes": [ - "[parameters('resourceId')]" - ] + } }, - "location": "global", - "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-BgpAvailability')]", + "apiVersion": "2018-03-01", + "location": "global", "tags": { "_deployed_by_amba": true } } - ], - "variables": {}, - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + ] } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsinpersecond_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsinpersecond_alert.jsonc index 287bf7d..cd4a3df 100644 --- a/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsinpersecond_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsinpersecond_alert.jsonc @@ -6,8 +6,8 @@ "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", + "category": "Network", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" @@ -15,18 +15,6 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,24 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -119,14 +86,47 @@ ], "defaultValue": "2", "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "QosDropBitsInPerSecond" + "equals": "QosDropBitsInPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -212,17 +212,16 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -241,10 +240,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "resourceName": { @@ -271,32 +270,32 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "name": "QosDropBitsInPerSecond", "timeAggregation": "Average", - "failingPeriods": { - "numberOfEvaluationPeriods": 4, - "minFailingPeriodsToAlert": 4 - }, - "operator": "GreaterThan", "metricNamespace": "Microsoft.Network/expressRouteCircuits", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "QosDropBitsInPerSecond" + "operator": "GreaterThan", + "metricName": "QosDropBitsInPerSecond", + "name": "QosDropBitsInPerSecond", + "failingPeriods": { + "numberOfEvaluationPeriods": 2, + "minFailingPeriodsToAlert": 2 + }, + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -305,9 +304,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-QosDropBitsInPerSecond')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -315,7 +314,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsoutpersecond_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsoutpersecond_alert.jsonc index 7dc3605..63288cc 100644 --- a/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsoutpersecond_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ercir_qosdropbitsoutpersecond_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.2.0", + "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -42,10 +30,22 @@ "defaultValue": "PT5M", "type": "String" }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -55,22 +55,18 @@ ], "type": "Array" }, - "autoMitigate": { + "MonitorDisableTagName": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -85,18 +81,22 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "autoMitigate": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -107,8 +107,8 @@ }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -125,8 +125,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressRouteCircuits" + "equals": "Microsoft.Network/expressRouteCircuits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "QosDropBitsOutPerSecond" + "equals": "QosDropBitsOutPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRouteCircuits/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -206,12 +206,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "enabled": { "value": "[parameters('enabled')]" }, @@ -222,23 +222,22 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, "evaluationFrequency": { "type": "String" }, - "autoMitigate": { + "windowSize": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, "enabled": { @@ -249,13 +248,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -265,12 +265,12 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "enabled": { "value": "[parameters('enabled')]" }, @@ -279,24 +279,24 @@ } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", + "autoMitigate": "[parameters('autoMitigate')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ { - "name": "QosDropBitsOutPerSecond", "timeAggregation": "Average", "failingPeriods": { - "numberOfEvaluationPeriods": 4, - "minFailingPeriodsToAlert": 4 + "numberOfEvaluationPeriods": 2, + "minFailingPeriodsToAlert": 2 }, "operator": "GreaterThan", + "name": "QosDropBitsOutPerSecond", "metricNamespace": "Microsoft.Network/expressRouteCircuits", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "QosDropBitsOutPerSecond" + "metricName": "QosDropBitsOutPerSecond", + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-QosDropBitsOutPerSecond')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsin_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsin_alert.jsonc index 86b276e..1656342 100644 --- a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsin_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsin_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert", "mode": "All", "metadata": { + "_deployed_by_amba": "True", "category": "Network", "version": "1.2.0", - "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,16 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "disabled", "type": "String" }, "severity": { @@ -108,10 +87,10 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -127,14 +106,35 @@ }, "defaultValue": "1", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ERGatewayConnectionBitsInPerSecond" + "equals": "ERGatewayConnectionBitsInPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,17 +206,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsInPerSecond-threshold-Override_'), parameters('threshold'))]" @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,16 +237,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { @@ -271,37 +270,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "ERGatewayConnectionBitsInPerSecond", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/expressroutegateways", "criterionType": "StaticThresholdCriterion", - "metricName": "ERGatewayConnectionBitsInPerSecond" + "operator": "LessThan", + "metricName": "ERGatewayConnectionBitsInPerSecond", + "name": "ERGatewayConnectionBitsInPerSecond" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-GatewayERBitsInAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-GatewayERBitsInAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsout_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsout_alert.jsonc index 7ad2e8a..502930d 100644 --- a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsout_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutebitsout_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,8 +45,8 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -67,36 +55,18 @@ "defaultValue": "true", "type": "String" }, - "windowSize": { - "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "String" - }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -105,10 +75,28 @@ "defaultValue": "true", "type": "String" }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -122,19 +110,31 @@ }, "threshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "displayName": "Threshold", + "description": "Threshold for the alert" }, "defaultValue": "1", "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ERGatewayConnectionBitsOutPerSecond" + "equals": "ERGatewayConnectionBitsOutPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), field('tags._amba-ERGatewayConnectionBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -209,12 +209,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -225,13 +225,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -241,10 +240,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -255,13 +254,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -274,12 +274,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -289,16 +289,16 @@ }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "ERGatewayConnectionBitsOutPerSecond", "timeAggregation": "Average", "operator": "LessThan", + "name": "ERGatewayConnectionBitsOutPerSecond", "metricNamespace": "Microsoft.Network/expressroutegateways", "criterionType": "StaticThresholdCriterion", "metricName": "ERGatewayConnectionBitsOutPerSecond" @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-GatewayERBitsOutAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutecpuutil_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutecpuutil_alert.jsonc index 2afb16e..71a51c8 100644 --- a/Definitions/policyDefinitions/Network/deploy_ergw_expressroutecpuutil_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_ergw_expressroutecpuutil_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy ER Gateway Express Route CPU Utilization Alert", "mode": "All", "metadata": { - "category": "Network", - "_deployed_by_amba": "True", "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +60,19 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", "type": "String" }, "enabled": { @@ -105,19 +87,29 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "1", + "defaultValue": "deployIfNotExists", "type": "String" }, "threshold": { @@ -127,14 +119,22 @@ }, "defaultValue": "80", "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressroutegateways" + "equals": "Microsoft.Network/expressroutegateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ExpressRouteGatewayCpuUtilization" + "equals": "ExpressRouteGatewayCpuUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressroutegateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -212,12 +212,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -244,10 +243,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "threshold": { @@ -262,6 +261,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -277,12 +277,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[parameters('threshold')]" } @@ -290,17 +290,17 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "ExpressRouteGatewayCpuUtilization", "timeAggregation": "Average", - "operator": "GreaterThan", "metricNamespace": "Microsoft.Network/expressroutegateways", + "operator": "GreaterThan", "criterionType": "StaticThresholdCriterion", + "name": "ExpressRouteGatewayCpuUtilization", "metricName": "ExpressRouteGatewayCpuUtilization" } ], @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-GatewayERCPUAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_pdnsz_capacityutil_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_pdnsz_capacityutil_alert.jsonc index eed6c38..bb8e6a6 100644 --- a/Definitions/policyDefinitions/Network/deploy_pdnsz_capacityutil_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_pdnsz_capacityutil_alert.jsonc @@ -6,13 +6,13 @@ "description": "Policy to audit/deploy Private DNS Zone Capacity Utilization Alert", "mode": "All", "metadata": { - "category": "Network", "version": "1.2.0", + "category": "Network", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { "effect": { @@ -42,25 +42,16 @@ "defaultValue": "PT1H", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +72,6 @@ "defaultValue": "PT1H", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +87,18 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "threshold": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "80", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -120,12 +107,25 @@ "defaultValue": "true", "type": "String" }, - "threshold": { + "MonitorDisableTagValues": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": "80", + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "VirtualNetworkLinkCapacityUtilization" + "equals": "VirtualNetworkLinkCapacityUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThanOrEqual" + "equals": "GreaterThanOrEqual", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,21 +206,21 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), field('tags._amba-VirtualNetworkLinkCapacityUtilization-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -238,19 +238,19 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "enabled": { "type": "String" }, "resourceName": { @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,37 +272,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Maximum", - "name": "VirtualNetworkLinkCapacityUtilization", - "operator": "GreaterThanOrEqual", "metricNamespace": "Microsoft.Network/privateDnsZones", "criterionType": "StaticThresholdCriterion", - "metricName": "VirtualNetworkLinkCapacityUtilization" + "metricName": "VirtualNetworkLinkCapacityUtilization", + "name": "VirtualNetworkLinkCapacityUtilization", + "operator": "GreaterThanOrEqual" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,15 +311,14 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-CapacityUtilizationAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-CapacityUtilizationAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Network/deploy_pdnsz_queryvolume_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_pdnsz_queryvolume_alert.jsonc index 9797a19..1ccc9c6 100644 --- a/Definitions/policyDefinitions/Network/deploy_pdnsz_queryvolume_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_pdnsz_queryvolume_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Private DNS Zone Query Volume Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1H", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,14 +55,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -81,6 +73,14 @@ "defaultValue": "PT1H", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -108,18 +108,6 @@ "defaultValue": "4", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +115,26 @@ }, "defaultValue": "500", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "QueryVolume" + "equals": "QueryVolume", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Total" + "equals": "Total", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThanOrEqual" + "equals": "GreaterThanOrEqual", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-QueryVolume-threshold-Override_'), field('tags._amba-QueryVolume-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-QueryVolume-threshold-Override_'), field('tags._amba-QueryVolume-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,6 +206,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -215,9 +218,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-QueryVolume-threshold-Override_'), field('tags._amba-QueryVolume-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,6 +237,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -247,9 +249,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -271,6 +270,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -280,25 +282,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Total", - "name": "QueryVolume", "operator": "GreaterThanOrEqual", + "name": "QueryVolume", "metricNamespace": "Microsoft.Network/privateDnsZones", "criterionType": "StaticThresholdCriterion", "metricName": "QueryVolume" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-QueryVolumeAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-QueryVolumeAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_pdnsz_recordsetcapacity_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_pdnsz_recordsetcapacity_alert.jsonc index 6c659c5..f656a13 100644 --- a/Definitions/policyDefinitions/Network/deploy_pdnsz_recordsetcapacity_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_pdnsz_recordsetcapacity_alert.jsonc @@ -6,8 +6,8 @@ "description": "Policy to audit/deploy Private DNS Zone Record Set Capacity Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", + "category": "Network", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" @@ -15,18 +15,6 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT1H", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,24 +60,16 @@ "defaultValue": "PT1H", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -120,6 +87,18 @@ "defaultValue": "2", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +106,35 @@ }, "defaultValue": "80", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/privateDnsZones" + "equals": "Microsoft.Network/privateDnsZones", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "RecordSetCapacityUtilization" + "equals": "RecordSetCapacityUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/privateDnsZones/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThanOrEqual" + "equals": "GreaterThanOrEqual", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-RecordSetCapacityUtilization-threshold-Override_'), field('tags._amba-RecordSetCapacityUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-RecordSetCapacityUtilization-threshold-Override_'), field('tags._amba-RecordSetCapacityUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -212,12 +212,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-RecordSetCapacityUtilization-threshold-Override_'), field('tags._amba-RecordSetCapacityUtilization-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -244,10 +243,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "threshold": { @@ -277,12 +276,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[parameters('threshold')]" } @@ -290,18 +289,18 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "RecordSetCapacityUtilization", "timeAggregation": "Maximum", - "operator": "GreaterThanOrEqual", "metricNamespace": "Microsoft.Network/privateDnsZones", "criterionType": "StaticThresholdCriterion", - "metricName": "RecordSetCapacityUtilization" + "operator": "GreaterThanOrEqual", + "metricName": "RecordSetCapacityUtilization", + "name": "RecordSetCapacityUtilization" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-RecordSet_Capacity_Utilization')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_publicip_bytesinddosattack_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_publicip_bytesinddosattack_alert.jsonc index fc9dbf2..0bf8818 100644 --- a/Definitions/policyDefinitions/Network/deploy_publicip_bytesinddosattack_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_publicip_bytesinddosattack_alert.jsonc @@ -6,9 +6,9 @@ "description": "Policy to audit/deploy PIP Bytes in DDoS Attack Alert", "mode": "All", "metadata": { + "version": "1.2.0", "category": "Network", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], @@ -42,19 +42,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +72,27 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "4", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "8000000", "type": "String" }, "enabled": { @@ -105,27 +107,25 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "4", - "type": "String" + "type": "Array" }, - "threshold": { + "MonitorDisableTagName": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "8000000", + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "bytesinddos" + "equals": "bytesinddos", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-bytesinddos-threshold-Override_'), field('tags._amba-bytesinddos-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-bytesinddos-threshold-Override_'), field('tags._amba-bytesinddos-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -212,15 +212,15 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-bytesinddos-threshold-Override_'), field('tags._amba-bytesinddos-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -244,15 +244,15 @@ "windowSize": { "type": "String" }, - "enabled": { - "type": "String" - }, "severity": { "type": "String" }, "threshold": { "type": "String" }, + "enabled": { + "type": "String" + }, "resourceName": { "metadata": { "description": "Name of the resource", @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -277,31 +278,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "bytesinddos", "timeAggregation": "Maximum", - "operator": "GreaterThan", "metricNamespace": "Microsoft.Network/publicIPAddresses", "criterionType": "StaticThresholdCriterion", - "metricName": "bytesinddos" + "metricName": "bytesinddos", + "name": "bytesinddos", + "operator": "GreaterThan" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,15 +311,14 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-BytesInDDOSAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Network/deploy_publicip_ddosattack_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_publicip_ddosattack_alert.jsonc index 9a65be0..c616d3b 100644 --- a/Definitions/policyDefinitions/Network/deploy_publicip_ddosattack_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_publicip_ddosattack_alert.jsonc @@ -6,19 +6,34 @@ "description": "Policy to audit/deploy PIP DDoS Attack Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", + "_deployed_by_amba": "True", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + "version": "1.2.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "evaluationFrequency": { + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, "effect": { "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" + "displayName": "Effect", + "description": "Effect of the policy" }, "allowedValues": [ "deployIfNotExists", @@ -27,37 +42,31 @@ "defaultValue": "deployIfNotExists", "type": "String" }, - "enabled": { + "MonitorDisableTagValues": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, - "allowedValues": [ + "defaultValue": [ "true", - "false" + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "true", - "type": "String" + "type": "Array" }, - "evaluationFrequency": { + "MonitorDisableTagName": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -72,25 +81,22 @@ "defaultValue": "PT5M", "type": "String" }, - "severity": { + "autoMitigate": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "true", + "false" ], - "defaultValue": "1", + "defaultValue": "true", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -99,33 +105,27 @@ "defaultValue": "true", "type": "String" }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "0", - "type": "String" - }, - "MonitorDisableTagValues": { + "severity": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "Severity", + "description": "Severity of the Alert" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" ], - "type": "Array" + "defaultValue": "1", + "type": "String" }, - "MonitorDisableTagName": { + "threshold": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "MonitorDisable", + "defaultValue": "0", "type": "String" } }, @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ifunderddosattack" + "equals": "ifunderddosattack", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -203,105 +203,105 @@ "resourceId": { "value": "[field('id')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "resourceName": { - "value": "[field('name')]" - }, "windowSize": { "value": "[parameters('windowSize')]" }, - "severity": { - "value": "[parameters('severity')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, - "enabled": { + "evaluationFrequency": { "type": "String" }, - "evaluationFrequency": { + "windowSize": { "type": "String" }, - "resourceName": { - "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" - }, + "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "resourceName": { + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", "properties": { "description": "Metric Alert for Public IP Address Under Attack", "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, "windowSize": { "value": "[parameters('windowSize')]" }, - "severity": { - "value": "[parameters('severity')]" - }, "autoMitigate": { "value": "[parameters('autoMitigate')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, "threshold": { "value": "[parameters('threshold')]" } }, - "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", "windowSize": "[parameters('windowSize')]", - "severity": "[parameters('severity')]", "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", "criteria": { "allOf": [ { - "name": "ifunderddosattack", "threshold": "[parameters('threshold')]", "timeAggregation": "Maximum", "operator": "GreaterThan", - "metricName": "ifunderddosattack", + "name": "ifunderddosattack", "metricNamespace": "Microsoft.Network/publicIPAddresses", - "criterionType": "StaticThresholdCriterion" + "criterionType": "StaticThresholdCriterion", + "metricName": "ifunderddosattack" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,17 +310,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-DDOS_Attack')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_publicip_packetsinddosattack_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_publicip_packetsinddosattack_alert.jsonc index c011ba1..6f1a4ad 100644 --- a/Definitions/policyDefinitions/Network/deploy_publicip_packetsinddosattack_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_publicip_packetsinddosattack_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy PIP Packets in DDoS Attack Alert", "mode": "All", "metadata": { - "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -63,6 +51,18 @@ "defaultValue": "MonitorDisable", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -93,6 +93,26 @@ "defaultValue": "true", "type": "String" }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "40000", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -107,34 +127,14 @@ ], "defaultValue": "4", "type": "String" - }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "40000", - "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "PacketsInDDoS" + "equals": "PacketsInDDoS", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Total" + "equals": "Total", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "GreaterThanOrEqual" + "equals": "GreaterThanOrEqual", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-PacketsInDDoS-threshold-Override_'), field('tags._amba-PacketsInDDoS-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-PacketsInDDoS-threshold-Override_'), field('tags._amba-PacketsInDDoS-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -206,26 +206,25 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-PacketsInDDoS-threshold-Override_'), field('tags._amba-PacketsInDDoS-threshold-Override_'), parameters('threshold'))]" }, + "severity": { + "value": "[parameters('severity')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,19 +237,19 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "severity": { "type": "String" }, "resourceName": { @@ -271,34 +270,34 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Total", - "name": "PacketsInDDoS", "operator": "GreaterThanOrEqual", + "name": "PacketsInDDoS", "metricNamespace": "Microsoft.Network/publicIPAddresses", "criterionType": "StaticThresholdCriterion", "metricName": "PacketsInDDoS" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-PacketsInDDosAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_publicip_vipavailability_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_publicip_vipavailability_alert.jsonc index 9919c8f..c3cfe83 100644 --- a/Definitions/policyDefinitions/Network/deploy_publicip_vipavailability_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_publicip_vipavailability_alert.jsonc @@ -6,9 +6,9 @@ "description": "Policy to audit/deploy PIP VIP Availability Alert", "mode": "All", "metadata": { + "version": "1.2.0", "category": "Network", "_deployed_by_amba": "True", - "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], @@ -42,19 +42,6 @@ "defaultValue": "PT1M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +72,27 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", "type": "String" }, "enabled": { @@ -105,27 +107,25 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "1", - "type": "String" + "type": "Array" }, - "threshold": { + "MonitorDisableTagName": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": "90", + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -133,12 +133,12 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "type" }, { - "field": "Microsoft.Network/publicIPAddresses/sku.name", - "equals": "Standard" + "equals": "Standard", + "field": "Microsoft.Network/publicIPAddresses/sku.name" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/publicIPAddresses" + "equals": "Microsoft.Network/publicIPAddresses", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "VipAvailability" + "equals": "VipAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/publicIPAddresses/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -216,15 +216,15 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -248,15 +248,15 @@ "windowSize": { "type": "String" }, - "enabled": { - "type": "String" - }, "severity": { "type": "String" }, "threshold": { "type": "String" }, + "enabled": { + "type": "String" + }, "resourceName": { "metadata": { "description": "Name of the resource", @@ -266,6 +266,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -281,31 +282,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "VipAvailability", "timeAggregation": "Average", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/publicIPAddresses", "criterionType": "StaticThresholdCriterion", - "metricName": "VipAvailability" + "metricName": "VipAvailability", + "name": "VipAvailability", + "operator": "LessThan" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -314,15 +315,14 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-VIPAvailabityAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnet_ddosattack_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnet_ddosattack_alert.jsonc index 6ce68c5..ff8e53c 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnet_ddosattack_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnet_ddosattack_alert.jsonc @@ -6,39 +6,15 @@ "description": "Policy to audit/deploy Virtual Network DDoS Attack Alert", "mode": "All", "metadata": { + "_deployed_by_amba": "True", "category": "Network", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "_deployed_by_amba": "True" + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -54,6 +30,18 @@ "defaultValue": "PT1M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -72,6 +60,18 @@ "defaultValue": "PT5M", "type": "String" }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -87,10 +87,10 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworks" + "equals": "Microsoft.Network/virtualNetworks", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworks" + "equals": "Microsoft.Network/virtualNetworks", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ifunderddosattack" + "equals": "ifunderddosattack", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Maximum" + "equals": "Maximum", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -203,14 +203,11 @@ "resourceId": { "value": "[field('id')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "resourceName": { - "value": "[field('name')]" + "autoMitigate": { + "value": "[parameters('autoMitigate')]" }, "windowSize": { "value": "[parameters('windowSize')]" @@ -218,14 +215,16 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ifunderddosattack-threshold-Override_'), field('tags._amba-ifunderddosattack-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -235,17 +234,10 @@ }, "type": "String" }, - "enabled": { - "type": "String" - }, "evaluationFrequency": { "type": "String" }, - "resourceName": { - "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" - }, + "autoMitigate": { "type": "String" }, "windowSize": { @@ -254,11 +246,18 @@ "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" } }, "contentVersion": "1.0.0.0", @@ -268,40 +267,40 @@ "properties": { "description": "Metric Alert for VNet DDOS Attack", "parameters": { - "enabled": { - "value": "[parameters('enabled')]" - }, "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" } }, - "enabled": "[parameters('enabled')]", "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "name": "ifunderddosattack", "threshold": "[parameters('threshold')]", "timeAggregation": "Maximum", + "metricNamespace": "Microsoft.Network/virtualNetworks", + "criterionType": "StaticThresholdCriterion", "operator": "GreaterThan", "metricName": "ifunderddosattack", - "metricNamespace": "Microsoft.Network/virtualNetworks", - "criterionType": "StaticThresholdCriterion" + "name": "ifunderddosattack" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-DDOSAttackAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutebitspersecond_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutebitspersecond_alert.jsonc index dd4052a..437dddc 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutebitspersecond_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutebitspersecond_alert.jsonc @@ -6,15 +6,30 @@ "description": "Policy to audit/deploy Virtual Network Gateway Express Route Bits Per Second Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Network", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, "effect": { "metadata": { "description": "Effect of the policy", @@ -27,19 +42,16 @@ "defaultValue": "deployIfNotExists", "type": "String" }, - "evaluationFrequency": { + "autoMitigate": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "true", + "false" ], - "defaultValue": "PT1M", + "defaultValue": "true", "type": "String" }, "MonitorDisableTagValues": { @@ -81,18 +93,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +108,18 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { + "threshold": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "1", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -119,26 +127,18 @@ ], "defaultValue": "true", "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "1", - "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "ExpressRoute" + "equals": "ExpressRoute", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ExpressRouteGatewayBitsPerSecond" + "equals": "ExpressRouteGatewayBitsPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), field('tags._amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), field('tags._amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -210,21 +210,21 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), field('tags._amba-ExpressRouteGatewayBitsPerSecond-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -242,19 +242,19 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "enabled": { "type": "String" }, "resourceName": { @@ -275,36 +275,36 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "ExpressRouteGatewayBitsPerSecond", + "threshold": "[parameters('threshold')]", "operator": "LessThan", "metricNamespace": "Microsoft.Network/virtualNetworkGateways", "criterionType": "StaticThresholdCriterion", + "name": "ExpressRouteGatewayBitsPerSecond", "metricName": "ExpressRouteGatewayBitsPerSecond" } ], @@ -314,9 +314,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-GatewayERBitsAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-GatewayERBitsAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutecpuutil_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutecpuutil_alert.jsonc index c0e6fce..137728c 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutecpuutil_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_expressroutecpuutil_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Virtual Network Gateway Express Route CPU Utilization Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.1", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.1", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,14 +55,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -81,6 +73,14 @@ "defaultValue": "PT5M", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -108,18 +108,6 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,18 +115,30 @@ }, "defaultValue": "80", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "ExpressRoute" + "equals": "ExpressRoute", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "ExpressRouteGatewayCpuUtilization" + "equals": "ExpressRouteGatewayCpuUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -210,6 +210,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -219,9 +222,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), field('tags._amba-ExpressRouteGatewayCpuUtilization-threshold-Override_'), parameters('threshold'))]" }, @@ -229,7 +229,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -242,6 +241,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -251,9 +253,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -275,6 +274,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -284,25 +286,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "ExpressRouteGatewayCpuUtilization", "operator": "GreaterThan", + "name": "ExpressRouteGatewayCpuUtilization", "metricNamespace": "Microsoft.Network/virtualNetworkGateways", "criterionType": "StaticThresholdCriterion", "metricName": "ExpressRouteGatewayCpuUtilization" @@ -314,9 +313,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-GatewayERCPUAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-GatewayERCPUAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -324,7 +323,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelbandwidth_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelbandwidth_alert.jsonc index 90bfd16..b3572d1 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelbandwidth_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelbandwidth_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,14 +55,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -81,6 +73,14 @@ "defaultValue": "PT5M", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -108,18 +108,6 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,18 +115,30 @@ }, "defaultValue": "1", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelAverageBandwidth" + "equals": "TunnelAverageBandwidth", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-TunnelAverageBandwidth-threshold-Override_'), field('tags._amba-TunnelAverageBandwidth-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-TunnelAverageBandwidth-threshold-Override_'), field('tags._amba-TunnelAverageBandwidth-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -210,6 +210,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -219,9 +222,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" }, @@ -229,7 +229,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -242,6 +241,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -251,9 +253,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -275,6 +274,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -284,25 +286,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[if(contains(field('tags'), '_amba-TunnelAverageBandwidth-threshold-Override_'), field('tags._amba-TunnelAverageBandwidth-threshold-Override_'), parameters('threshold'))]", "timeAggregation": "Average", - "name": "TunnelAverageBandwidth", "operator": "LessThan", + "name": "TunnelAverageBandwidth", "metricNamespace": "Microsoft.Network/virtualNetworkGateways", "criterionType": "StaticThresholdCriterion", "metricName": "TunnelAverageBandwidth" @@ -314,9 +313,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-TunnelBandwidthAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-TunnelBandwidthAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -324,7 +323,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegress_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegress_alert.jsonc index 0a041a3..b7c7a9c 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegress_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegress_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert", "mode": "All", "metadata": { - "category": "Network", "version": "1.2.0", "_deployed_by_amba": "True", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,18 +60,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +75,10 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -120,6 +87,31 @@ "defaultValue": "true", "type": "String" }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,18 +119,26 @@ }, "defaultValue": "1", "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelEgressBytes" + "equals": "TunnelEgressBytes", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-TunnelEgressBytes-threshold-Override_'), field('tags._amba-TunnelEgressBytes-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-TunnelEgressBytes-threshold-Override_'), field('tags._amba-TunnelEgressBytes-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -210,17 +210,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-TunnelEgressBytes-threshold-Override_'), field('tags._amba-TunnelEgressBytes-threshold-Override_'), parameters('threshold'))]" @@ -229,7 +229,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -242,16 +241,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "threshold": { @@ -266,6 +265,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -275,36 +275,36 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "TunnelEgressBytes", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/virtualNetworkGateways", + "operator": "LessThan", "criterionType": "StaticThresholdCriterion", + "name": "TunnelEgressBytes", "metricName": "TunnelEgressBytes" } ], @@ -314,17 +314,17 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelEgressAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropcount_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropcount_alert.jsonc index 6394bb5..84fd300 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropcount_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropcount_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.3.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,18 +55,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -119,18 +107,30 @@ ], "defaultValue": "3", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -145,56 +145,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelEgressPacketDropCount" + "equals": "TunnelEgressPacketDropCount", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -226,7 +226,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -290,17 +289,17 @@ "criteria": { "allOf": [ { - "name": "TunnelEgressPacketDropCount", "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, "operator": "GreaterThan", + "name": "TunnelEgressPacketDropCount", "metricNamespace": "microsoft.network/virtualNetworkGateways", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "TunnelEgressPacketDropCount" + "metricName": "TunnelEgressPacketDropCount", + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -309,9 +308,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -319,7 +318,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropmismatch_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropmismatch_alert.jsonc index 86ef453..349ead4 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropmismatch_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelegresspacketdropmismatch_alert.jsonc @@ -6,15 +6,30 @@ "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.3.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Network", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.3.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, "effect": { "metadata": { "description": "Effect of the policy", @@ -27,19 +42,16 @@ "defaultValue": "deployIfNotExists", "type": "String" }, - "evaluationFrequency": { + "autoMitigate": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "true", + "false" ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "String" }, "MonitorDisableTagValues": { @@ -81,18 +93,6 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -108,10 +108,10 @@ "defaultValue": "3", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -125,12 +125,12 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -145,56 +145,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelEgressPacketDropTSMismatch" + "equals": "TunnelEgressPacketDropTSMismatch", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -210,17 +210,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" @@ -239,16 +239,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "resourceName": { @@ -269,29 +269,28 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "timeAggregation": "Average", - "name": "TunnelEgressPacketDropTSMismatch", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 @@ -299,6 +298,7 @@ "operator": "GreaterThan", "metricNamespace": "microsoft.network/virtualNetworkGateways", "criterionType": "DynamicThresholdCriterion", + "name": "TunnelEgressPacketDropTSMismatch", "metricName": "TunnelEgressPacketDropTSMismatch", "alertSensitivity": "Medium" } @@ -309,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropTSMismatchAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropTSMismatchAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingress_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingress_alert.jsonc index 39e6289..3a3d782 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingress_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingress_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert", "mode": "All", "metadata": { - "category": "Network", - "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "version": "1.2.0", + "_deployed_by_amba": "True", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -55,6 +43,14 @@ ], "type": "Array" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,14 +81,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -105,6 +93,26 @@ "defaultValue": "true", "type": "String" }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "1", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -119,26 +127,18 @@ ], "defaultValue": "0", "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "1", - "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -153,48 +153,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/virtualNetworkGateways" + "equals": "Microsoft.Network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelIngressBytes" + "equals": "TunnelIngressBytes", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-TunnelIngressBytes-threshold-Override_'), field('tags._amba-TunnelIngressBytes-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-TunnelIngressBytes-threshold-Override_'), field('tags._amba-TunnelIngressBytes-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -219,17 +219,16 @@ "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-TunnelIngressBytes-threshold-Override_'), field('tags._amba-TunnelIngressBytes-threshold-Override_'), parameters('threshold'))]" }, + "severity": { + "value": "[parameters('severity')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -251,10 +250,10 @@ "enabled": { "type": "String" }, - "severity": { + "threshold": { "type": "String" }, - "threshold": { + "severity": { "type": "String" }, "resourceName": { @@ -284,11 +283,11 @@ "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", @@ -300,9 +299,9 @@ "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "TunnelIngressBytes", "timeAggregation": "Average", "operator": "LessThan", + "name": "TunnelIngressBytes", "metricNamespace": "Microsoft.Network/virtualNetworkGateways", "criterionType": "StaticThresholdCriterion", "metricName": "TunnelIngressBytes" @@ -314,8 +313,8 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelIngressAlert')]", "tags": { "_deployed_by_amba": true @@ -324,7 +323,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropcount_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropcount_alert.jsonc index 51c2fc3..23ee17f 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropcount_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropcount_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.3.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,8 +45,8 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -67,36 +55,18 @@ "defaultValue": "true", "type": "String" }, - "windowSize": { - "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "String" - }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -105,10 +75,28 @@ "defaultValue": "true", "type": "String" }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -119,18 +107,30 @@ ], "defaultValue": "3", "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -145,56 +145,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelIngressPacketDropCount" + "equals": "TunnelIngressPacketDropCount", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -213,12 +213,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -226,13 +226,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -242,10 +241,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -253,13 +252,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -272,31 +272,31 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ { - "name": "TunnelIngressPacketDropCount", "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, "operator": "GreaterThan", + "name": "TunnelIngressPacketDropCount", "metricNamespace": "microsoft.network/virtualNetworkGateways", "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", @@ -309,17 +309,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropmismatch_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropmismatch_alert.jsonc index ff6c78d..94497aa 100644 --- a/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropmismatch_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vnetgw_tunnelingresspacketdropmismatch_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.3.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,18 +55,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -119,18 +107,30 @@ ], "defaultValue": "3", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "type" }, { - "field": "Microsoft.Network/virtualNetworkGateways/gatewayType", - "equals": "VPN" + "equals": "VPN", + "field": "Microsoft.Network/virtualNetworkGateways/gatewayType" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -145,56 +145,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/virtualNetworkGateways" + "equals": "microsoft.network/virtualNetworkGateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelIngressPacketDropTSMismatch" + "equals": "TunnelIngressPacketDropTSMismatch", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 4 + "equals": 4, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -226,7 +226,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -290,17 +289,17 @@ "criteria": { "allOf": [ { - "name": "TunnelIngressPacketDropTSMismatch", "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, "operator": "GreaterThan", + "name": "TunnelIngressPacketDropTSMismatch", "metricNamespace": "microsoft.network/virtualNetworkGateways", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "TunnelIngressPacketDropTSMismatch" + "metricName": "TunnelIngressPacketDropTSMismatch", + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -309,9 +308,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -319,7 +318,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_bandwidthutil_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_bandwidthutil_alert.jsonc index 7f1c953..92d8fb7 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_bandwidthutil_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_bandwidthutil_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert", "mode": "All", "metadata": { - "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -63,6 +51,18 @@ "defaultValue": "MonitorDisable", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -93,6 +93,26 @@ "defaultValue": "true", "type": "String" }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "1", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -107,34 +127,14 @@ ], "defaultValue": "0", "type": "String" - }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, - "threshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Threshold" - }, - "defaultValue": "1", - "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "tunnelaveragebandwidth" + "equals": "tunnelaveragebandwidth", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-tunnelaveragebandwidth-threshold-Override_'), field('tags._amba-tunnelaveragebandwidth-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-tunnelaveragebandwidth-threshold-Override_'), field('tags._amba-tunnelaveragebandwidth-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -206,26 +206,25 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-tunnelaveragebandwidth-threshold-Override_'), field('tags._amba-tunnelaveragebandwidth-threshold-Override_'), parameters('threshold'))]" }, + "severity": { + "value": "[parameters('severity')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,19 +237,19 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, - "autoMitigate": { + "threshold": { "type": "String" }, - "threshold": { + "severity": { "type": "String" }, "resourceName": { @@ -271,34 +270,34 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, "enabled": { "value": "[parameters('enabled')]" }, - "severity": { - "value": "[parameters('severity')]" - }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" + }, + "severity": { + "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "tunnelaveragebandwidth", "operator": "LessThan", + "name": "tunnelaveragebandwidth", "metricNamespace": "microsoft.network/vpngateways", "criterionType": "StaticThresholdCriterion", "metricName": "tunnelaveragebandwidth" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, + "apiVersion": "2018-03-01", "location": "global", "name": "[concat(parameters('resourceName'), '-GatewayBandwidthAlert')]", - "apiVersion": "2018-03-01", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_bgppeerstatus_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_bgppeerstatus_alert.jsonc index adae71b..178b3b1 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_bgppeerstatus_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_bgppeerstatus_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VPN Gateway BGP Peer Status Alert", "mode": "All", "metadata": { - "category": "Network", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT1M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,14 +55,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -81,6 +73,14 @@ "defaultValue": "PT5M", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -108,18 +108,6 @@ "defaultValue": "0", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +115,26 @@ }, "defaultValue": "1", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "bgppeerstatus" + "equals": "bgppeerstatus", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Total" + "equals": "Total", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-bgppeerstatus-threshold-Override_'), field('tags._amba-bgppeerstatus-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-bgppeerstatus-threshold-Override_'), field('tags._amba-bgppeerstatus-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -206,6 +206,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -215,9 +218,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-bgppeerstatus-threshold-Override_'), field('tags._amba-bgppeerstatus-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -238,6 +237,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -247,9 +249,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -271,6 +270,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -280,25 +282,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Total", - "name": "bgppeerstatus", "operator": "LessThan", + "name": "bgppeerstatus", "metricNamespace": "microsoft.network/vpngateways", "criterionType": "StaticThresholdCriterion", "metricName": "bgppeerstatus" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-BGPPeerStatusAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-BGPPeerStatusAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_egress_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_egress_alert.jsonc index 11bffb0..7d30f22 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_egress_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_egress_alert.jsonc @@ -6,8 +6,8 @@ "description": "Policy to audit/deploy VPN Gateway Egress Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", + "category": "Network", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" @@ -15,18 +15,6 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,24 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "disabled", "type": "String" }, "severity": { @@ -120,6 +87,18 @@ "defaultValue": "0", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -127,14 +106,35 @@ }, "defaultValue": "1", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "tunnelegressbytes" + "equals": "tunnelegressbytes", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-tunnelegressbytes-threshold-Override_'), field('tags._amba-tunnelegressbytes-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-tunnelegressbytes-threshold-Override_'), field('tags._amba-tunnelegressbytes-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -212,12 +212,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-tunnelegressbytes-threshold-Override_'), field('tags._amba-tunnelegressbytes-threshold-Override_'), parameters('threshold'))]" }, @@ -225,7 +225,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -244,10 +243,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "threshold": { @@ -277,12 +276,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[parameters('threshold')]" } @@ -290,18 +289,18 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "tunnelegressbytes", "timeAggregation": "Average", - "operator": "LessThan", "metricNamespace": "microsoft.network/vpngateways", "criterionType": "StaticThresholdCriterion", - "metricName": "tunnelegressbytes" + "operator": "LessThan", + "metricName": "tunnelegressbytes", + "name": "tunnelegressbytes" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -310,9 +309,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-TunnelEgressAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -320,7 +319,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_ingress_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_ingress_alert.jsonc index 8b655ec..c37c03f 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_ingress_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_ingress_alert.jsonc @@ -6,15 +6,30 @@ "description": "Policy to audit/deploy VPN Gateway Ingress Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", - "version": "1.2.0", + "category": "Network", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.2.0", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, "effect": { "metadata": { "description": "Effect of the policy", @@ -27,19 +42,16 @@ "defaultValue": "disabled", "type": "String" }, - "evaluationFrequency": { + "autoMitigate": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "true", + "false" ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "String" }, "MonitorDisableTagValues": { @@ -55,16 +67,12 @@ ], "type": "Array" }, - "autoMitigate": { + "MonitorDisableTagName": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", + "defaultValue": "MonitorDisable", "type": "String" }, "windowSize": { @@ -85,26 +93,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -127,14 +115,26 @@ }, "defaultValue": "1", "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "tunnelingressbytes" + "equals": "tunnelingressbytes", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", - "equals": "[if(contains(field('tags'), '_amba-tunnelingressbytes-threshold-Override_'), field('tags._amba-tunnelingressbytes-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-tunnelingressbytes-threshold-Override_'), field('tags._amba-tunnelingressbytes-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold" } ] }, @@ -212,15 +212,15 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-tunnelingressbytes-threshold-Override_'), field('tags._amba-tunnelingressbytes-threshold-Override_'), parameters('threshold'))]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } @@ -244,15 +244,15 @@ "windowSize": { "type": "String" }, - "enabled": { - "type": "String" - }, "severity": { "type": "String" }, "threshold": { "type": "String" }, + "enabled": { + "type": "String" + }, "resourceName": { "metadata": { "description": "Name of the resource", @@ -277,30 +277,30 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, "threshold": { "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "threshold": "[parameters('threshold')]", - "name": "tunnelingressbytes", "timeAggregation": "Average", + "threshold": "[parameters('threshold')]", "operator": "LessThan", "metricNamespace": "microsoft.network/vpngateways", "criterionType": "StaticThresholdCriterion", + "name": "tunnelingressbytes", "metricName": "tunnelingressbytes" } ], @@ -310,9 +310,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-TunnelIngressAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropcount_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropcount_alert.jsonc index 480cbe3..2a36d8b 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropcount_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropcount_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert", "mode": "All", "metadata": { - "category": "Network", - "_deployed_by_amba": "True", "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +60,19 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "3", "type": "String" }, "enabled": { @@ -105,19 +87,37 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "3", + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -125,8 +125,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelEgressPacketDropCount" + "equals": "TunnelEgressPacketDropCount", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -212,17 +212,16 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -241,10 +240,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "resourceName": { @@ -256,6 +255,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,31 +271,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "name": "TunnelEgressPacketDropCount", "timeAggregation": "Average", + "metricNamespace": "microsoft.network/vpngateways", + "operator": "GreaterThan", + "criterionType": "DynamicThresholdCriterion", + "name": "TunnelEgressPacketDropCount", + "alertSensitivity": "Medium", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, - "operator": "GreaterThan", - "metricNamespace": "microsoft.network/vpngateways", - "alertSensitivity": "Medium", - "criterionType": "DynamicThresholdCriterion", "metricName": "TunnelEgressPacketDropCount" } ], @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropmismatch_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropmismatch_alert.jsonc index 86c1309..93b4ea2 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropmismatch_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelegresspacketdropmismatch_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Mismatch Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Network", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,8 +45,8 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -67,36 +55,18 @@ "defaultValue": "true", "type": "String" }, - "windowSize": { - "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "String" - }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -105,10 +75,28 @@ "defaultValue": "true", "type": "String" }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -119,14 +107,26 @@ ], "defaultValue": "3", "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelEgressPacketDropTSMismatch" + "equals": "TunnelEgressPacketDropTSMismatch", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -209,12 +209,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -222,13 +222,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -238,10 +237,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -249,13 +248,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -268,31 +268,31 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", "criteria": { "allOf": [ { - "name": "TunnelEgressPacketDropTSMismatch", "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, "operator": "GreaterThan", + "name": "TunnelEgressPacketDropTSMismatch", "metricNamespace": "microsoft.network/vpngateways", "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelEgressPacketDropTSMismatchAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropcount_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropcount_alert.jsonc index c37b286..866bbdb 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropcount_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropcount_alert.jsonc @@ -6,31 +6,19 @@ "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Count Alert", "mode": "All", "metadata": { - "category": "Network", "_deployed_by_amba": "True", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Evaluation Frequency" + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -44,8 +32,8 @@ }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -57,8 +45,8 @@ }, "autoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ "true", @@ -67,10 +55,30 @@ "defaultValue": "true", "type": "String" }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "windowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "displayName": "Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -85,18 +93,10 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "enabled": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "displayName": "Alert State", + "description": "Alert state for the alert" }, "allowedValues": [ "true", @@ -107,8 +107,8 @@ }, "severity": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "displayName": "Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -125,8 +125,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelIngressPacketDropCount" + "equals": "TunnelIngressPacketDropCount", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -222,13 +222,12 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { "metadata": { - "description": "Resource ID of the resource emitting the metric that will be used for the comparison", - "displayName": "resourceId" + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" }, "type": "String" }, @@ -249,13 +248,14 @@ }, "resourceName": { "metadata": { - "description": "Name of the resource", - "displayName": "resourceName" + "displayName": "resourceName", + "description": "Name of the resource" }, "type": "String" } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -286,17 +286,17 @@ "criteria": { "allOf": [ { - "name": "TunnelIngressPacketDropCount", - "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, + "timeAggregation": "Average", "operator": "GreaterThan", + "name": "TunnelIngressPacketDropCount", "metricNamespace": "microsoft.network/vpngateways", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "TunnelIngressPacketDropCount" + "metricName": "TunnelIngressPacketDropCount", + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropmismatch_alert.jsonc b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropmismatch_alert.jsonc index d6a26d4..3c10b21 100644 --- a/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropmismatch_alert.jsonc +++ b/Definitions/policyDefinitions/Network/deploy_vpngw_tunnelingresspacketdropmismatch_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Mismatch Alert", "mode": "All", "metadata": { - "category": "Network", - "_deployed_by_amba": "True", "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "category": "Network" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,19 +30,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -85,12 +60,19 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { + "severity": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Severity of the Alert", + "displayName": "Severity" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "3", "type": "String" }, "enabled": { @@ -105,19 +87,37 @@ "defaultValue": "true", "type": "String" }, - "severity": { + "MonitorDisableTagValues": { "metadata": { - "description": "Severity of the Alert", - "displayName": "Severity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "3", + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" } }, @@ -125,8 +125,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "microsoft.network/vpngateways" + "equals": "microsoft.network/vpngateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "TunnelIngressPacketDropTSMismatch" + "equals": "TunnelIngressPacketDropTSMismatch", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -212,17 +212,16 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -241,10 +240,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "resourceName": { @@ -256,6 +255,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,31 +271,31 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { - "name": "TunnelIngressPacketDropTSMismatch", "timeAggregation": "Average", + "metricNamespace": "microsoft.network/vpngateways", + "operator": "GreaterThan", + "criterionType": "DynamicThresholdCriterion", + "name": "TunnelIngressPacketDropTSMismatch", + "alertSensitivity": "Medium", "failingPeriods": { "numberOfEvaluationPeriods": 4, "minFailingPeriodsToAlert": 4 }, - "operator": "GreaterThan", - "metricNamespace": "microsoft.network/vpngateways", - "alertSensitivity": "Medium", - "criterionType": "DynamicThresholdCriterion", "metricName": "TunnelIngressPacketDropTSMismatch" } ], @@ -305,17 +305,17 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", + "location": "global", "name": "[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Networking/deploy_erp_expressroutrxlightlevel_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_erp_expressroutrxlightlevel_alert.jsonc index dadf0f2..f1a24eb 100644 --- a/Definitions/policyDefinitions/Networking/deploy_erp_expressroutrxlightlevel_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_erp_expressroutrxlightlevel_alert.jsonc @@ -6,24 +6,12 @@ "description": "Policy to audit/deploy ER Direct RxLightLevel High Alert", "mode": "All", "metadata": { - "category": "Networking", - "version": "1.2.0", "_deployed_by_amba": "True", + "version": "1.2.0", + "category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -39,6 +27,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -52,14 +52,6 @@ ], "type": "Array" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -78,6 +70,14 @@ "defaultValue": "PT5M", "type": "String" }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "enabled": { "metadata": { "description": "Alert state for the alert", @@ -105,18 +105,6 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -124,14 +112,26 @@ }, "defaultValue": "0", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/expressRoutePorts" + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -146,52 +146,52 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/expressRoutePorts" + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "RxLightLevel" + "equals": "RxLightLevel", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-RxLightLevel-High-threshold-Override_'), field('tags._amba-RxLightLevel-High-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-RxLightLevel-High-threshold-Override_'), field('tags._amba-RxLightLevel-High-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -207,6 +207,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -216,9 +219,6 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[if(contains(field('tags'), '_amba-RxLightLevel-High-threshold-Override_'), field('tags._amba-RxLightLevel-High-threshold-Override_'), parameters('threshold'))]" }, @@ -226,7 +226,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -239,6 +238,9 @@ "evaluationFrequency": { "type": "String" }, + "autoMitigate": { + "type": "String" + }, "windowSize": { "type": "String" }, @@ -248,9 +250,6 @@ "severity": { "type": "String" }, - "autoMitigate": { - "type": "String" - }, "threshold": { "type": "String" }, @@ -272,6 +271,9 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, @@ -281,25 +283,22 @@ "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" - }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", "timeAggregation": "Average", - "name": "RxLightLevel", "operator": "GreaterThan", + "name": "RxLightLevel", "metricNamespace": "Microsoft.Network/expressRoutePorts", "criterionType": "StaticThresholdCriterion", "metricName": "RxLightLevel" @@ -311,9 +310,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-DirectERRxLightLevelHighAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DirectERRxLightLevelHighAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -321,7 +320,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Networking/deploy_fd_backendhealth_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_fd_backendhealth_alert.jsonc index ea7c0a4..5758f0f 100644 --- a/Definitions/policyDefinitions/Networking/deploy_fd_backendhealth_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_fd_backendhealth_alert.jsonc @@ -6,24 +6,12 @@ "description": "Policy to audit/deploy FrontDoor Backend Health Percentage Alert", "mode": "All", "metadata": { - "category": "Networking", "_deployed_by_amba": "True", + "category": "Networking", "version": "1.1.1", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -39,19 +27,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, "autoMitigate": { "metadata": { "description": "Auto Mitigate for the alert", @@ -82,24 +57,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "disabled", "type": "String" }, "severity": { @@ -117,6 +84,18 @@ "defaultValue": "2", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "threshold": { "metadata": { "description": "Threshold for the alert", @@ -124,14 +103,35 @@ }, "defaultValue": "90", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/frontdoors" + "equals": "Microsoft.Network/frontdoors", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -146,48 +146,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/frontdoors" + "equals": "Microsoft.Network/frontdoors", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "BackendHealthPercentage" + "equals": "BackendHealthPercentage", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-BackendHealthPercentage-threshold-Override_'), field('tags._amba-BackendHealthPercentage-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-BackendHealthPercentage-threshold-Override_'), field('tags._amba-BackendHealthPercentage-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -209,12 +209,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[if(contains(field('tags'), '_amba-BackendHealthPercentage-threshold-Override_'), field('tags._amba-BackendHealthPercentage-threshold-Override_'), parameters('threshold'))]" }, @@ -222,7 +222,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -241,10 +240,10 @@ "windowSize": { "type": "String" }, - "enabled": { + "severity": { "type": "String" }, - "severity": { + "enabled": { "type": "String" }, "threshold": { @@ -274,12 +273,12 @@ "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, + "enabled": { + "value": "[parameters('enabled')]" + }, "threshold": { "value": "[parameters('threshold')]" } @@ -287,18 +286,18 @@ "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "name": "BackendHealthPercentage", "timeAggregation": "Average", - "operator": "LessThan", "metricNamespace": "Microsoft.Network/frontdoors", "criterionType": "StaticThresholdCriterion", - "metricName": "BackendHealthPercentage" + "operator": "LessThan", + "metricName": "BackendHealthPercentage", + "name": "BackendHealthPercentage" } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" @@ -307,9 +306,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-BackendHealthPercentage')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -317,7 +316,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Networking/deploy_fd_backendrequestlatency_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_fd_backendrequestlatency_alert.jsonc index 989d53f..a67fcd2 100644 --- a/Definitions/policyDefinitions/Networking/deploy_fd_backendrequestlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_fd_backendrequestlatency_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy Frontdoor Backend Request Latency Alert", "mode": "All", "metadata": { + "_deployed_by_amba": "True", "category": "Networking", "version": "1.2.0", - "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,16 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "disabled", "type": "String" }, "severity": { @@ -108,10 +87,10 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -119,14 +98,35 @@ ], "defaultValue": "true", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Network/frontdoors" + "equals": "Microsoft.Network/frontdoors", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Network/frontdoors" + "equals": "Microsoft.Network/frontdoors", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "BackendRequestLatency" + "equals": "BackendRequestLatency", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/frontdoors/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -206,23 +206,22 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -235,16 +234,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "resourceName": { @@ -265,37 +264,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/frontdoors", + "criterionType": "DynamicThresholdCriterion", + "operator": "GreaterThan", + "metricName": "BackendRequestLatency", "name": "ServiceApiResult", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 }, - "operator": "GreaterThan", - "metricNamespace": "Microsoft.Network/frontdoors", - "criterionType": "DynamicThresholdCriterion", - "metricName": "BackendRequestLatency", "alertSensitivity": "Medium" } ], @@ -305,9 +304,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-BackendRequestLatencyAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-BackendRequestLatencyAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -315,7 +314,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_originlatency_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_originlatency_alert.jsonc index 1855b53..da03d6b 100644 --- a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_originlatency_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_originlatency_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy FrontDoor CDN Profile Origin Latency Alert", "mode": "All", "metadata": { - "category": "Networking", "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Networking", "alzCloudEnvironments": [ "AzureCloud" ], "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,18 +30,17 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "effect": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Effect of the policy", + "displayName": "Effect" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "deployIfNotExists", + "disabled" ], - "type": "Array" + "defaultValue": "disabled", + "type": "String" }, "autoMitigate": { "metadata": { @@ -67,6 +54,18 @@ "defaultValue": "true", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -85,26 +84,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -119,6 +98,27 @@ ], "defaultValue": "2", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { @@ -138,6 +138,9 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/metricAlerts", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], "existenceCondition": { "allOf": [ { @@ -194,9 +197,6 @@ } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], "deployment": { "properties": { "parameters": { @@ -209,12 +209,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -238,10 +238,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -268,42 +268,42 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", + "scopes": [ + "[parameters('resourceId')]" + ], "criteria": { "allOf": [ { "name": "ServiceApiResult", "timeAggregation": "Average", + "metricNamespace": "Microsoft.Cdn/profiles", + "criterionType": "DynamicThresholdCriterion", + "metricName": "OriginLatency", + "operator": "GreaterThan", + "alertSensitivity": "Medium", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 - }, - "operator": "GreaterThan", - "metricNamespace": "Microsoft.Cdn/profiles", - "alertSensitivity": "Medium", - "criterionType": "DynamicThresholdCriterion", - "metricName": "OriginLatency" + } } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" - }, - "scopes": [ - "[parameters('resourceId')]" - ] + } }, "location": "global", "apiVersion": "2018-03-01", diff --git a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage4xx_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage4xx_alert.jsonc index 1952641..f3e50fb 100644 --- a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage4xx_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage4xx_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy FrontDoor CDN Profile Percentage4XX Alert", "mode": "All", "metadata": { + "_deployed_by_amba": "True", "category": "Networking", "version": "1.2.0", - "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,16 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -108,10 +87,10 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -119,14 +98,35 @@ ], "defaultValue": "true", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Cdn/profiles" + "equals": "Microsoft.Cdn/profiles", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Cdn/profiles" + "equals": "Microsoft.Cdn/profiles", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "Percentage4XX" + "equals": "Percentage4XX", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -206,23 +206,22 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -235,16 +234,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "resourceName": { @@ -265,37 +264,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "timeAggregation": "Average", + "metricNamespace": "Microsoft.Cdn/profiles", + "criterionType": "DynamicThresholdCriterion", + "operator": "GreaterThan", + "metricName": "Percentage4XX", "name": "ServiceApiResult", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 }, - "operator": "GreaterThan", - "metricNamespace": "Microsoft.Cdn/profiles", - "criterionType": "DynamicThresholdCriterion", - "metricName": "Percentage4XX", "alertSensitivity": "Medium" } ], @@ -305,9 +304,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-Percentage4XXAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-Percentage4XXAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -315,7 +314,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage5xx_alert.jsonc b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage5xx_alert.jsonc index f5867d7..4303b4e 100644 --- a/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage5xx_alert.jsonc +++ b/Definitions/policyDefinitions/Networking/deploy_frontdoorcdn_percentage5xx_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy FrontDoor CDN Profile Percentage5XX Alert", "mode": "All", "metadata": { - "category": "Networking", "_deployed_by_amba": "True", "version": "1.2.0", + "category": "Networking", "alzCloudEnvironments": [ "AzureCloud" ], "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,18 +30,17 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "effect": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Effect of the policy", + "displayName": "Effect" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "deployIfNotExists", + "disabled" ], - "type": "Array" + "defaultValue": "deployIfNotExists", + "type": "String" }, "autoMitigate": { "metadata": { @@ -67,6 +54,18 @@ "defaultValue": "true", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -85,26 +84,6 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "enabled": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "severity": { "metadata": { "description": "Severity of the Alert", @@ -119,6 +98,27 @@ ], "defaultValue": "2", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { @@ -138,6 +138,9 @@ "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/metricAlerts", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], "existenceCondition": { "allOf": [ { @@ -194,9 +197,6 @@ } ] }, - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" - ], "deployment": { "properties": { "parameters": { @@ -209,12 +209,12 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" }, @@ -238,10 +238,10 @@ "autoMitigate": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { @@ -268,42 +268,42 @@ "autoMitigate": { "value": "[parameters('autoMitigate')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, "severity": { "value": "[parameters('severity')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", "autoMitigate": "[parameters('autoMitigate')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", "severity": "[parameters('severity')]", + "scopes": [ + "[parameters('resourceId')]" + ], "criteria": { "allOf": [ { "name": "ServiceApiResult", "timeAggregation": "Average", + "metricNamespace": "Microsoft.Cdn/profiles", + "criterionType": "DynamicThresholdCriterion", + "metricName": "Percentage5XX", + "operator": "GreaterThan", + "alertSensitivity": "Medium", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 - }, - "operator": "GreaterThan", - "metricNamespace": "Microsoft.Cdn/profiles", - "alertSensitivity": "Medium", - "criterionType": "DynamicThresholdCriterion", - "metricName": "Percentage5XX" + } } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" - }, - "scopes": [ - "[parameters('resourceId')]" - ] + } }, "location": "global", "apiVersion": "2018-03-01", diff --git a/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_asrhealthmonitor_alert.jsonc b/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_asrhealthmonitor_alert.jsonc new file mode 100644 index 0000000..3a8d56f --- /dev/null +++ b/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_asrhealthmonitor_alert.jsonc @@ -0,0 +1,106 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_RecoveryVault_ASRHealthMonitor_Alert", + "properties": { + "displayName": "Deploy RV ASR Health Monitoring Alerts", + "description": "Policy to audit/update Recovery Vault ASR Health Alerting to Azure monitor alerts", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.0.0", + "category": "Site Recovery", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + }, + "parameters": { + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "modify", + "audit", + "disabled" + ], + "defaultValue": "modify", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.RecoveryServices/Vaults" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + }, + { + "anyOf": [ + { + "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues", + "notEquals": "Enabled" + }, + { + "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues", + "notEquals": "Enabled" + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "conflictEffect": "audit", + "operations": [ + { + "value": "Disabled", + "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.emailNotificationsForSiteRecovery", + "operation": "addOrReplace" + }, + { + "value": "Enabled", + "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues", + "operation": "addOrReplace" + }, + { + "value": "Enabled", + "field": "Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues", + "operation": "addOrReplace" + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_backuphealthmonitor_alert.jsonc b/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_backuphealthmonitor_alert.jsonc index 243a755..253b9a6 100644 --- a/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_backuphealthmonitor_alert.jsonc +++ b/Definitions/policyDefinitions/Site Recovery/deploy_recoveryvault_backuphealthmonitor_alert.jsonc @@ -6,32 +6,19 @@ "description": "Policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts", "mode": "All", "metadata": { - "category": "Site Recovery", - "version": "1.1.0", "_deployed_by_amba": "True", + "version": "1.1.0", + "category": "Site Recovery", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ] }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "modify", - "audit", - "disabled" - ], - "defaultValue": "modify", - "type": "String" - }, "MonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -43,19 +30,32 @@ }, "MonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "modify", + "audit", + "disabled" + ], + "defaultValue": "modify", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.RecoveryServices/Vaults" + "equals": "Microsoft.RecoveryServices/Vaults", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", diff --git a/Definitions/policyDefinitions/Storage/deploy_storageaccount_availability_alert.jsonc b/Definitions/policyDefinitions/Storage/deploy_storageaccount_availability_alert.jsonc index 18c1e09..7301217 100644 --- a/Definitions/policyDefinitions/Storage/deploy_storageaccount_availability_alert.jsonc +++ b/Definitions/policyDefinitions/Storage/deploy_storageaccount_availability_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy SA Availability Alert", "mode": "All", "metadata": { - "category": "Storage", - "version": "1.2.0", "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "version": "1.2.0", + "category": "Storage", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT5M", "type": "String" }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,36 +55,30 @@ ], "type": "Array" }, - "MonitorDisableTagName": { + "effect": { "metadata": { - "description": "Tag name to disable monitoring resource. Set to true if monitoring should be disabled", - "displayName": "ALZ Monitoring disabled tag name" + "description": "Effect of the policy", + "displayName": "Effect" }, - "defaultValue": "MonitorDisable", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "String" }, - "windowSize": { + "MonitorDisableTagName": { "metadata": { - "description": "Window size for the alert", - "displayName": "Window Size" + "description": "Tag name to disable monitoring resource. Set to true if monitoring should be disabled", + "displayName": "ALZ Monitoring disabled tag name" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", + "defaultValue": "MonitorDisable", "type": "String" }, - "enabled": { + "autoMitigate": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, "allowedValues": [ "true", @@ -108,16 +102,22 @@ "defaultValue": "1", "type": "String" }, - "autoMitigate": { + "windowSize": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Window size for the alert", + "displayName": "Window Size" }, "allowedValues": [ - "true", - "false" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "true", + "defaultValue": "PT5M", "type": "String" }, "threshold": { @@ -133,8 +133,8 @@ "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -149,48 +149,48 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "Availability" + "equals": "Availability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Storage/storageAccounts/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Storage/storageAccounts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", - "equals": "LessThan" + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", - "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" + "equals": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" } ] }, @@ -206,17 +206,17 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "windowSize": { + "value": "[parameters('windowSize')]" }, "threshold": { "value": "[if(contains(field('tags'), '_amba-Availability-threshold-Override_'), field('tags._amba-Availability-threshold-Override_'), parameters('threshold'))]" @@ -238,16 +238,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "enabled": { "type": "String" }, - "enabled": { + "autoMitigate": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "windowSize": { "type": "String" }, "threshold": { @@ -262,6 +262,7 @@ } }, "contentVersion": "1.0.0.0", + "variables": {}, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -271,33 +272,36 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('windowSize')]" - }, "enabled": { "value": "[parameters('enabled')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "windowSize": { + "value": "[parameters('windowSize')]" }, "threshold": { "value": "[parameters('threshold')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", - "windowSize": "[parameters('windowSize')]", "enabled": "[parameters('enabled')]", - "severity": "[parameters('severity')]", "autoMitigate": "[parameters('autoMitigate')]", + "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]", + "scopes": [ + "[parameters('resourceId')]" + ], "criteria": { "allOf": [ { "threshold": "[parameters('threshold')]", - "timeAggregation": "Average", "name": "Availability", + "timeAggregation": "Average", "operator": "LessThan", "metricNamespace": "Microsoft.Storage/storageAccounts", "criterionType": "StaticThresholdCriterion", @@ -305,20 +309,16 @@ } ], "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" - }, - "scopes": [ - "[parameters('resourceId')]" - ] + } }, "location": "global", - "name": "[concat(parameters('resourceName'), '-AvailabilityAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-AvailabilityAlert')]", "tags": { "_deployed_by_amba": true } } ], - "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" } } diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_applicationgatewaytotaltime_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_applicationgatewaytotaltime_alert.jsonc new file mode 100644 index 0000000..4c15a1d --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_applicationgatewaytotaltime_alert.jsonc @@ -0,0 +1,351 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_ApplicationGatewayTotalTime_Alert", + "properties": { + "displayName": "Deploy AGW ApplicationGatewayTotalTime Alert", + "description": "Policy to audit/deploy Azure Application Gateway ApplicationGatewayTotalTime Alert", + "mode": "All", + "metadata": { + "version": "1.3.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "alertSensitivity": { + "metadata": { + "description": "Alert Sensitivity for the alert", + "displayName": "Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "Microsoft.Network/applicationgateways/sku.name", + "In": [ + "Standard_v2", + "WAF_v2" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "ApplicationGatewayTotalTime", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" + }, + { + "equals": "[parameters('alertSensitivity')]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "mode": "incremental", + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + }, + "alertSensitivity": { + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway ApplicationGatewayTotalTime", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "DynamicThresholdCriterion", + "alertSensitivity": "[parameters('alertSensitivity')]", + "metricName": "ApplicationGatewayTotalTime", + "name": "ApplicationGatewayTotalTime", + "operator": "GreaterThan", + "failingPeriods": { + "minFailingPeriodsToAlert": 2, + "numberOfEvaluationPeriods": 2 + } + } + ], + "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-agApplicationGatewayTotalTime')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_backendlastbyteresponsetime_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_backendlastbyteresponsetime_alert.jsonc new file mode 100644 index 0000000..6aec0e4 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_backendlastbyteresponsetime_alert.jsonc @@ -0,0 +1,351 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_BackendLastByteResponseTime_Alert", + "properties": { + "displayName": "Deploy AGW BackendLastByteResponseTime Alert", + "description": "Policy to audit/deploy Azure Application Gateway BackendLastByteResponseTime Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.3.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertSensitivity": { + "metadata": { + "description": "Alert Sensitivity for the alert", + "displayName": "Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "Microsoft.Network/applicationgateways/sku.name", + "In": [ + "Standard_v2", + "WAF_v2" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "BackendLastByteResponseTime", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" + }, + { + "equals": "[parameters('alertSensitivity')]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + }, + "alertSensitivity": { + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway BackendLastByteResponseTime", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "timeAggregation": "Average", + "failingPeriods": { + "numberOfEvaluationPeriods": 2, + "minFailingPeriodsToAlert": 2 + }, + "operator": "GreaterThan", + "name": "BackendLastByteResponseTime", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "DynamicThresholdCriterion", + "metricName": "BackendLastByteResponseTime", + "alertSensitivity": "[parameters('alertSensitivity')]" + } + ], + "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-agBackendLastByteResponseTime')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_capacityunits_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_capacityunits_alert.jsonc new file mode 100644 index 0000000..c360b9e --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_capacityunits_alert.jsonc @@ -0,0 +1,334 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_CapacityUnits_Alert", + "properties": { + "displayName": "Deploy AGW Capacity Units Alert", + "description": "Policy to audit/deploy Azure Application Gateway CapacityUnits Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "75", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "Microsoft.Network/applicationgateways/sku.name", + "In": [ + "Standard_v2", + "WAF_v2" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "CapacityUnits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-CapacityUnits-threshold-Override_'), field('tags._amba-CapacityUnits-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-CapacityUnits-threshold-Override_'), field('tags._amba-CapacityUnits-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "mode": "incremental", + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway Capacity Units", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "enabled": "[parameters('enabled')]", + "autoMitigate": "[parameters('autoMitigate')]", + "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]", + "scopes": [ + "[parameters('resourceId')]" + ], + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "name": "CapacityUnits", + "timeAggregation": "Average", + "operator": "GreaterThan", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "StaticThresholdCriterion", + "metricName": "CapacityUnits" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + } + }, + "location": "global", + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-agCapacityUnits')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_computeunits_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_computeunits_alert.jsonc new file mode 100644 index 0000000..baa196a --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_computeunits_alert.jsonc @@ -0,0 +1,334 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_ComputeUnits_Alert", + "properties": { + "displayName": "Deploy AGW Compute Units Alert", + "description": "Policy to audit/deploy Azure Application Gateway ComputeUnits Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "75", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "Microsoft.Network/applicationgateways/sku.name", + "In": [ + "Standard_v2", + "WAF_v2" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "ComputeUnits", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-ComputeUnits-threshold-Override_'), field('tags._amba-ComputeUnits-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-ComputeUnits-threshold-Override_'), field('tags._amba-ComputeUnits-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway Compute Units", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "GreaterThan", + "name": "ComputeUnits", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "StaticThresholdCriterion", + "metricName": "ComputeUnits" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-agComputeUnits')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_cpuutilization_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_cpuutilization_alert.jsonc new file mode 100644 index 0000000..07db582 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_cpuutilization_alert.jsonc @@ -0,0 +1,334 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_CPUUtilization_Alert", + "properties": { + "displayName": "Deploy AGW CPU Utilization Alert", + "description": "Policy to audit/deploy Azure Application Gateway CPU Utilization Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "threshold": { + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "80", + "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "Microsoft.Network/applicationgateways/sku.name", + "notIn": [ + "Standard_v2", + "WAF_v2" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "CpuUtilization", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-CpuUtilization-threshold-Override_'), field('tags._amba-CpuUtilization-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-CpuUtilization-threshold-Override_'), field('tags._amba-CpuUtilization-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway CPU Utilization", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "GreaterThan", + "name": "CpuUtilization", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "StaticThresholdCriterion", + "metricName": "CpuUtilization" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-agCpuUtilization')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_failedrequests_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_failedrequests_alert.jsonc new file mode 100644 index 0000000..e4d3bca --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_failedrequests_alert.jsonc @@ -0,0 +1,344 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_FailedRequests_Alert", + "properties": { + "displayName": "Deploy AGW FailedRequests Alert", + "description": "Policy to audit/deploy Azure Application Gateway FailedRequests Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "alertSensitivity": { + "metadata": { + "displayName": "Alert Sensitivity", + "description": "Alert Sensitivity for the alert" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "FailedRequests", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Total", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" + }, + { + "equals": "[parameters('alertSensitivity')]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "resourceName": { + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + }, + "type": "String" + }, + "alertSensitivity": { + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway FailedRequests", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "timeAggregation": "Total", + "failingPeriods": { + "numberOfEvaluationPeriods": 2, + "minFailingPeriodsToAlert": 2 + }, + "operator": "GreaterThan", + "name": "FailedRequests", + "metricNamespace": "Microsoft.Network/applicationgateways", + "alertSensitivity": "[parameters('alertSensitivity')]", + "criterionType": "DynamicThresholdCriterion", + "metricName": "FailedRequests" + } + ], + "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-agFailedRequests')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_responsestatus_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_responsestatus_alert.jsonc new file mode 100644 index 0000000..5a53e00 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_responsestatus_alert.jsonc @@ -0,0 +1,354 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_ResponseStatus_Alert", + "properties": { + "displayName": "Deploy AGW ResponseStatus Alert", + "description": "Policy to audit/deploy Azure Application Gateway ResponseStatus Alert", + "mode": "All", + "metadata": { + "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "alertSensitivity": { + "metadata": { + "description": "Alert Sensitivity for the alert", + "displayName": "Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/applicationgateways", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "ResponseStatus", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Total", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" + }, + { + "equals": "[parameters('alertSensitivity')]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" + }, + { + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + }, + "alertSensitivity": { + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway ResponseStatus", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "alertSensitivity": { + "value": "[parameters('alertSensitivity')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "timeAggregation": "Total", + "metricNamespace": "Microsoft.Network/applicationgateways", + "operator": "GreaterThan", + "criterionType": "DynamicThresholdCriterion", + "name": "ResponseStatus", + "alertSensitivity": "[parameters('alertSensitivity')]", + "failingPeriods": { + "numberOfEvaluationPeriods": 2, + "minFailingPeriodsToAlert": 2 + }, + "metricName": "ResponseStatus", + "dimensions": [ + { + "operator": "Include", + "name": "HttpStatusGroup", + "values": [ + "4xx", + "5xx" + ] + } + ] + } + ], + "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-agResponseStatus')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_ag_unhealthyhostcount_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_ag_unhealthyhostcount_alert.jsonc new file mode 100644 index 0000000..a7efdd7 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_ag_unhealthyhostcount_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_AG_UnhealthyHostCount_Alert", + "properties": { + "displayName": "Deploy AGW Unhealthy Host Count Alert", + "description": "Policy to audit/deploy Azure Application Gateway Unhealthy Host Count Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "20", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Network/applicationgateways" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", + "equals": "Microsoft.Network/applicationgateways" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", + "equals": "UnhealthyHostCount" + }, + { + "field": "Microsoft.Insights/metricalerts/scopes[*]", + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationgateways/', field('fullName'))]" + }, + { + "field": "Microsoft.Insights/metricAlerts/enabled", + "equals": "[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[if(contains(field('tags'), '_amba-UnhealthyHostCount-threshold-Override_'), field('tags._amba-UnhealthyHostCount-threshold-Override_'), parameters('threshold'))]" + } + ] + }, + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "resourceName": { + "value": "[field('name')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-UnhealthyHostCount-threshold-Override_'), field('tags._amba-UnhealthyHostCount-threshold-Override_'), parameters('threshold'))]" + } + }, + "mode": "incremental", + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + }, + "threshold": { + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Gateway Unhealthy Host Count", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "scopes": [ + "[parameters('resourceId')]" + ], + "criteria": { + "allOf": [ + { + "name": "CpuUtilization", + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/applicationgateways", + "criterionType": "StaticThresholdCriterion", + "metricName": "UnhealthyHostCount", + "operator": "GreaterThan" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + } + }, + "location": "global", + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-agUnhealthyHostCount')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_alb_datapathavailability_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_alb_datapathavailability_alert.jsonc new file mode 100644 index 0000000..89e5444 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_alb_datapathavailability_alert.jsonc @@ -0,0 +1,334 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ALB_DataPathAvailability_Alert", + "properties": { + "displayName": "Deploy ALB Data Path Availability Alert", + "description": "Policy to audit/deploy Azure Load Balancer Data Path Availability Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "0", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "type" + }, + { + "field": "Microsoft.Network/loadBalancers/sku.name", + "in": [ + "Standard", + "Gateway" + ] + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "VipAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-VipAvailability-threshold-Override_'), field('tags._amba-VipAvailability-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "mode": "incremental", + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ALB Data Path Availability", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "enabled": "[parameters('enabled')]", + "autoMitigate": "[parameters('autoMitigate')]", + "severity": "[parameters('severity')]", + "windowSize": "[parameters('windowSize')]", + "scopes": [ + "[parameters('resourceId')]" + ], + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "name": "VipAvailability", + "timeAggregation": "Average", + "operator": "LessThan", + "metricNamespace": "Microsoft.Network/loadBalancers", + "criterionType": "StaticThresholdCriterion", + "metricName": "VipAvailability" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + } + }, + "location": "global", + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-ALBDataPathAvailability')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_alb_globalbackendavailability_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_alb_globalbackendavailability_alert.jsonc new file mode 100644 index 0000000..6eaf472 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_alb_globalbackendavailability_alert.jsonc @@ -0,0 +1,331 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ALB_GlobalBackendAvailability_Alert", + "properties": { + "displayName": "Deploy ALB Global Backend Availability Alert", + "description": "Policy to audit/deploy Azure Load Balancer Global Backend Availability Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "0", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "type" + }, + { + "equals": "Global", + "field": "Microsoft.Network/loadBalancers/sku.tier" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "GlobalBackendAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-GlobalBackendAvailability-threshold-Override_'), field('tags._amba-GlobalBackendAvailability-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for Global Backend Availability", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "LessThan", + "name": "GlobalBackendAvailability", + "metricNamespace": "Microsoft.Network/loadBalancers", + "criterionType": "StaticThresholdCriterion", + "metricName": "GlobalBackendAvailability" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-ALBGlobalBackendAvailability')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_alb_healthprobestatus_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_alb_healthprobestatus_alert.jsonc new file mode 100644 index 0000000..9f3772a --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_alb_healthprobestatus_alert.jsonc @@ -0,0 +1,338 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ALB_HealthProbeStatus_Alert", + "properties": { + "displayName": "Deploy ALB Health Probe Status Alert", + "description": "Policy to audit/deploy Azure Load Balancer Health Probe Status Alert", + "mode": "All", + "metadata": { + "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "type" + }, + { + "field": "Microsoft.Network/loadBalancers/sku.name", + "in": [ + "Standard", + "Gateway" + ] + }, + { + "equals": "Regional", + "field": "Microsoft.Network/loadBalancers/sku.tier" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "DipAvailability", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-DipAvailability-threshold-Override_'), field('tags._amba-DipAvailability-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ALB Health Probe Status", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/loadBalancers", + "operator": "LessThan", + "criterionType": "StaticThresholdCriterion", + "name": "DipAvailability", + "metricName": "DipAvailability" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-ALBHealthProbeStatus')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_alb_usedsnatports_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_alb_usedsnatports_alert.jsonc new file mode 100644 index 0000000..5823deb --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_alb_usedsnatports_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ALB_UsedSNATPorts_Alert", + "properties": { + "displayName": "Deploy ALB Used SNAT Ports Alert", + "description": "Policy to audit/deploy Azure Load Balancer Used SNAT Ports Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "900", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/loadBalancers", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "UsedSNATPorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-UsedSNATPorts-threshold-Override_'), field('tags._amba-UsedSNATPorts-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ALB Used SNAT Ports", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "GreaterThan", + "name": "UsedSNATPorts", + "metricNamespace": "Microsoft.Network/loadBalancers", + "criterionType": "StaticThresholdCriterion", + "metricName": "UsedSNATPorts" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-ALBUsedSNATPorts')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsin_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsin_alert.jsonc new file mode 100644 index 0000000..1b83e54 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsin_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRouteBitsIn_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute Bits In Alert", + "description": "Policy to audit/deploy ER Direct Connection BitsInPerSecond Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "0", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "1", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "PortBitsInPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-PortBitsInPerSecond-threshold-Override_'), field('tags._amba-PortBitsInPerSecond-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-PortBitsInPerSecond-threshold-Override_'), field('tags._amba-PortBitsInPerSecond-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection BitsInPerSecond", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "operator": "LessThan", + "metricName": "PortBitsInPerSecond", + "name": "PortBitsInPerSecond" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DirectERBitsInAlert')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsout_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsout_alert.jsonc new file mode 100644 index 0000000..e8cb547 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutebitsout_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRouteBitsOut_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute Bits Out Alert", + "description": "Policy to audit/deploy ER Direct Connection BitsOutPerSecond Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "0", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "1", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "PortBitsOutPerSecond", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-PortBitsOutPerSecond-threshold-Override_'), field('tags._amba-PortBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-PortBitsOutPerSecond-threshold-Override_'), field('tags._amba-PortBitsOutPerSecond-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection BitsOutPerSecond", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "operator": "LessThan", + "metricName": "PortBitsOutPerSecond", + "name": "PortBitsOutPerSecond" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DirectERBitsOutAlert')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutlineprotocol_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutlineprotocol_alert.jsonc new file mode 100644 index 0000000..1cbce11 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutlineprotocol_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRoutLineProtocol_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute LineProtocol Alert", + "description": "Policy to audit/deploy ER Direct LineProtocol Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "0", + "type": "String" + }, + "threshold": { + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "0.9", + "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "LineProtocol", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-LineProtocol-threshold-Override_'), field('tags._amba-LineProtocol-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-LineProtocol-threshold-Override_'), field('tags._amba-LineProtocol-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection LineProtocolPerSecond", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "LessThan", + "name": "LineProtocol", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "metricName": "LineProtocol" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-DirectERLineProtocolAlert')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutrxlightlevellow_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutrxlightlevellow_alert.jsonc new file mode 100644 index 0000000..8f4e99d --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressroutrxlightlevellow_alert.jsonc @@ -0,0 +1,331 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRoutRxLightLevellow_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute RxLightLevel Low Alert", + "description": "Policy to audit/deploy ER Direct RxLightLevel Low Alert", + "mode": "All", + "metadata": { + "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "-10", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "RxLightLevel", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-RxLightLevel-Low-threshold-Override_'), field('tags._amba-RxLightLevel-Low-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-RxLightLevel-Low-threshold-Override_'), field('tags._amba-RxLightLevel-Low-threshold-Override_'), parameters('threshold'))]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "mode": "incremental", + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection RxLightLevelLow", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "metricName": "RxLightLevel", + "name": "RxLightLevel", + "operator": "LessThan" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DirectERRxLightLevelLowAlert')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevell_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevell_alert.jsonc new file mode 100644 index 0000000..1edc96b --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevell_alert.jsonc @@ -0,0 +1,331 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRoutTxLightLevell_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute TxLightLevel High Alert", + "description": "Policy to audit/deploy ER Direct TxLightLevel High Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "0", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "TxLightLevel", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-TxLightLevel-High-threshold-Override_'), field('tags._amba-TxLightLevel-High-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-TxLightLevel-High-threshold-Override_'), field('tags._amba-TxLightLevel-High-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection TxLightLevelHigh", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "operator": "GreaterThan", + "name": "TxLightLevel", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "metricName": "TxLightLevel" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DirectERTxLightLevelHighAlert')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevellow_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevellow_alert.jsonc new file mode 100644 index 0000000..f91dd54 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_erp_expressrouttxlightlevellow_alert.jsonc @@ -0,0 +1,331 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_ERP_ExpressRoutTxLightLevellow_Alert", + "properties": { + "displayName": "Deploy ER Direct ExpressRoute TxLightLevel Low Alert", + "description": "Policy to audit/deploy ER Direct TxLightLevel Low Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "autoMitigate": { + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "effect": { + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "windowSize": { + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "enabled": { + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "severity": { + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "threshold": { + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "-10", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/expressRoutePorts", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "TxLightLevel", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-TxLightLevel-Low-threshold-Override_'), field('tags._amba-TxLightLevel-Low-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-TxLightLevel-Low-threshold-Override_'), field('tags._amba-TxLightLevel-Low-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for ER Direct Connection TxLightLevelLow", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "enabled": "[parameters('enabled')]", + "severity": "[parameters('severity')]", + "criteria": { + "allOf": [ + { + "timeAggregation": "Average", + "threshold": "[parameters('threshold')]", + "operator": "LessThan", + "name": "TxLightLevel", + "metricNamespace": "Microsoft.Network/expressRoutePorts", + "criterionType": "StaticThresholdCriterion", + "metricName": "TxLightLevel" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-DirectERTxLightLevelLowAlert')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_frontdoorcdn_originhealthpercentage_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_frontdoorcdn_originhealthpercentage_alert.jsonc new file mode 100644 index 0000000..7c45518 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_frontdoorcdn_originhealthpercentage_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_FrontDoorCDN_OriginHealthPercentage_Alert", + "properties": { + "displayName": "Deploy FrontDoor CDN Profile Origin Health Percentage Alert", + "description": "Policy to audit/deploy FrontDoor Origin Health Percentage Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Cdn/profiles", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Cdn/profiles", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "OriginHealthPercentage", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Cdn/profiles/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-OriginHealthPercentage-threshold-override_'), field('tags._amba-OriginHealthPercentage-threshold-override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-OriginHealthPercentage-threshold-override_'), field('tags._amba-OriginHealthPercentage-threshold-override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for Frontdoor Origin Health Percentage", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Cdn/profiles", + "criterionType": "StaticThresholdCriterion", + "operator": "LessThan", + "metricName": "OriginHealthPercentage", + "name": "OriginHealthPercentage" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-OriginHealthPercentage')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_tm_endpointhealth_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_tm_endpointhealth_alert.jsonc new file mode 100644 index 0000000..81c5402 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_tm_endpointhealth_alert.jsonc @@ -0,0 +1,336 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_TM_EndpointHealth_Alert", + "properties": { + "displayName": "Deploy Traffic Manager Endpoint Health Alert", + "description": "Policy to audit/deploy FTraffic Manager Endpoint Health Health Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Networking" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "0.9", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Network/trafficmanagerprofiles", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Network/trafficmanagerprofiles", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "ProbeAgentCurrentEndpointStateByProfileResourceId", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/trafficmanagerprofiles/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "LessThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-EndpointHealth-threshold-Override_'), field('tags._amba-EndpointHealth-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-EndpointHealth-threshold-Override_'), field('tags._amba-EndpointHealth-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for Traffic Manager Endpoint Health", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Network/trafficmanagerprofiles", + "criterionType": "StaticThresholdCriterion", + "operator": "LessThan", + "metricName": "ProbeAgentCurrentEndpointStateByProfileResourceId", + "name": "EndpointHealth", + "dimensions": [ + { + "operator": "Include", + "name": "EndpointName", + "values": [ + "*" + ] + } + ] + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-EndpointHealthAlert')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_wsf_cpupercentage_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_wsf_cpupercentage_alert.jsonc new file mode 100644 index 0000000..2a31192 --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_wsf_cpupercentage_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_WSF_CPUPercentage_Alert", + "properties": { + "displayName": "Deploy App Service Plan CPU Percentage Alert", + "description": "Policy to audit/deploy App Service Plan CPU Percentage Alert", + "mode": "All", + "metadata": { + "version": "1.2.0", + "_deployed_by_amba": "True", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Web Services" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "90", + "type": "String" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Web/serverfarms", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Web/serverfarms", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "CpuPercentage", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-CpuPercentage-threshold-Override_'), field('tags._amba-CpuPercentage-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-CpuPercentage-threshold-Override_'), field('tags._amba-CpuPercentage-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Service Plan CPU Percentage", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Web/serverfarms", + "operator": "GreaterThan", + "criterionType": "StaticThresholdCriterion", + "name": "CpuPercentage", + "metricName": "CpuPercentage" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "location": "global", + "name": "[concat(parameters('resourceName'), '-CpuPercentage')]", + "tags": { + "_deployed_by_amba": true + } + } + ], + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Unknown Category/deploy_wsf_memorypercentage_alert.jsonc b/Definitions/policyDefinitions/Unknown Category/deploy_wsf_memorypercentage_alert.jsonc new file mode 100644 index 0000000..91436eb --- /dev/null +++ b/Definitions/policyDefinitions/Unknown Category/deploy_wsf_memorypercentage_alert.jsonc @@ -0,0 +1,327 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json", + "name": "Deploy_WSF_MemoryPercentage_Alert", + "properties": { + "displayName": "Deploy App Service Plan Memory Percentage Alert", + "description": "Policy to audit/deploy App Service Plan Memory Percentage Alert", + "mode": "All", + "metadata": { + "_deployed_by_amba": "True", + "version": "1.2.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "Category": "Web Services" + }, + "parameters": { + "evaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "windowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" + }, + "severity": { + "metadata": { + "description": "Severity of the Alert", + "displayName": "Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "enabled": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Alert State" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, + "threshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Threshold" + }, + "defaultValue": "85", + "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Web/serverfarms", + "field": "type" + }, + { + "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "equals": "Microsoft.Web/serverfarms", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" + }, + { + "equals": "MemoryPercentage", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" + }, + { + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" + }, + { + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" + }, + { + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" + }, + { + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" + }, + { + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" + }, + { + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" + }, + { + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation" + }, + { + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator" + }, + { + "equals": "[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold" + } + ] + }, + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "deployment": { + "properties": { + "parameters": { + "resourceId": { + "value": "[field('id')]" + }, + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]" + }, + "resourceName": { + "value": "[field('name')]" + } + }, + "template": { + "parameters": { + "resourceId": { + "metadata": { + "description": "Resource ID of the resource emitting the metric that will be used for the comparison", + "displayName": "resourceId" + }, + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "severity": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "resourceName": { + "metadata": { + "description": "Name of the resource", + "displayName": "resourceName" + }, + "type": "String" + } + }, + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "properties": { + "description": "Metric Alert for App Service Plan Memory Percentage", + "parameters": { + "evaluationFrequency": { + "value": "[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, + "windowSize": { + "value": "[parameters('windowSize')]" + }, + "severity": { + "value": "[parameters('severity')]" + }, + "enabled": { + "value": "[parameters('enabled')]" + }, + "threshold": { + "value": "[parameters('threshold')]" + } + }, + "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", + "windowSize": "[parameters('windowSize')]", + "severity": "[parameters('severity')]", + "enabled": "[parameters('enabled')]", + "criteria": { + "allOf": [ + { + "threshold": "[parameters('threshold')]", + "timeAggregation": "Average", + "metricNamespace": "Microsoft.Web/serverfarms", + "criterionType": "StaticThresholdCriterion", + "operator": "GreaterThan", + "metricName": "MemoryPercentage", + "name": "MemoryPercentage" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "scopes": [ + "[parameters('resourceId')]" + ] + }, + "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-MemoryPercentage')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + } + } + ], + "variables": {}, + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" + }, + "mode": "incremental" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/Definitions/policyDefinitions/Web Services/deploy_wsf_diskqueuelength_alert.jsonc b/Definitions/policyDefinitions/Web Services/deploy_wsf_diskqueuelength_alert.jsonc index e47436c..fa04f0a 100644 --- a/Definitions/policyDefinitions/Web Services/deploy_wsf_diskqueuelength_alert.jsonc +++ b/Definitions/policyDefinitions/Web Services/deploy_wsf_diskqueuelength_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy App Service Plan Disk Queue Length Alert", "mode": "All", "metadata": { + "_deployed_by_amba": "True", "category": "Web Services", "version": "1.2.0", - "_deployed_by_amba": "True", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" - ] + ], + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,25 +30,16 @@ "defaultValue": "PT5M", "type": "String" }, - "MonitorDisableTagValues": { + "autoMitigate": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" }, - "defaultValue": [ + "allowedValues": [ "true", - "Test", - "Dev", - "Sandbox" + "false" ], - "type": "Array" - }, - "MonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", + "defaultValue": "true", "type": "String" }, "windowSize": { @@ -81,16 +60,16 @@ "defaultValue": "PT5M", "type": "String" }, - "enabled": { + "effect": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Alert State" + "description": "Effect of the policy", + "displayName": "Effect" }, "allowedValues": [ - "true", - "false" + "deployIfNotExists", + "disabled" ], - "defaultValue": "true", + "defaultValue": "deployIfNotExists", "type": "String" }, "severity": { @@ -108,10 +87,10 @@ "defaultValue": "2", "type": "String" }, - "autoMitigate": { + "enabled": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" + "description": "Alert state for the alert", + "displayName": "Alert State" }, "allowedValues": [ "true", @@ -119,14 +98,35 @@ ], "defaultValue": "true", "type": "String" + }, + "MonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, + "MonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Web/serverfarms" + "equals": "Microsoft.Web/serverfarms", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Web/serverfarms" + "equals": "Microsoft.Web/serverfarms", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "DiskQueueLength" + "equals": "DiskQueueLength", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -206,23 +206,22 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" }, "resourceName": { "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -235,16 +234,16 @@ "evaluationFrequency": { "type": "String" }, - "windowSize": { + "autoMitigate": { "type": "String" }, - "enabled": { + "windowSize": { "type": "String" }, "severity": { "type": "String" }, - "autoMitigate": { + "enabled": { "type": "String" }, "resourceName": { @@ -265,37 +264,37 @@ "evaluationFrequency": { "value": "[parameters('evaluationFrequency')]" }, + "autoMitigate": { + "value": "[parameters('autoMitigate')]" + }, "windowSize": { "value": "[parameters('windowSize')]" }, - "enabled": { - "value": "[parameters('enabled')]" - }, "severity": { "value": "[parameters('severity')]" }, - "autoMitigate": { - "value": "[parameters('autoMitigate')]" + "enabled": { + "value": "[parameters('enabled')]" } }, "evaluationFrequency": "[parameters('evaluationFrequency')]", + "autoMitigate": "[parameters('autoMitigate')]", "windowSize": "[parameters('windowSize')]", - "enabled": "[parameters('enabled')]", "severity": "[parameters('severity')]", - "autoMitigate": "[parameters('autoMitigate')]", + "enabled": "[parameters('enabled')]", "criteria": { "allOf": [ { "timeAggregation": "Average", + "metricNamespace": "Microsoft.Web/serverfarms", + "criterionType": "DynamicThresholdCriterion", + "operator": "GreaterThan", + "metricName": "DiskQueueLength", "name": "ServiceApiResult", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 }, - "operator": "GreaterThan", - "metricNamespace": "Microsoft.Web/serverfarms", - "criterionType": "DynamicThresholdCriterion", - "metricName": "DiskQueueLength", "alertSensitivity": "Medium" } ], @@ -305,9 +304,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", - "name": "[concat(parameters('resourceName'), '-DiskQueueLengthAlert')]", "apiVersion": "2018-03-01", + "name": "[concat(parameters('resourceName'), '-DiskQueueLengthAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -315,7 +314,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policyDefinitions/Web Services/deploy_wsf_httpqueuelength_alert.jsonc b/Definitions/policyDefinitions/Web Services/deploy_wsf_httpqueuelength_alert.jsonc index d937d23..1b04f47 100644 --- a/Definitions/policyDefinitions/Web Services/deploy_wsf_httpqueuelength_alert.jsonc +++ b/Definitions/policyDefinitions/Web Services/deploy_wsf_httpqueuelength_alert.jsonc @@ -6,27 +6,15 @@ "description": "Policy to audit/deploy App Service Plan Http Queue Length Alert", "mode": "All", "metadata": { - "category": "Web Services", "_deployed_by_amba": "True", "version": "1.2.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Web Services", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "effect": { - "metadata": { - "description": "Effect of the policy", - "displayName": "Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "String" - }, "evaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", @@ -42,6 +30,18 @@ "defaultValue": "PT5M", "type": "String" }, + "autoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "Auto Mitigate" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true", + "type": "String" + }, "MonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -55,18 +55,6 @@ ], "type": "Array" }, - "autoMitigate": { - "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "Auto Mitigate" - }, - "allowedValues": [ - "true", - "false" - ], - "defaultValue": "true", - "type": "String" - }, "windowSize": { "metadata": { "description": "Window size for the alert", @@ -119,14 +107,26 @@ ], "defaultValue": "2", "type": "String" + }, + "effect": { + "metadata": { + "description": "Effect of the policy", + "displayName": "Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "String" } }, "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Web/serverfarms" + "equals": "Microsoft.Web/serverfarms", + "field": "type" }, { "field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]", @@ -141,56 +141,56 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", - "equals": "Microsoft.Web/serverfarms" + "equals": "Microsoft.Web/serverfarms", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", - "equals": "HttpQueueLength" + "equals": "HttpQueueLength", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName" }, { - "field": "Microsoft.Insights/metricalerts/scopes[*]", - "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]" + "equals": "[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]", + "field": "Microsoft.Insights/metricalerts/scopes[*]" }, { - "field": "Microsoft.Insights/metricAlerts/enabled", - "equals": "[parameters('enabled')]" + "equals": "[parameters('enabled')]", + "field": "Microsoft.Insights/metricAlerts/enabled" }, { - "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", - "equals": "[parameters('evaluationFrequency')]" + "equals": "[parameters('evaluationFrequency')]", + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency" }, { - "field": "Microsoft.Insights/metricAlerts/windowSize", - "equals": "[parameters('windowSize')]" + "equals": "[parameters('windowSize')]", + "field": "Microsoft.Insights/metricAlerts/windowSize" }, { - "field": "Microsoft.Insights/metricalerts/severity", - "equals": "[parameters('severity')]" + "equals": "[parameters('severity')]", + "field": "Microsoft.Insights/metricalerts/severity" }, { - "field": "Microsoft.Insights/metricAlerts/autoMitigate", - "equals": "[parameters('autoMitigate')]" + "equals": "[parameters('autoMitigate')]", + "field": "Microsoft.Insights/metricAlerts/autoMitigate" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", - "equals": "Average" + "equals": "Average", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", - "equals": "GreaterThan" + "equals": "GreaterThan", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", - "equals": "Medium" + "equals": "Medium", + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert" }, { - "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", - "equals": 2 + "equals": 2, + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods" } ] }, @@ -222,7 +222,6 @@ "value": "[field('name')]" } }, - "mode": "incremental", "template": { "parameters": { "resourceId": { @@ -286,17 +285,17 @@ "criteria": { "allOf": [ { - "name": "ServiceApiResult", "timeAggregation": "Average", "failingPeriods": { "numberOfEvaluationPeriods": 2, "minFailingPeriodsToAlert": 2 }, "operator": "GreaterThan", + "name": "ServiceApiResult", "metricNamespace": "Microsoft.Web/serverfarms", - "alertSensitivity": "Medium", "criterionType": "DynamicThresholdCriterion", - "metricName": "HttpQueueLength" + "metricName": "HttpQueueLength", + "alertSensitivity": "Medium" } ], "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" @@ -305,9 +304,9 @@ "[parameters('resourceId')]" ] }, - "location": "global", "apiVersion": "2018-03-01", "name": "[concat(parameters('resourceName'), '-HttpQueueLengthAlert')]", + "location": "global", "tags": { "_deployed_by_amba": true } @@ -315,7 +314,8 @@ ], "variables": {}, "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" - } + }, + "mode": "incremental" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-connectivity.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-connectivity.jsonc index 3b573a0..13fc84e 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-connectivity.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-connectivity.jsonc @@ -5,66 +5,49 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Connectivity", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.", "metadata": { - "_deployed_by_amba": true, + "category": "Monitoring", "version": "1.1.1", "alzCloudEnvironments": [ "AzureCloud" ], - "category": "Monitoring", + "_deployed_by_amba": true, "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorDisableTagValues": { + "LBGlobalBackendAvailabilityEvaluationFrequency": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "description": "Evaluation frequency for the alert", + "displayName": "LB Global Backend Availability Evaluation Frequency" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "type": "Array" - }, - "ALZMonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisableTagName", - "type": "String" - }, - "ALZMonitorResourceGroupName": { - "metadata": { - "description": "Name of the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Name" - }, - "defaultValue": "ALZ-Monitoring-RG", - "type": "String" - }, - "ALZMonitorResourceGroupTags": { - "metadata": { - "description": "Tags to be applied to the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Tags" - }, - "defaultValue": { - "_deployed_by_alz_monitor": true - }, - "type": "Object" + "defaultValue": "PT1M", + "type": "string" }, - "ALZMonitorResourceGroupLocation": { + "LBDatapathAvailabilityEvaluationFrequency": { "metadata": { - "description": "Location of the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Location" + "description": "Evaluation frequency for the alert", + "displayName": "LB Data path Availability Evaluation Frequency" }, - "defaultValue": "centralus", - "type": "String" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "string" }, - "ERCIRQoSDropBitsinPerSecAlertSeverity": { + "LBGlobalBackendAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERC IRQoS Drop Bits in Per Sec Alert Severity" + "displayName": "LB Global Backend Availability Alert Severity" }, "allowedValues": [ "0", @@ -73,31 +56,40 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "0", "type": "String" }, - "ERCIRQoSDropBitsinPerSecWindowSize": { + "LBGlobalBackendAvailabilityPolicyEffect": { "metadata": { - "description": "Window size for the alert", - "displayName": "ERC IRQoS Drop Bits in Per Sec Window Size" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "LB Global Backend Availability Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "string" + }, + "LBHealthProbeStatusEvaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "LB Health Probe Status Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "ERCIRQoSDropBitsinPerSecEvaluationFrequency": { + "PIPVIPAvailabilityEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERC IRQoS Drop Bits in Per Sec Evaluation Frequency" + "displayName": "PIP VIP Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -106,33 +98,39 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "ERCIRQoSDropBitsinPerSecPolicyEffect": { + "LBGlobalBackendAvailabilityWindowSize": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERC IRQoS Drop Bits in Per Sec Policy Effect" + "description": "Window size for the alert", + "displayName": "LB Global Backend Availability Window Size" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "string" }, - "ERCIRQoSDropBitsinPerSecAlertState": { + "LBGlobalBackendAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERC IRQoS Drop Bits in Per Sec Alert State" + "displayName": "LB Global Backend Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "ERCIRQoSDropBitsoutPerSecAlertSeverity": { + "LBDatapathAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERC IRQoS Drop Bits out Per Sec Alert Severity" + "displayName": "LB Data path Availability Alert Severity" }, "allowedValues": [ "0", @@ -141,31 +139,28 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "0", "type": "String" }, - "ERCIRQoSDropBitsoutPerSecWindowSize": { + "PIPPacketsInDDoSEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "ERC IRQoS Drop Bits out Per Sec Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "PIP Packets In DDoS Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "ERCIRQoSDropBitsoutPerSecEvaluationFrequency": { + "LBUsedSNATPortsEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERC IRQoS Drop Bits out Per Sec Evaluation Frequency" + "displayName": "LB Used SNAT Ports Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -174,13 +169,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "ERCIRQoSDropBitsoutPerSecPolicyEffect": { + "LBDatapathAvailabilityPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERC IRQoS Drop Bits out Per Sec Policy Effect" + "displayName": "LB Data path Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -189,51 +184,25 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERCIRQoSDropBitsoutPerSecAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "ERC IRQoS Drop Bits out Per Sec Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "VPNGwBGPPeerStatusAlertSeverity": { - "metadata": { - "description": "Severity of the alert", - "displayName": "VPN Gw BGP Peer Status Alert Severity" - }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "3", - "type": "String" - }, - "VPNGwBGPPeerStatusWindowSize": { + "PIPBytesInDDoSEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "VPN Gw BGP Peer Status Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "PIP Bytes In DDoS Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "VPNGwBGPPeerStatusEvaluationFrequency": { + "VNETDDOSAttackEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN Gw BGP Peer Status Evaluation Frequency" + "displayName": "VNET DDoS Attack Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -242,41 +211,39 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VPNGwBGPPeerStatusPolicyEffect": { + "LBDatapathAvailabilityWindowSize": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN Gw BGP Peer Status Policy Effect" + "description": "Window size for the alert", + "displayName": "LB Data path Availability Window Size" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "string" }, - "VPNGwBGPPeerStatusAlertState": { + "LBDatapathAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN Gw BGP Peer Status Alert State" + "displayName": "LB Data path Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGwBGPPeerStatusThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "VPN Gw BGP Peer Status Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "VnetGwERCpuUtilAlertSeverity": { + "LBHealthProbeStatusAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw ER Cpu Util Alert Severity" + "displayName": "LB Health Probe Status Alert Severity" }, "allowedValues": [ "0", @@ -285,46 +252,43 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "2", "type": "String" }, - "VnetGwERCpuUtilWindowSize": { + "PIPDDoSAttackEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "Vnet Gw ER Cpu Util Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "PIP DDoS Attack Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "VnetGwERCpuUtilEvaluationFrequency": { + "PIPVIPAvailabilityAlertSeverity": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw ER Cpu Util Evaluation Frequency" + "description": "Severity of the alert", + "displayName": "PIP VIP Availability Alert Severity" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT1M", - "type": "string" + "defaultValue": "1", + "type": "String" }, - "VnetGwERCpuUtilPolicyEffect": { + "LBHealthProbeStatusPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw ER Cpu Util Policy Effect" + "displayName": "LB Health Probe Status Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -333,41 +297,22 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwERCpuUtilAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Vnet Gw ER Cpu Util Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "VnetGwERCpuUtilThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Vnet Gw ER Cpu Util Threshold" - }, - "defaultValue": "80", - "type": "string" - }, - "VnetGwTunnelBWAlertSeverity": { + "PIPVIPAvailabilityPolicyEffect": { "metadata": { - "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel BW Alert Severity" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "PIP VIP Availability Policy Effect" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "0", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "VnetGwTunnelBWWindowSize": { + "LBHealthProbeStatusWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel BW Window Size" + "displayName": "LB Health Probe Status Window Size" }, "allowedValues": [ "PT1M", @@ -382,53 +327,41 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelBWEvaluationFrequency": { - "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel BW Evaluation Frequency" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT1M", - "type": "string" - }, - "VnetGwTunnelBWPolicyEffect": { + "PIPPacketsInDDoSAlertSeverity": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel BW Policy Effect" + "description": "Severity of the alert", + "displayName": "PIP Packets In DDoS Alert Severity" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "deployIfNotExists", - "type": "string" + "defaultValue": "4", + "type": "String" }, - "VnetGwTunnelBWAlertState": { + "LBHealthProbeStatusAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel BW Alert State" + "displayName": "LB Health Probe Status Alert State" }, "defaultValue": "true", "type": "string" }, - "VnetGwTunnelBWThreshold": { + "PIPVIPAvailabilityAlertState": { "metadata": { - "description": "Threshold for the alert", - "displayName": "Vnet Gw Tunnel BW Threshold" + "description": "Alert state for the alert", + "displayName": "PIP VIP Availability Alert State" }, - "defaultValue": "1", + "defaultValue": "true", "type": "string" }, - "VnetGwTunnelEgressAlertSeverity": { + "LBUsedSNATPortsAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Egress Alert Severity" + "displayName": "LB Used SNAT Ports Alert Severity" }, "allowedValues": [ "0", @@ -437,13 +370,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "1", "type": "String" }, - "VnetGwTunnelEgressWindowSize": { + "PIPVIPAvailabilityWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Egress Window Size" + "displayName": "PIP VIP Availability Window Size" }, "allowedValues": [ "PT1M", @@ -458,25 +391,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelEgressEvaluationFrequency": { - "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Egress Evaluation Frequency" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", - "type": "string" - }, - "VnetGwTunnelEgressPolicyEffect": { + "PIPPacketsInDDoSPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Egress Policy Effect" + "displayName": "PIP Packets In DDoS Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -485,26 +403,10 @@ "defaultValue": "disabled", "type": "string" }, - "VnetGwTunnelEgressAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Egress Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "VnetGwTunnelEgressThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Vnet Gw Tunnel Egress Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "VnetGwTunnelIngressAlertSeverity": { + "PIPBytesInDDoSAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Ingress Alert Severity" + "displayName": "PIP Bytes In DDoS Alert Severity" }, "allowedValues": [ "0", @@ -513,74 +415,60 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "4", "type": "String" }, - "VnetGwTunnelIngressWindowSize": { + "LBUsedSNATPortsPolicyEffect": { "metadata": { - "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Ingress Window Size" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "LB Used SNAT Ports Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwTunnelIngressEvaluationFrequency": { + "VNETDDOSAttackAlertSeverity": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Ingress Evaluation Frequency" + "description": "Severity of the alert", + "displayName": "VNET DDoS Attack Alert Severity" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT5M", + "defaultValue": "1", + "type": "String" + }, + "PIPVIPAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PIP VIP Availability Threshold" + }, + "defaultValue": "1", "type": "string" }, - "VnetGwTunnelIngressPolicyEffect": { + "VNETDDOSAttackPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Ingress Policy Effect" + "displayName": "VNET DDoS Attack Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", - "type": "string" - }, - "VnetGwTunnelIngressAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Ingress Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "VnetGwTunnelIngressThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Vnet Gw Tunnel Ingress Threshold" - }, - "defaultValue": "1", + "defaultValue": "deployIfNotExists", "type": "string" }, - "VPNGWBandWidthUtilAlertSeverity": { + "PIPDDoSAttackAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VPN GW Band Width Util Alert Severity" + "displayName": "PIP DDoS Attack Alert Severity" }, "allowedValues": [ "0", @@ -589,13 +477,26 @@ "3", "4" ], - "defaultValue": "0", - "type": "String" + "defaultValue": "1", + "type": "String" + }, + "ALZMonitorDisableTagValues": { + "metadata": { + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" }, - "VPNGWBandWidthUtilWindowSize": { + "PIPPacketsInDDoSWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Band Width Util Window Size" + "displayName": "PIP Packets In DDoS Window Size" }, "allowedValues": [ "PT1M", @@ -610,25 +511,30 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWBandWidthUtilEvaluationFrequency": { + "PIPBytesInDDoSPolicyEffect": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Band Width Util Evaluation Frequency" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "PIP Bytes In DDoS Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "disabled", "type": "string" }, - "VPNGWBandWidthUtilPolicyEffect": { + "PIPPacketsInDDoSAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "PIP Packets In DDoS Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "PIPDDoSAttackPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Band Width Util Policy Effect" + "displayName": "PIP DDoS Attack Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -637,41 +543,44 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VPNGWBandWidthUtilAlertState": { + "LBUsedSNATPortsAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Band Width Util Alert State" + "displayName": "LB Used SNAT Ports Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGWBandWidthUtilThreshold": { + "LBUsedSNATPortsWindowSize": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VPN GW Band Width Util Threshold" + "description": "Window size for the alert", + "displayName": "LB Used SNAT Ports Window Size" }, - "defaultValue": "1", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "VPNGWEgressAlertSeverity": { + "PIPPacketsInDDoSThreshold": { "metadata": { - "description": "Severity of the alert", - "displayName": "VPN GW Egress Alert Severity" + "description": "Threshold for the alert", + "displayName": "PIP Packets In DDoS Threshold" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "0", - "type": "String" + "defaultValue": "40000", + "type": "string" }, - "VPNGWEgressWindowSize": { + "PIPBytesInDDoSWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Egress Window Size" + "displayName": "PIP Bytes In DDoS Window Size" }, "allowedValues": [ "PT1M", @@ -686,68 +595,76 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWEgressEvaluationFrequency": { + "VNETDDOSAttackWindowSize": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Egress Evaluation Frequency" + "description": "Window size for the alert", + "displayName": "VNET DDoS Attack Window Size" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], "defaultValue": "PT5M", "type": "string" }, - "VPNGWEgressPolicyEffect": { + "PIPBytesInDDoSAlertState": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Egress Policy Effect" + "description": "Alert state for the alert", + "displayName": "PIP Bytes In DDoS Alert State" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "true", "type": "string" }, - "VPNGWEgressAlertState": { + "VNETDDOSAttackAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Egress Alert State" + "displayName": "VNET DDoS Attack Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGWEgressThreshold": { + "ALZMonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisableTagName", + "type": "String" + }, + "PIPDDoSAttackAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "PIP DDoS Attack Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "VNETDDOSAttackThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "VPN GW Egress Threshold" + "displayName": "VNET DDoS Attack Threshold" }, "defaultValue": "1", "type": "string" }, - "VPNGWTunnelEgressPacketDropCountAlertSeverity": { + "PIPBytesInDDoSThreshold": { "metadata": { - "description": "Severity of the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Count Alert Severity" + "description": "Threshold for the alert", + "displayName": "PIP Bytes In DDoS Threshold" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "3", - "type": "String" + "defaultValue": "8000000", + "type": "string" }, - "VPNGWTunnelEgressPacketDropCountWindowSize": { + "PIPDDoSAttackWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Count Window Size" + "displayName": "PIP DDoS Attack Window Size" }, "allowedValues": [ "PT1M", @@ -762,10 +679,18 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWTunnelEgressPacketDropCountFrequency": { + "PIPDDoSAttackThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PIP DDoS Attack Threshold" + }, + "defaultValue": "0", + "type": "string" + }, + "PDNSZRecordSetCapacityEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Count Frequency" + "displayName": "PDNSZ Record Set Capacity Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -774,13 +699,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1H", "type": "string" }, - "VPNGWTunnelEgressPacketDropCountPolicyEffect": { + "PDNSZRecordSetCapacityPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Count Policy Effect" + "displayName": "PDNSZ Record Set Capacity Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -789,14 +714,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VPNGWTunnelEgressPacketDropCountAlertState": { + "PDNSZRecordSetCapacityAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "PDNSZ Record Set Capacity Alert State" + }, "defaultValue": "true", "type": "string" }, - "VPNGWTunnelEgressPacketDropMismatchAlertSeverity": { + "PDNSZRecordSetCapacityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PDNSZ Record Set Capacity Threshold" + }, + "defaultValue": "80", + "type": "string" + }, + "PDNSZRegistrationCapacityUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert Severity" + "displayName": "PDNSZ Registration Capacity Util Alert Severity" }, "allowedValues": [ "0", @@ -805,13 +742,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "2", "type": "String" }, - "VPNGWTunnelEgressPacketDropMismatchWindowSize": { + "PDNSZRegistrationCapacityUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Window Size" + "displayName": "PDNSZ Registration Capacity Util Window Size" }, "allowedValues": [ "PT1M", @@ -823,13 +760,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT5M", + "defaultValue": "PT1H", "type": "string" }, - "VPNGWTunnelEgressPacketDropMismatchFrequency": { + "PDNSZRegistrationCapacityUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Frequency" + "displayName": "PDNSZ Registration Capacity Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -838,13 +775,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1H", "type": "string" }, - "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": { + "PDNSZRegistrationCapacityUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Policy Effect" + "displayName": "PDNSZ Registration Capacity Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -853,18 +790,41 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VPNGWTunnelEgressPacketDropMismatchAlertState": { + "PDNSZRegistrationCapacityUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert State" + "displayName": "PDNSZ Registration Capacity Util Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGWIngressAlertSeverity": { + "PDNSZRegistrationCapacityUtilThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PDNSZ Registration Capacity Util Threshold" + }, + "defaultValue": "80", + "type": "string" + }, + "VnetGwTunnelBWEvaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Vnet Gw Tunnel BW Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "string" + }, + "ERGwExpressRouteBitsInAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VPN GW Ingress Alert Severity" + "displayName": "ER Gw Express Route Bits In Alert Severity" }, "allowedValues": [ "0", @@ -874,12 +834,12 @@ "4" ], "defaultValue": "0", - "type": "string" + "type": "String" }, - "VPNGWIngressWindowSize": { + "ERGwExpressRouteBitsInWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Ingress Window Size" + "displayName": "ER Gw Express Route Bits In Window Size" }, "allowedValues": [ "PT1M", @@ -894,10 +854,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWIngressEvaluationFrequency": { + "ERGwExpressRouteBitsInEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Ingress Evaluation Frequency" + "displayName": "ER Gw Express Route Bits In Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -909,10 +869,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWIngressPolicyEffect": { + "ERGwExpressRouteBitsInPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Ingress Policy Effect" + "displayName": "ER Gw Express Route Bits In Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -921,34 +881,26 @@ "defaultValue": "disabled", "type": "string" }, - "VPNGWIngressAlertState": { + "ERGwExpressRouteBitsInAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Ingress Alert State" + "displayName": "ER Gw Express Route Bits In Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGWIngressThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "VPN GW Ingress Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "VPNGWIngressAutoMitigate": { + "ERGwExpressRouteBitsInThreshold": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VPN GW Ingress Auto Mitigate" + "description": "Threshold for the alert", + "displayName": "ER Gw Express Route Bits In Threshold" }, - "defaultValue": "true", + "defaultValue": "1", "type": "string" }, - "VPNGWTunnelIngressPacketDropCountAlertSeverity": { + "ERGwExpressRouteBitsOutAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert Severity" + "displayName": "ER Gw Express Route Bits Out Alert Severity" }, "allowedValues": [ "0", @@ -957,13 +909,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "0", "type": "String" }, - "VPNGWTunnelIngressPacketDropCountWindowSize": { + "ERGwExpressRouteBitsOutWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Count Window Size" + "displayName": "ER Gw Express Route Bits Out Window Size" }, "allowedValues": [ "PT1M", @@ -978,10 +930,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWTunnelIngressPacketDropCountFrequency": { + "ERGwExpressRouteBitsOutEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Count Frequency" + "displayName": "ER Gw Express Route Bits Out Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -993,30 +945,38 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWTunnelIngressPacketDropCountPolicyEffect": { + "ERGwExpressRouteBitsOutPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Count Policy Effect" + "displayName": "ER Gw Express Route Bits Out Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "VPNGWTunnelIngressPacketDropCountAlertState": { + "ERGwExpressRouteBitsOutAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert State" + "displayName": "ER Gw Express Route Bits Out Alert State" }, "defaultValue": "true", "type": "string" }, - "VPNGWTunnelIngressPacketDropMismatchAlertSeverity": { + "ERGwExpressRouteBitsOutThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "ER Gw Express Route Bits Out Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "ERGwExpressRouteCpuUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert Severity" + "displayName": "ER Gw Express Route Cpu Util Alert Severity" }, "allowedValues": [ "0", @@ -1025,13 +985,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "VPNGWTunnelIngressPacketDropMismatchWindowSize": { + "ERGwExpressRouteCpuUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Window Size" + "displayName": "ER Gw Express Route Cpu Util Window Size" }, "allowedValues": [ "PT1M", @@ -1046,10 +1006,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VPNGWTunnelIngressPacketDropMismatchFrequency": { + "ERGwExpressRouteCpuUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Frequency" + "displayName": "ER Gw Express Route Cpu Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1058,13 +1018,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": { + "ERGwExpressRouteCpuUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Policy Effect" + "displayName": "ER Gw Express Route Cpu Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1073,18 +1033,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VPNGWTunnelIngressPacketDropMismatchAlertState": { + "ERGwExpressRouteCpuUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert State" + "displayName": "ER Gw Express Route Cpu Util Alert State" }, "defaultValue": "true", "type": "string" }, - "PDNSZCapacityUtilAlertSeverity": { + "ERGwExpressRouteCpuUtilThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "ER Gw Express Route Cpu Util Threshold" + }, + "defaultValue": "80", + "type": "string" + }, + "VnetGwTunnelEgressPacketDropCountAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PDNSZ Capacity Util Alert Severity" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert Severity" }, "allowedValues": [ "0", @@ -1093,13 +1061,13 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, - "PDNSZCapacityUtilWindowSize": { + "VnetGwTunnelEgressPacketDropCountWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PDNSZ Capacity Util Window Size" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Window Size" }, "allowedValues": [ "PT1M", @@ -1111,13 +1079,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZCapacityUtilEvaluationFrequency": { + "VnetGwTunnelEgressPacketDropCountEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PDNSZ Capacity Util Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1126,13 +1094,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZCapacityUtilPolicyEffect": { + "VnetGwTunnelEgressPacketDropCountPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PDNSZ Capacity Util Policy Effect" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1141,26 +1109,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PDNSZCapacityUtilAlertState": { + "VnetGwTunnelEgressPacketDropCountAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PDNSZ Capacity Util Alert State" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert State" }, "defaultValue": "true", "type": "string" }, - "PDNSZCapacityUtilThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PDNSZ Capacity Util Threshold" - }, - "defaultValue": "80", - "type": "string" - }, - "PDNSZQueryVolumeAlertSeverity": { + "VnetGwTunnelEgressPacketDropMismatchAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PDNSZ Query Volume Alert Severity" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert Severity" }, "allowedValues": [ "0", @@ -1169,13 +1129,13 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "3", "type": "String" }, - "PDNSZQueryVolumeWindowSize": { + "VnetGwTunnelEgressPacketDropMismatchWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PDNSZ Query Volume Window Size" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Window Size" }, "allowedValues": [ "PT1M", @@ -1187,13 +1147,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZQueryVolumeEvaluationFrequency": { + "VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PDNSZ Query Volume Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1202,41 +1162,33 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZQueryVolumePolicyEffect": { + "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PDNSZ Query Volume Policy Effect" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "PDNSZQueryVolumeAlertState": { + "VnetGwTunnelEgressPacketDropMismatchAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PDNSZ Query Volume Alert State" + "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert State" }, "defaultValue": "true", "type": "string" }, - "PDNSZQueryVolumeThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PDNSZ Query Volume Threshold" - }, - "defaultValue": "500", - "type": "string" - }, - "PDNSZRecordSetCapacityAlertSeverity": { + "VnetGwExpressRouteBitsPerSecondAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PDNSZ Record Set Capacity Alert Severity" + "displayName": "Vnet Gw Express Route Bits Per Second Alert Severity" }, "allowedValues": [ "0", @@ -1245,13 +1197,13 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "0", "type": "String" }, - "PDNSZRecordSetCapacityWindowSize": { + "VnetGwExpressRouteBitsPerSecondWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PDNSZ Record Set Capacity Window Size" + "displayName": "Vnet Gw Express Route Bits Per Second Window Size" }, "allowedValues": [ "PT1M", @@ -1263,13 +1215,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZRecordSetCapacityEvaluationFrequency": { + "VnetGwExpressRouteBitsPerSecondEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PDNSZ Record Set Capacity Evaluation Frequency" + "displayName": "Vnet Gw Express Route Bits Per Second Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1278,13 +1230,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1H", + "defaultValue": "PT1M", "type": "string" }, - "PDNSZRecordSetCapacityPolicyEffect": { + "VnetGwExpressRouteBitsPerSecondPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PDNSZ Record Set Capacity Policy Effect" + "displayName": "Vnet Gw Express Route Bits Per Second Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1293,26 +1245,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PDNSZRecordSetCapacityAlertState": { + "VnetGwExpressRouteBitsPerSecondAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PDNSZ Record Set Capacity Alert State" + "displayName": "Vnet Gw Express Route Bits Per Second Alert State" }, "defaultValue": "true", "type": "string" }, - "PDNSZRecordSetCapacityThreshold": { + "VnetGwExpressRouteBitsPerSecondThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "PDNSZ Record Set Capacity Threshold" + "displayName": "Vnet Gw Express Route Bits Per Second Threshold" }, - "defaultValue": "80", + "defaultValue": "1", "type": "string" }, - "PDNSZRegistrationCapacityUtilAlertSeverity": { + "VnetGwTunnelIngressPacketDropMismatchAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PDNSZ Registration Capacity Util Alert Severity" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert Severity" }, "allowedValues": [ "0", @@ -1321,13 +1273,13 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "3", "type": "String" }, - "PDNSZRegistrationCapacityUtilWindowSize": { + "VnetGwTunnelIngressPacketDropMismatchWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PDNSZ Registration Capacity Util Window Size" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Window Size" }, "allowedValues": [ "PT1M", @@ -1339,13 +1291,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZRegistrationCapacityUtilEvaluationFrequency": { + "VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PDNSZ Registration Capacity Util Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1354,13 +1306,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1H", + "defaultValue": "PT5M", "type": "string" }, - "PDNSZRegistrationCapacityUtilPolicyEffect": { + "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PDNSZ Registration Capacity Util Policy Effect" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1369,26 +1321,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PDNSZRegistrationCapacityUtilAlertState": { + "VnetGwTunnelIngressPacketDropMismatchAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PDNSZ Registration Capacity Util Alert State" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert State" }, "defaultValue": "true", "type": "string" }, - "PDNSZRegistrationCapacityUtilThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PDNSZ Registration Capacity Util Threshold" - }, - "defaultValue": "80", - "type": "string" - }, - "PIPDDoSAttackAlertSeverity": { + "VnetGwTunnelIngressPacketDropCountAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PIP DDoS Attack Alert Severity" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert Severity" }, "allowedValues": [ "0", @@ -1397,13 +1341,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "PIPDDoSAttackWindowSize": { + "VnetGwTunnelIngressPacketDropCountWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP DDoS Attack Window Size" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Window Size" }, "allowedValues": [ "PT1M", @@ -1418,10 +1362,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPDDoSAttackEvaluationFrequency": { + "VnetGwTunnelIngressPacketDropCountEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP DDoS Attack Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1433,10 +1377,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPDDoSAttackPolicyEffect": { + "VnetGwTunnelIngressPacketDropCountPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PIP DDoS Attack Policy Effect" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1445,26 +1389,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPDDoSAttackAlertState": { + "VnetGwTunnelIngressPacketDropCountAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP DDoS Attack Alert State" + "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPDDoSAttackThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PIP DDoS Attack Threshold" - }, - "defaultValue": "0", - "type": "string" - }, - "PIPPacketsInDDoSAlertSeverity": { + "ERCIRBgpAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PIP Packets In DDoS Alert Severity" + "displayName": "ERCIR Bgp Availability Alert Severity" }, "allowedValues": [ "0", @@ -1473,13 +1409,13 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "0", "type": "String" }, - "PIPPacketsInDDoSWindowSize": { + "ERCIRBgpAvailabilityWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP Packets In DDoS Window Size" + "displayName": "ERCIR Bgp Availability Window Size" }, "allowedValues": [ "PT1M", @@ -1494,10 +1430,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPPacketsInDDoSEvaluationFrequency": { + "ERCIRBgpAvailabilityEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP Packets In DDoS Evaluation Frequency" + "displayName": "ERCIR Bgp Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1506,41 +1442,41 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPPacketsInDDoSPolicyEffect": { + "ERCIRBgpAvailabilityPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PIP Packets In DDoS Policy Effect" + "displayName": "ERCIR Bgp Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPPacketsInDDoSAlertState": { + "ERCIRBgpAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP Packets In DDoS Alert State" + "displayName": "ERCIR Bgp Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPPacketsInDDoSThreshold": { + "ERCIRBgpAvailabilityThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "PIP Packets In DDoS Threshold" + "displayName": "ERCIR Bgp Availability Threshold" }, - "defaultValue": "40000", + "defaultValue": "90", "type": "string" }, - "PIPVIPAvailabilityAlertSeverity": { + "ERCIRArpAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PIP VIP Availability Alert Severity" + "displayName": "ERCIR Arp Availability Alert Severity" }, "allowedValues": [ "0", @@ -1549,13 +1485,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "0", "type": "String" }, - "PIPVIPAvailabilityWindowSize": { + "ERCIRArpAvailabilityWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP VIP Availability Window Size" + "displayName": "ERCIR Arp Availability Window Size" }, "allowedValues": [ "PT1M", @@ -1570,10 +1506,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPVIPAvailabilityEvaluationFrequency": { + "ERCIRArpAvailabilityFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP VIP Availability Evaluation Frequency" + "displayName": "ERCIR Arp Availability Frequency" }, "allowedValues": [ "PT1M", @@ -1585,10 +1521,10 @@ "defaultValue": "PT1M", "type": "string" }, - "PIPVIPAvailabilityPolicyEffect": { + "ERCIRArpAvailabilityPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PIP VIP Availability Policy Effect" + "displayName": "ERCIR ARP Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1597,26 +1533,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPVIPAvailabilityAlertState": { + "ERCIRArpAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP VIP Availability Alert State" + "displayName": "ERCIR Arp Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPVIPAvailabilityThreshold": { + "ERCIRArpAvailabilityThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "PIP VIP Availability Threshold" + "displayName": "ERCIR Arp Availability Threshold" }, - "defaultValue": "1", + "defaultValue": "90", "type": "string" }, - "PIPBytesInDDoSAlertSeverity": { + "AFWSNATPortUtilizationAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "PIP Bytes In DDoS Alert Severity" + "displayName": "AFW SNAT Port Utilization Alert Severity" }, "allowedValues": [ "0", @@ -1625,13 +1561,13 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "1", "type": "String" }, - "PIPBytesInDDoSWindowSize": { + "AFWSNATPortUtilizationWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP Bytes In DDoS Window Size" + "displayName": "AFW SNAT Port Utilization Window Size" }, "allowedValues": [ "PT1M", @@ -1646,10 +1582,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPBytesInDDoSEvaluationFrequency": { + "AFWSNATPortUtilizationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP Bytes In DDoS Evaluation Frequency" + "displayName": "AFW SNAT Port Utilization Frequency" }, "allowedValues": [ "PT1M", @@ -1658,41 +1594,41 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPBytesInDDoSPolicyEffect": { + "AFWSNATPortUtilizationPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "PIP Bytes In DDoS Policy Effect" + "displayName": "AFW SNAT Port Utilization Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPBytesInDDoSAlertState": { + "AFWSNATPortUtilizationAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP Bytes In DDoS Alert State" + "displayName": "AFW SNAT Port Utilization Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPBytesInDDoSThreshold": { + "AFWSNATPortUtilizationThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "PIP Bytes In DDoS Threshold" + "displayName": "AFW SNAT Port Utilization Threshold" }, - "defaultValue": "8000000", + "defaultValue": "80", "type": "string" }, - "ERGwExpressRouteBitsInAlertSeverity": { + "FirewallHealthAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ER Gw Express Route Bits In Alert Severity" + "displayName": "Firewall Health Alert Severity" }, "allowedValues": [ "0", @@ -1704,10 +1640,10 @@ "defaultValue": "0", "type": "String" }, - "ERGwExpressRouteBitsInWindowSize": { + "FirewallHealthWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ER Gw Express Route Bits In Window Size" + "displayName": "Firewall Health Window Size" }, "allowedValues": [ "PT1M", @@ -1722,10 +1658,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERGwExpressRouteBitsInEvaluationFrequency": { + "FirewallHealthEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ER Gw Express Route Bits In Evaluation Frequency" + "displayName": "Firewall Health Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1734,117 +1670,121 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "ERGwExpressRouteBitsInPolicyEffect": { + "FirewallHealthPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ER Gw Express Route Bits In Policy Effect" + "displayName": "Firewall Health Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "ERGwExpressRouteBitsInAlertState": { + "FirewallHealthAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ER Gw Express Route Bits In Alert State" + "displayName": "Firewall Health Alert State" }, "defaultValue": "true", "type": "string" }, - "ERGwExpressRouteBitsInThreshold": { + "FirewallHealthThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "ER Gw Express Route Bits In Threshold" + "displayName": "Firewall Health Threshold" }, - "defaultValue": "1", + "defaultValue": "90", "type": "string" }, - "ERGwExpressRouteBitsOutAlertSeverity": { + "activityFWDeletePolicyEffect": { "metadata": { - "description": "Severity of the alert", - "displayName": "ER Gw Express Route Bits Out Alert Severity" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity FW Delete Policy Effect" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "0", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "ERGwExpressRouteBitsOutWindowSize": { + "activityFWDeleteAlertState": { "metadata": { - "description": "Window size for the alert", - "displayName": "ER Gw Express Route Bits Out Window Size" + "description": "Alert state for the alert", + "displayName": "Activity FW Delete Alert State" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "string" }, - "ERGwExpressRouteBitsOutEvaluationFrequency": { + "activityNSGDeletePolicyEffect": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "ER Gw Express Route Bits Out Evaluation Frequency" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity NSG Delete Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "deployIfNotExists", "type": "string" }, - "ERGwExpressRouteBitsOutPolicyEffect": { + "activityNSGDeleteAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity NSG Delete Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "activityUDRUpdatePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ER Gw Express Route Bits Out Policy Effect" + "displayName": "Activity UDR Update Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "ERGwExpressRouteBitsOutAlertState": { + "activityUDRUpdateAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ER Gw Express Route Bits Out Alert State" + "displayName": "Activity UDR Update Alert State" }, "defaultValue": "true", "type": "string" }, - "ERGwExpressRouteBitsOutThreshold": { + "activityVPNGWDeletePolicyEffect": { "metadata": { - "description": "Threshold for the alert", - "displayName": "ER Gw Express Route Bits Out Threshold" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity VPN GW Delete Policy Effect" }, - "defaultValue": "1", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "string" }, - "ERGwExpressRouteCpuUtilAlertSeverity": { + "activityVPNGWDeleteAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Activity VPN GW Delete Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "ERPBitsInPerSecondAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ER Gw Express Route Cpu Util Alert Severity" + "displayName": "ERP Bits In Per Second Alert Severity" }, "allowedValues": [ "0", @@ -1853,13 +1793,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "0", "type": "String" }, - "ERGwExpressRouteCpuUtilWindowSize": { + "ERPBitsInPerSecondWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ER Gw Express Route Cpu Util Window Size" + "displayName": "ERP Bits In Per Second Window Size" }, "allowedValues": [ "PT1M", @@ -1874,10 +1814,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERGwExpressRouteCpuUtilEvaluationFrequency": { + "ERPBitsInPerSecondEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ER Gw Express Route Cpu Util Evaluation Frequency" + "displayName": "ERP Bits In Per Second Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1889,10 +1829,10 @@ "defaultValue": "PT1M", "type": "string" }, - "ERGwExpressRouteCpuUtilPolicyEffect": { + "ERPBitsInPerSecondPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ER Gw Express Route Cpu Util Policy Effect" + "displayName": "ERP Bits In Per Second Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1901,26 +1841,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERGwExpressRouteCpuUtilAlertState": { + "ERPBitsInPerSecondAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ER Gw Express Route Cpu Util Alert State" + "displayName": "ERP Bits In Per Second Alert State" }, "defaultValue": "true", "type": "string" }, - "ERGwExpressRouteCpuUtilThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "ER Gw Express Route Cpu Util Threshold" - }, - "defaultValue": "80", - "type": "string" - }, - "VNETDDOSAttackAlertSeverity": { + "ERPBitsOutPerSecondAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "VNET DDoS Attack Alert Severity" + "displayName": "ERP Bits Out Per Second Alert Severity" }, "allowedValues": [ "0", @@ -1929,13 +1861,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "0", "type": "String" }, - "VNETDDOSAttackWindowSize": { + "ERPBitsOutPerSecondWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "VNET DDoS Attack Window Size" + "displayName": "ERP Bits Out Per Second Window Size" }, "allowedValues": [ "PT1M", @@ -1950,10 +1882,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VNETDDOSAttackEvaluationFrequency": { + "ERPBitsOutPerSecondEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VNET DDoS Attack Evaluation Frequency" + "displayName": "ERP Bits Out Per Second Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1965,10 +1897,10 @@ "defaultValue": "PT1M", "type": "string" }, - "VNETDDOSAttackPolicyEffect": { + "ERPBitsOutPerSecondPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "VNET DDoS Attack Policy Effect" + "displayName": "ERP Bits Out Per Second Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1977,26 +1909,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VNETDDOSAttackAlertState": { + "ERPBitsOutPerSecondAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "VNET DDoS Attack Alert State" + "displayName": "ERP Bits Out Per Second Alert State" }, "defaultValue": "true", "type": "string" }, - "VNETDDOSAttackThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "VNET DDoS Attack Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "VnetGwTunnelEgressPacketDropCountAlertSeverity": { + "ERPLineProtocolAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert Severity" + "displayName": "ERP Line Protocol Alert Severity" }, "allowedValues": [ "0", @@ -2005,13 +1929,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "0", "type": "String" }, - "VnetGwTunnelEgressPacketDropCountWindowSize": { + "ERPLineProtocolWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Window Size" + "displayName": "ERP Line Protocol Window Size" }, "allowedValues": [ "PT1M", @@ -2026,10 +1950,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelEgressPacketDropCountEvaluationFrequency": { + "ERPLineProtocolEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Evaluation Frequency" + "displayName": "ERP Line Protocol Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2038,13 +1962,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VnetGwTunnelEgressPacketDropCountPolicyEffect": { + "ERPLineProtocolPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Policy Effect" + "displayName": "ERP Line Protocol Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2053,18 +1977,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwTunnelEgressPacketDropCountAlertState": { + "ERPLineProtocolAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Count Alert State" + "displayName": "ERP Line Protocol Alert State" }, "defaultValue": "true", "type": "string" }, - "VnetGwTunnelEgressPacketDropMismatchAlertSeverity": { + "ERPRxLightLevelHighAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert Severity" + "displayName": "ERP Rx Light Level High Alert Severity" }, "allowedValues": [ "0", @@ -2073,13 +1997,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "VnetGwTunnelEgressPacketDropMismatchWindowSize": { + "ERPRxLightLevelHighWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Window Size" + "displayName": "ERP Rx Light Level High Window Size" }, "allowedValues": [ "PT1M", @@ -2094,10 +2018,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency": { + "ERPRxLightLevelHighEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Evaluation Frequency" + "displayName": "ERP Rx Light Level High Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2106,13 +2030,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VnetGwTunnelEgressPacketDropMismatchPolicyEffect": { + "ERPRxLightLevelHighPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Policy Effect" + "displayName": "ERP Rx Light Level High Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2121,18 +2045,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwTunnelEgressPacketDropMismatchAlertState": { + "ERPRxLightLevelHighAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Egress Packet Drop Mismatch Alert State" + "displayName": "ERP Rx Light Level High Alert State" }, "defaultValue": "true", "type": "string" }, - "VnetGwExpressRouteBitsPerSecondAlertSeverity": { + "ERPRxLightLevelLowAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Alert Severity" + "displayName": "ERP Rx Light Level Low Alert Severity" }, "allowedValues": [ "0", @@ -2141,13 +2065,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "1", "type": "String" }, - "VnetGwExpressRouteBitsPerSecondWindowSize": { + "ERPRxLightLevelLowWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Window Size" + "displayName": "ERP Rx Light Level Low Window Size" }, "allowedValues": [ "PT1M", @@ -2162,10 +2086,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwExpressRouteBitsPerSecondEvaluationFrequency": { + "ERPRxLightLevelLowEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Evaluation Frequency" + "displayName": "ERP Rx Light Level Low Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2177,10 +2101,10 @@ "defaultValue": "PT1M", "type": "string" }, - "VnetGwExpressRouteBitsPerSecondPolicyEffect": { + "ERPRxLightLevelLowPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Policy Effect" + "displayName": "ERP Rx Light Level Low Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2189,26 +2113,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwExpressRouteBitsPerSecondAlertState": { + "ERPRxLightLevelLowAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Alert State" + "displayName": "ERP Rx Light Level Low Alert State" }, "defaultValue": "true", "type": "string" }, - "VnetGwExpressRouteBitsPerSecondThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "Vnet Gw Express Route Bits Per Second Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "VnetGwTunnelIngressPacketDropMismatchAlertSeverity": { + "ERPTxLightLevelHighAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert Severity" + "displayName": "ERP Tx Light Level High Alert Severity" }, "allowedValues": [ "0", @@ -2217,13 +2133,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "VnetGwTunnelIngressPacketDropMismatchWindowSize": { + "ERPTxLightLevelHighWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Window Size" + "displayName": "ERP Tx Light Level High Window Size" }, "allowedValues": [ "PT1M", @@ -2238,10 +2154,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency": { + "ERPTxLightLevelHighEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Evaluation Frequency" + "displayName": "ERP Tx Light Level High Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2250,13 +2166,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VnetGwTunnelIngressPacketDropMismatchPolicyEffect": { + "ERPTxLightLevelHighPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Policy Effect" + "displayName": "ERP Tx Light Level High Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2265,18 +2181,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwTunnelIngressPacketDropMismatchAlertState": { + "ERPTxLightLevelHighAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Mismatch Alert State" + "displayName": "ERP Tx Light Level High Alert State" }, "defaultValue": "true", "type": "string" }, - "VnetGwTunnelIngressPacketDropCountAlertSeverity": { + "ERPTxLightLevelLowAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert Severity" + "displayName": "ERP Tx Light Level Low Alert Severity" }, "allowedValues": [ "0", @@ -2285,13 +2201,13 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "VnetGwTunnelIngressPacketDropCountWindowSize": { + "ERPTxLightLevelLowWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Window Size" + "displayName": "ERP Tx Light Level Low Window Size" }, "allowedValues": [ "PT1M", @@ -2306,10 +2222,10 @@ "defaultValue": "PT5M", "type": "string" }, - "VnetGwTunnelIngressPacketDropCountEvaluationFrequency": { + "ERPTxLightLevelLowEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Evaluation Frequency" + "displayName": "ERP Tx Light Level Low Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2318,13 +2234,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VnetGwTunnelIngressPacketDropCountPolicyEffect": { + "ERPTxLightLevelLowPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Policy Effect" + "displayName": "ERP Tx Light Level Low Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2333,18 +2249,44 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VnetGwTunnelIngressPacketDropCountAlertState": { + "ERPTxLightLevelLowAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Vnet Gw Tunnel Ingress Packet Drop Count Alert State" + "displayName": "ERP Tx Light Level Low Alert State" }, "defaultValue": "true", "type": "string" }, - "ERCIRBgpAvailabilityAlertSeverity": { + "ALZMonitorResourceGroupName": { + "metadata": { + "description": "Name of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" + }, + "defaultValue": "ALZ-Monitoring-RG", + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "description": "Tags to be applied to the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" + }, + "defaultValue": { + "_deployed_by_alz_monitor": true + }, + "type": "Object" + }, + "ALZMonitorResourceGroupLocation": { + "metadata": { + "description": "Location of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "ERCIRQoSDropBitsinPerSecAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERCIR Bgp Availability Alert Severity" + "displayName": "ERC IRQoS Drop Bits in Per Sec Alert Severity" }, "allowedValues": [ "0", @@ -2353,13 +2295,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "2", "type": "String" }, - "ERCIRBgpAvailabilityWindowSize": { + "ERCIRQoSDropBitsinPerSecWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERCIR Bgp Availability Window Size" + "displayName": "ERC IRQoS Drop Bits in Per Sec Window Size" }, "allowedValues": [ "PT1M", @@ -2374,10 +2316,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERCIRBgpAvailabilityEvaluationFrequency": { + "ERCIRQoSDropBitsinPerSecEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERCIR Bgp Availability Evaluation Frequency" + "displayName": "ERC IRQoS Drop Bits in Per Sec Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2386,13 +2328,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERCIRBgpAvailabilityPolicyEffect": { + "ERCIRQoSDropBitsinPerSecPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERCIR Bgp Availability Policy Effect" + "displayName": "ERC IRQoS Drop Bits in Per Sec Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2401,26 +2343,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERCIRBgpAvailabilityAlertState": { + "ERCIRQoSDropBitsinPerSecAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERCIR Bgp Availability Alert State" + "displayName": "ERC IRQoS Drop Bits in Per Sec Alert State" }, "defaultValue": "true", "type": "string" }, - "ERCIRBgpAvailabilityThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "ERCIR Bgp Availability Threshold" - }, - "defaultValue": "90", - "type": "string" - }, - "ERCIRArpAvailabilityAlertSeverity": { + "ERCIRQoSDropBitsoutPerSecAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERCIR Arp Availability Alert Severity" + "displayName": "ERC IRQoS Drop Bits out Per Sec Alert Severity" }, "allowedValues": [ "0", @@ -2429,13 +2363,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "2", "type": "String" }, - "ERCIRArpAvailabilityWindowSize": { + "ERCIRQoSDropBitsoutPerSecWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERCIR Arp Availability Window Size" + "displayName": "ERC IRQoS Drop Bits out Per Sec Window Size" }, "allowedValues": [ "PT1M", @@ -2450,10 +2384,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERCIRArpAvailabilityFrequency": { + "ERCIRQoSDropBitsoutPerSecEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERCIR Arp Availability Frequency" + "displayName": "ERC IRQoS Drop Bits out Per Sec Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2462,13 +2396,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERCIRArpAvailabilityPolicyEffect": { + "ERCIRQoSDropBitsoutPerSecPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERCIR ARP Availability Policy Effect" + "displayName": "ERC IRQoS Drop Bits out Per Sec Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2477,26 +2411,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERCIRArpAvailabilityAlertState": { + "ERCIRQoSDropBitsoutPerSecAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERCIR Arp Availability Alert State" + "displayName": "ERC IRQoS Drop Bits out Per Sec Alert State" }, "defaultValue": "true", "type": "string" }, - "ERCIRArpAvailabilityThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "ERCIR Arp Availability Threshold" - }, - "defaultValue": "90", - "type": "string" - }, - "AFWSNATPortUtilizationAlertSeverity": { + "VPNGwBGPPeerStatusAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "AFW SNAT Port Utilization Alert Severity" + "displayName": "VPN Gw BGP Peer Status Alert Severity" }, "allowedValues": [ "0", @@ -2505,13 +2431,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "AFWSNATPortUtilizationWindowSize": { + "VPNGwBGPPeerStatusWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "AFW SNAT Port Utilization Window Size" + "displayName": "VPN Gw BGP Peer Status Window Size" }, "allowedValues": [ "PT1M", @@ -2526,10 +2452,10 @@ "defaultValue": "PT5M", "type": "string" }, - "AFWSNATPortUtilizationFrequency": { + "VPNGwBGPPeerStatusEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "AFW SNAT Port Utilization Frequency" + "displayName": "VPN Gw BGP Peer Status Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2538,13 +2464,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "AFWSNATPortUtilizationPolicyEffect": { + "VPNGwBGPPeerStatusPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AFW SNAT Port Utilization Policy Effect" + "displayName": "VPN Gw BGP Peer Status Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2553,26 +2479,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "AFWSNATPortUtilizationAlertState": { + "VPNGwBGPPeerStatusAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AFW SNAT Port Utilization Alert State" + "displayName": "VPN Gw BGP Peer Status Alert State" }, "defaultValue": "true", "type": "string" }, - "AFWSNATPortUtilizationThreshold": { + "VPNGwBGPPeerStatusThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "AFW SNAT Port Utilization Threshold" + "displayName": "VPN Gw BGP Peer Status Threshold" }, - "defaultValue": "80", + "defaultValue": "1", "type": "string" }, - "FirewallHealthAlertSeverity": { + "VnetGwERCpuUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "Firewall Health Alert Severity" + "displayName": "Vnet Gw ER Cpu Util Alert Severity" }, "allowedValues": [ "0", @@ -2581,13 +2507,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "3", "type": "String" }, - "FirewallHealthWindowSize": { + "VnetGwERCpuUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "Firewall Health Window Size" + "displayName": "Vnet Gw ER Cpu Util Window Size" }, "allowedValues": [ "PT1M", @@ -2602,10 +2528,10 @@ "defaultValue": "PT5M", "type": "string" }, - "FirewallHealthEvaluationFrequency": { + "VnetGwERCpuUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "Firewall Health Evaluation Frequency" + "displayName": "Vnet Gw ER Cpu Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2617,10 +2543,10 @@ "defaultValue": "PT1M", "type": "string" }, - "FirewallHealthPolicyEffect": { + "VnetGwERCpuUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Firewall Health Policy Effect" + "displayName": "Vnet Gw ER Cpu Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2629,66 +2555,59 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "FirewallHealthAlertState": { + "VnetGwERCpuUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Firewall Health Alert State" + "displayName": "Vnet Gw ER Cpu Util Alert State" }, "defaultValue": "true", "type": "string" }, - "FirewallHealthThreshold": { + "VnetGwERCpuUtilThreshold": { "metadata": { "description": "Threshold for the alert", - "displayName": "Firewall Health Threshold" + "displayName": "Vnet Gw ER Cpu Util Threshold" }, - "defaultValue": "90", + "defaultValue": "80", "type": "string" }, - "activityFWDeletePolicyEffect": { + "VnetGwTunnelBWAlertSeverity": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Activity FW Delete Policy Effect" + "description": "Severity of the alert", + "displayName": "Vnet Gw Tunnel BW Alert Severity" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "activityFWDeleteAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Activity FW Delete Alert State" - }, - "defaultValue": "true", - "type": "string" + "defaultValue": "0", + "type": "String" }, - "activityNSGDeletePolicyEffect": { + "VnetGwTunnelBWWindowSize": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Activity NSG Delete Policy Effect" + "description": "Window size for the alert", + "displayName": "Vnet Gw Tunnel BW Window Size" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "activityNSGDeleteAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "Activity NSG Delete Alert State" - }, - "defaultValue": "true", + "defaultValue": "PT5M", "type": "string" }, - "activityUDRUpdatePolicyEffect": { + "VnetGwTunnelBWPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Activity UDR Update Policy Effect" + "displayName": "Vnet Gw Tunnel BW Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2697,38 +2616,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "activityUDRUpdateAlertState": { + "VnetGwTunnelBWAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "Activity UDR Update Alert State" + "displayName": "Vnet Gw Tunnel BW Alert State" }, "defaultValue": "true", "type": "string" }, - "activityVPNGWDeletePolicyEffect": { - "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "Activity VPN GW Delete Policy Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "activityVPNGWDeleteAlertState": { + "VnetGwTunnelBWThreshold": { "metadata": { - "description": "Alert state for the alert", - "displayName": "Activity VPN GW Delete Alert State" + "description": "Threshold for the alert", + "displayName": "Vnet Gw Tunnel BW Threshold" }, - "defaultValue": "true", + "defaultValue": "1", "type": "string" }, - "LBDatapathAvailabilityAlertSeverity": { + "VnetGwTunnelEgressAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Data path Availability Alert Severity" + "displayName": "Vnet Gw Tunnel Egress Alert Severity" }, "allowedValues": [ "0", @@ -2740,10 +2647,10 @@ "defaultValue": "0", "type": "String" }, - "LBDatapathAvailabilityWindowSize": { + "VnetGwTunnelEgressWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Data path Availability Window Size" + "displayName": "Vnet Gw Tunnel Egress Window Size" }, "allowedValues": [ "PT1M", @@ -2758,10 +2665,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBDatapathAvailabilityEvaluationFrequency": { + "VnetGwTunnelEgressEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Data path Availability Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Egress Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2770,33 +2677,41 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "LBDatapathAvailabilityPolicyEffect": { + "VnetGwTunnelEgressPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Data path Availability Policy Effect" + "displayName": "Vnet Gw Tunnel Egress Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "LBDatapathAvailabilityAlertState": { + "VnetGwTunnelEgressAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Data path Availability Alert State" + "displayName": "Vnet Gw Tunnel Egress Alert State" }, "defaultValue": "true", "type": "string" }, - "LBGlobalBackendAvailabilityAlertSeverity": { + "VnetGwTunnelEgressThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Vnet Gw Tunnel Egress Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "VnetGwTunnelIngressAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Global Backend Availability Alert Severity" + "displayName": "Vnet Gw Tunnel Ingress Alert Severity" }, "allowedValues": [ "0", @@ -2808,10 +2723,10 @@ "defaultValue": "0", "type": "String" }, - "LBGlobalBackendAvailabilityWindowSize": { + "VnetGwTunnelIngressWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Global Backend Availability Window Size" + "displayName": "Vnet Gw Tunnel Ingress Window Size" }, "allowedValues": [ "PT1M", @@ -2826,10 +2741,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBGlobalBackendAvailabilityEvaluationFrequency": { + "VnetGwTunnelIngressEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Global Backend Availability Evaluation Frequency" + "displayName": "Vnet Gw Tunnel Ingress Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2838,33 +2753,41 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "LBGlobalBackendAvailabilityPolicyEffect": { + "VnetGwTunnelIngressPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Global Backend Availability Policy Effect" + "displayName": "Vnet Gw Tunnel Ingress Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "LBGlobalBackendAvailabilityAlertState": { + "VnetGwTunnelIngressAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Global Backend Availability Alert State" + "displayName": "Vnet Gw Tunnel Ingress Alert State" }, "defaultValue": "true", "type": "string" }, - "LBHealthProbeStatusAlertSeverity": { + "VnetGwTunnelIngressThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Vnet Gw Tunnel Ingress Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "VPNGWBandWidthUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Health Probe Status Alert Severity" + "displayName": "VPN GW Band Width Util Alert Severity" }, "allowedValues": [ "0", @@ -2873,13 +2796,13 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "0", "type": "String" }, - "LBHealthProbeStatusWindowSize": { + "VPNGWBandWidthUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Health Probe Status Window Size" + "displayName": "VPN GW Band Width Util Window Size" }, "allowedValues": [ "PT1M", @@ -2894,10 +2817,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBHealthProbeStatusEvaluationFrequency": { + "VPNGWBandWidthUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Health Probe Status Evaluation Frequency" + "displayName": "VPN GW Band Width Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2906,13 +2829,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "LBHealthProbeStatusPolicyEffect": { + "VPNGWBandWidthUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Health Probe Status Policy Effect" + "displayName": "VPN GW Band Width Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -2921,18 +2844,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "LBHealthProbeStatusAlertState": { + "VPNGWBandWidthUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Health Probe Status Alert State" + "displayName": "VPN GW Band Width Util Alert State" }, "defaultValue": "true", "type": "string" }, - "LBUsedSNATPortsAlertSeverity": { + "VPNGWBandWidthUtilThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "VPN GW Band Width Util Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "VPNGWEgressAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Used SNAT Ports Alert Severity" + "displayName": "VPN GW Egress Alert Severity" }, "allowedValues": [ "0", @@ -2941,13 +2872,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "0", "type": "String" }, - "LBUsedSNATPortsWindowSize": { + "VPNGWEgressWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Used SNAT Ports Window Size" + "displayName": "VPN GW Egress Window Size" }, "allowedValues": [ "PT1M", @@ -2962,10 +2893,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBUsedSNATPortsEvaluationFrequency": { + "VPNGWEgressEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Used SNAT Ports Evaluation Frequency" + "displayName": "VPN GW Egress Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -2974,33 +2905,41 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "LBUsedSNATPortsPolicyEffect": { + "VPNGWEgressPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Used SNAT Ports Policy Effect" + "displayName": "VPN GW Egress Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "LBUsedSNATPortsAlertState": { + "VPNGWEgressAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Used SNAT Ports Alert State" + "displayName": "VPN GW Egress Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPBitsInPerSecondAlertSeverity": { + "VPNGWEgressThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "VPN GW Egress Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "VPNGWTunnelEgressPacketDropCountAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Bits In Per Second Alert Severity" + "displayName": "VPN GW Tunnel Egress Packet Drop Count Alert Severity" }, "allowedValues": [ "0", @@ -3009,13 +2948,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "3", "type": "String" }, - "ERPBitsInPerSecondWindowSize": { + "VPNGWTunnelEgressPacketDropCountWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Bits In Per Second Window Size" + "displayName": "VPN GW Tunnel Egress Packet Drop Count Window Size" }, "allowedValues": [ "PT1M", @@ -3030,10 +2969,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERPBitsInPerSecondEvaluationFrequency": { + "VPNGWTunnelEgressPacketDropCountFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Bits In Per Second Evaluation Frequency" + "displayName": "VPN GW Tunnel Egress Packet Drop Count Frequency" }, "allowedValues": [ "PT1M", @@ -3042,13 +2981,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERPBitsInPerSecondPolicyEffect": { + "VPNGWTunnelEgressPacketDropCountPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Bits In Per Second Policy Effect" + "displayName": "VPN GW Tunnel Egress Packet Drop Count Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -3057,18 +2996,14 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERPBitsInPerSecondAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "ERP Bits In Per Second Alert State" - }, + "VPNGWTunnelEgressPacketDropCountAlertState": { "defaultValue": "true", "type": "string" }, - "ERPBitsOutPerSecondAlertSeverity": { + "VPNGWTunnelEgressPacketDropMismatchAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Bits Out Per Second Alert Severity" + "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert Severity" }, "allowedValues": [ "0", @@ -3077,13 +3012,13 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "3", "type": "String" }, - "ERPBitsOutPerSecondWindowSize": { + "VPNGWTunnelEgressPacketDropMismatchWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Bits Out Per Second Window Size" + "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Window Size" }, "allowedValues": [ "PT1M", @@ -3098,10 +3033,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERPBitsOutPerSecondEvaluationFrequency": { + "VPNGWTunnelEgressPacketDropMismatchFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Bits Out Per Second Evaluation Frequency" + "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Frequency" }, "allowedValues": [ "PT1M", @@ -3110,13 +3045,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERPBitsOutPerSecondPolicyEffect": { + "VPNGWTunnelEgressPacketDropMismatchPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Bits Out Per Second Policy Effect" + "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -3125,18 +3060,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERPBitsOutPerSecondAlertState": { + "VPNGWTunnelEgressPacketDropMismatchAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Bits Out Per Second Alert State" + "displayName": "VPN GW Tunnel Egress Packet Drop Mismatch Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPLineProtocolAlertSeverity": { + "VPNGWIngressAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Line Protocol Alert Severity" + "displayName": "VPN GW Ingress Alert Severity" }, "allowedValues": [ "0", @@ -3146,12 +3081,12 @@ "4" ], "defaultValue": "0", - "type": "String" + "type": "string" }, - "ERPLineProtocolWindowSize": { + "VPNGWIngressWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Line Protocol Window Size" + "displayName": "VPN GW Ingress Window Size" }, "allowedValues": [ "PT1M", @@ -3166,10 +3101,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERPLineProtocolEvaluationFrequency": { + "VPNGWIngressEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Line Protocol Evaluation Frequency" + "displayName": "VPN GW Ingress Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -3178,33 +3113,49 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERPLineProtocolPolicyEffect": { + "VPNGWIngressPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Line Protocol Policy Effect" + "displayName": "VPN GW Ingress Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "ERPLineProtocolAlertState": { + "VPNGWIngressAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Line Protocol Alert State" + "displayName": "VPN GW Ingress Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPRxLightLevelHighAlertSeverity": { + "VPNGWIngressThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "VPN GW Ingress Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "VPNGWIngressAutoMitigate": { + "metadata": { + "description": "Auto Mitigate for the alert", + "displayName": "VPN GW Ingress Auto Mitigate" + }, + "defaultValue": "true", + "type": "string" + }, + "VPNGWTunnelIngressPacketDropCountAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Rx Light Level High Alert Severity" + "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert Severity" }, "allowedValues": [ "0", @@ -3213,13 +3164,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "ERPRxLightLevelHighWindowSize": { + "VPNGWTunnelIngressPacketDropCountWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Rx Light Level High Window Size" + "displayName": "VPN GW Tunnel Ingress Packet Drop Count Window Size" }, "allowedValues": [ "PT1M", @@ -3234,10 +3185,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERPRxLightLevelHighEvaluationFrequency": { + "VPNGWTunnelIngressPacketDropCountFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Rx Light Level High Evaluation Frequency" + "displayName": "VPN GW Tunnel Ingress Packet Drop Count Frequency" }, "allowedValues": [ "PT1M", @@ -3246,13 +3197,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERPRxLightLevelHighPolicyEffect": { + "VPNGWTunnelIngressPacketDropCountPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Rx Light Level High Policy Effect" + "displayName": "VPN GW Tunnel Ingress Packet Drop Count Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -3261,18 +3212,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERPRxLightLevelHighAlertState": { + "VPNGWTunnelIngressPacketDropCountAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Rx Light Level High Alert State" + "displayName": "VPN GW Tunnel Ingress Packet Drop Count Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPRxLightLevelLowAlertSeverity": { + "VPNGWTunnelIngressPacketDropMismatchAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Rx Light Level Low Alert Severity" + "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert Severity" }, "allowedValues": [ "0", @@ -3281,13 +3232,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "ERPRxLightLevelLowWindowSize": { + "VPNGWTunnelIngressPacketDropMismatchWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Rx Light Level Low Window Size" + "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Window Size" }, "allowedValues": [ "PT1M", @@ -3302,10 +3253,10 @@ "defaultValue": "PT5M", "type": "string" }, - "ERPRxLightLevelLowEvaluationFrequency": { + "VPNGWTunnelIngressPacketDropMismatchFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Rx Light Level Low Evaluation Frequency" + "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Frequency" }, "allowedValues": [ "PT1M", @@ -3314,13 +3265,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "ERPRxLightLevelLowPolicyEffect": { + "VPNGWTunnelIngressPacketDropMismatchPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Rx Light Level Low Policy Effect" + "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -3329,18 +3280,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERPRxLightLevelLowAlertState": { + "VPNGWTunnelIngressPacketDropMismatchAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Rx Light Level Low Alert State" + "displayName": "VPN GW Tunnel Ingress Packet Drop Mismatch Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPTxLightLevelHighAlertSeverity": { + "PDNSZCapacityUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Tx Light Level High Alert Severity" + "displayName": "PDNSZ Capacity Util Alert Severity" }, "allowedValues": [ "0", @@ -3349,13 +3300,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "ERPTxLightLevelHighWindowSize": { + "PDNSZCapacityUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Tx Light Level High Window Size" + "displayName": "PDNSZ Capacity Util Window Size" }, "allowedValues": [ "PT1M", @@ -3367,13 +3318,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT5M", + "defaultValue": "PT1H", "type": "string" }, - "ERPTxLightLevelHighEvaluationFrequency": { + "PDNSZCapacityUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Tx Light Level High Evaluation Frequency" + "displayName": "PDNSZ Capacity Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -3382,13 +3333,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT1H", "type": "string" }, - "ERPTxLightLevelHighPolicyEffect": { + "PDNSZCapacityUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Tx Light Level High Policy Effect" + "displayName": "PDNSZ Capacity Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -3397,18 +3348,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ERPTxLightLevelHighAlertState": { + "PDNSZCapacityUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Tx Light Level High Alert State" + "displayName": "PDNSZ Capacity Util Alert State" }, "defaultValue": "true", "type": "string" }, - "ERPTxLightLevelLowAlertSeverity": { + "PDNSZCapacityUtilThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PDNSZ Capacity Util Threshold" + }, + "defaultValue": "80", + "type": "string" + }, + "PDNSZQueryVolumeAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "ERP Tx Light Level Low Alert Severity" + "displayName": "PDNSZ Query Volume Alert Severity" }, "allowedValues": [ "0", @@ -3417,13 +3376,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "4", "type": "String" }, - "ERPTxLightLevelLowWindowSize": { + "PDNSZQueryVolumeWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "ERP Tx Light Level Low Window Size" + "displayName": "PDNSZ Query Volume Window Size" }, "allowedValues": [ "PT1M", @@ -3435,13 +3394,13 @@ "PT12H", "P1D" ], - "defaultValue": "PT5M", + "defaultValue": "PT1H", "type": "string" }, - "ERPTxLightLevelLowEvaluationFrequency": { + "PDNSZQueryVolumeEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "ERP Tx Light Level Low Evaluation Frequency" + "displayName": "PDNSZ Query Volume Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -3450,28 +3409,69 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT1H", "type": "string" }, - "ERPTxLightLevelLowPolicyEffect": { + "PDNSZQueryVolumePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "ERP Tx Light Level Low Policy Effect" + "displayName": "PDNSZ Query Volume Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "ERPTxLightLevelLowAlertState": { + "PDNSZQueryVolumeAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "ERP Tx Light Level Low Alert State" + "displayName": "PDNSZ Query Volume Alert State" }, "defaultValue": "true", "type": "string" + }, + "PDNSZQueryVolumeThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PDNSZ Query Volume Threshold" + }, + "defaultValue": "500", + "type": "string" + }, + "PDNSZRecordSetCapacityAlertSeverity": { + "metadata": { + "description": "Severity of the alert", + "displayName": "PDNSZ Record Set Capacity Alert Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", + "type": "String" + }, + "PDNSZRecordSetCapacityWindowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "PDNSZ Record Set Capacity Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT1H", + "type": "string" } }, "policyDefinitions": [ @@ -3488,12 +3488,12 @@ "evaluationFrequency": { "value": "[parameters('ERCIRQoSDropBitsinPerSecEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERCIRQoSDropBitsinPerSecPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERCIRQoSDropBitsinPerSecWindowSize')]" }, + "effect": { + "value": "[parameters('ERCIRQoSDropBitsinPerSecPolicyEffect')]" + }, "severity": { "value": "[parameters('ERCIRQoSDropBitsinPerSecAlertSeverity')]" }, @@ -3515,12 +3515,12 @@ "evaluationFrequency": { "value": "[parameters('ERCIRQoSDropBitsoutPerSecEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERCIRQoSDropBitsoutPerSecPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERCIRQoSDropBitsoutPerSecWindowSize')]" }, + "effect": { + "value": "[parameters('ERCIRQoSDropBitsoutPerSecPolicyEffect')]" + }, "severity": { "value": "[parameters('ERCIRQoSDropBitsoutPerSecAlertSeverity')]" }, @@ -3542,12 +3542,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGwBGPPeerStatusEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VPNGwBGPPeerStatusPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGwBGPPeerStatusWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGwBGPPeerStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGwBGPPeerStatusAlertSeverity')]" }, @@ -3572,12 +3572,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwERCpuUtilEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwERCpuUtilPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwERCpuUtilWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwERCpuUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwERCpuUtilAlertSeverity')]" }, @@ -3602,12 +3602,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelBWEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelBWPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelBWWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelBWPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelBWAlertSeverity')]" }, @@ -3632,12 +3632,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelEgressEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelEgressPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelEgressWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelEgressPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelEgressAlertSeverity')]" }, @@ -3662,12 +3662,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelIngressEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelIngressPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelIngressWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelIngressPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelIngressAlertSeverity')]" }, @@ -3690,14 +3690,14 @@ "value": "[parameters('ALZMonitorDisableTagName')]" }, "evaluationFrequency": { - "value": "[parameters('VPNGWBandWidthUtilEvaluationFrequency')]" - }, - "effect": { - "value": "[parameters('VPNGWBandWidthUtilPolicyEffect')]" + "value": "[parameters('VPNGWBandWidthUtilEvaluationFrequency')]" }, "windowSize": { "value": "[parameters('VPNGWBandWidthUtilWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWBandWidthUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWBandWidthUtilAlertSeverity')]" }, @@ -3722,12 +3722,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWEgressEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWEgressPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWEgressWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWEgressPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWEgressAlertSeverity')]" }, @@ -3752,12 +3752,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWTunnelEgressPacketDropCountFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWTunnelEgressPacketDropCountPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWTunnelEgressPacketDropCountWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWTunnelEgressPacketDropCountPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWTunnelEgressPacketDropCountAlertSeverity')]" }, @@ -3779,12 +3779,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWTunnelEgressPacketDropMismatchAlertSeverity')]" }, @@ -3806,12 +3806,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWIngressEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWIngressPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWIngressWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWIngressPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWIngressAlertSeverity')]" }, @@ -3839,12 +3839,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWTunnelIngressPacketDropCountFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWTunnelIngressPacketDropCountPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWTunnelIngressPacketDropCountWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWTunnelIngressPacketDropCountPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWTunnelIngressPacketDropCountAlertSeverity')]" }, @@ -3866,12 +3866,12 @@ "evaluationFrequency": { "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchFrequency')]" }, - "effect": { - "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchWindowSize')]" }, + "effect": { + "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchPolicyEffect')]" + }, "severity": { "value": "[parameters('VPNGWTunnelIngressPacketDropMismatchAlertSeverity')]" }, @@ -3893,12 +3893,12 @@ "evaluationFrequency": { "value": "[parameters('PDNSZCapacityUtilEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PDNSZCapacityUtilPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PDNSZCapacityUtilWindowSize')]" }, + "effect": { + "value": "[parameters('PDNSZCapacityUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('PDNSZCapacityUtilAlertSeverity')]" }, @@ -3923,12 +3923,12 @@ "evaluationFrequency": { "value": "[parameters('PDNSZQueryVolumeEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PDNSZQueryVolumePolicyEffect')]" - }, "windowSize": { "value": "[parameters('PDNSZQueryVolumeWindowSize')]" }, + "effect": { + "value": "[parameters('PDNSZQueryVolumePolicyEffect')]" + }, "severity": { "value": "[parameters('PDNSZQueryVolumeAlertSeverity')]" }, @@ -3953,12 +3953,12 @@ "evaluationFrequency": { "value": "[parameters('PDNSZRecordSetCapacityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PDNSZRecordSetCapacityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PDNSZRecordSetCapacityWindowSize')]" }, + "effect": { + "value": "[parameters('PDNSZRecordSetCapacityPolicyEffect')]" + }, "severity": { "value": "[parameters('PDNSZRecordSetCapacityAlertSeverity')]" }, @@ -3983,12 +3983,12 @@ "evaluationFrequency": { "value": "[parameters('PDNSZRegistrationCapacityUtilEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PDNSZRegistrationCapacityUtilPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PDNSZRegistrationCapacityUtilWindowSize')]" }, + "effect": { + "value": "[parameters('PDNSZRegistrationCapacityUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('PDNSZRegistrationCapacityUtilAlertSeverity')]" }, @@ -4013,12 +4013,12 @@ "evaluationFrequency": { "value": "[parameters('ERGwExpressRouteBitsInEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERGwExpressRouteBitsInPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERGwExpressRouteBitsInWindowSize')]" }, + "effect": { + "value": "[parameters('ERGwExpressRouteBitsInPolicyEffect')]" + }, "severity": { "value": "[parameters('ERGwExpressRouteBitsInAlertSeverity')]" }, @@ -4043,12 +4043,12 @@ "evaluationFrequency": { "value": "[parameters('ERGwExpressRouteBitsOutEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERGwExpressRouteBitsOutPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERGwExpressRouteBitsOutWindowSize')]" }, + "effect": { + "value": "[parameters('ERGwExpressRouteBitsOutPolicyEffect')]" + }, "severity": { "value": "[parameters('ERGwExpressRouteBitsOutAlertSeverity')]" }, @@ -4073,12 +4073,12 @@ "evaluationFrequency": { "value": "[parameters('ERGwExpressRouteCpuUtilEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERGwExpressRouteCpuUtilPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERGwExpressRouteCpuUtilWindowSize')]" }, + "effect": { + "value": "[parameters('ERGwExpressRouteCpuUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('ERGwExpressRouteCpuUtilAlertSeverity')]" }, @@ -4103,12 +4103,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelEgressPacketDropCountEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelEgressPacketDropCountPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelEgressPacketDropCountWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelEgressPacketDropCountPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelEgressPacketDropCountAlertSeverity')]" }, @@ -4130,12 +4130,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelEgressPacketDropMismatchAlertSeverity')]" }, @@ -4157,12 +4157,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwExpressRouteBitsPerSecondEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwExpressRouteBitsPerSecondPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwExpressRouteBitsPerSecondWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwExpressRouteBitsPerSecondPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwExpressRouteBitsPerSecondAlertSeverity')]" }, @@ -4187,12 +4187,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelIngressPacketDropMismatchAlertSeverity')]" }, @@ -4214,12 +4214,12 @@ "evaluationFrequency": { "value": "[parameters('VnetGwTunnelIngressPacketDropCountEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VnetGwTunnelIngressPacketDropCountPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VnetGwTunnelIngressPacketDropCountWindowSize')]" }, + "effect": { + "value": "[parameters('VnetGwTunnelIngressPacketDropCountPolicyEffect')]" + }, "severity": { "value": "[parameters('VnetGwTunnelIngressPacketDropCountAlertSeverity')]" }, @@ -4241,12 +4241,12 @@ "evaluationFrequency": { "value": "[parameters('ERCIRBgpAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERCIRBgpAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERCIRBgpAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('ERCIRBgpAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('ERCIRBgpAvailabilityAlertSeverity')]" }, @@ -4271,12 +4271,12 @@ "evaluationFrequency": { "value": "[parameters('ERCIRArpAvailabilityFrequency')]" }, - "effect": { - "value": "[parameters('ERCIRArpAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERCIRArpAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('ERCIRArpAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('ERCIRArpAvailabilityAlertSeverity')]" }, @@ -4301,12 +4301,12 @@ "evaluationFrequency": { "value": "[parameters('AFWSNATPortUtilizationFrequency')]" }, - "effect": { - "value": "[parameters('AFWSNATPortUtilizationPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AFWSNATPortUtilizationWindowSize')]" }, + "effect": { + "value": "[parameters('AFWSNATPortUtilizationPolicyEffect')]" + }, "severity": { "value": "[parameters('AFWSNATPortUtilizationAlertSeverity')]" }, @@ -4331,12 +4331,12 @@ "evaluationFrequency": { "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPBytesInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPBytesInDDoSAlertSeverity')]" }, @@ -4361,12 +4361,12 @@ "evaluationFrequency": { "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPDDoSAttackPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPDDoSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('PIPDDoSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPDDoSAttackAlertSeverity')]" }, @@ -4391,12 +4391,12 @@ "evaluationFrequency": { "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPPacketsInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPPacketsInDDoSAlertSeverity')]" }, @@ -4421,12 +4421,12 @@ "evaluationFrequency": { "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPVIPAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPVIPAvailabilityAlertSeverity')]" }, @@ -4451,12 +4451,12 @@ "evaluationFrequency": { "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VNETDDOSAttackPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VNETDDOSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('VNETDDOSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('VNETDDOSAttackAlertSeverity')]" }, @@ -4481,12 +4481,12 @@ "evaluationFrequency": { "value": "[parameters('FirewallHealthEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('FirewallHealthPolicyEffect')]" - }, "windowSize": { "value": "[parameters('FirewallHealthWindowSize')]" }, + "effect": { + "value": "[parameters('FirewallHealthPolicyEffect')]" + }, "severity": { "value": "[parameters('FirewallHealthAlertSeverity')]" }, @@ -4517,11 +4517,11 @@ "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" } } }, @@ -4544,11 +4544,11 @@ "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" } } }, @@ -4571,11 +4571,11 @@ "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" } } }, @@ -4598,11 +4598,11 @@ "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" } } }, @@ -4619,12 +4619,12 @@ "evaluationFrequency": { "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBDataPathAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBDataPathAvailabilityAlertSeverity')]" }, @@ -4646,12 +4646,12 @@ "evaluationFrequency": { "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBGlobalBackendAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBGlobalBackendAvailabilityAlertSeverity')]" }, @@ -4673,12 +4673,12 @@ "evaluationFrequency": { "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBHealthProbeStatusWindowSize')]" }, + "effect": { + "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('LBHealthProbeStatusAlertSeverity')]" }, @@ -4700,12 +4700,12 @@ "evaluationFrequency": { "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBUsedSNATPortsWindowSize')]" }, + "effect": { + "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" + }, "severity": { "value": "[parameters('LBUsedSNATPortsAlertSeverity')]" }, @@ -4727,12 +4727,12 @@ "evaluationFrequency": { "value": "[parameters('ERPBitsInPerSecondEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPBitsInPerSecondPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPBitsInPerSecondWindowSize')]" }, + "effect": { + "value": "[parameters('ERPBitsInPerSecondPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPBitsInPerSecondAlertSeverity')]" }, @@ -4754,12 +4754,12 @@ "evaluationFrequency": { "value": "[parameters('ERPBitsOutPerSecondEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPBitsOutPerSecondPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPBitsOutPerSecondWindowSize')]" }, + "effect": { + "value": "[parameters('ERPBitsOutPerSecondPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPBitsOutPerSecondAlertSeverity')]" }, @@ -4781,12 +4781,12 @@ "evaluationFrequency": { "value": "[parameters('ERPLineProtocolEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPLineProtocolPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPLineProtocolWindowSize')]" }, + "effect": { + "value": "[parameters('ERPLineProtocolPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPLineProtocolAlertSeverity')]" }, @@ -4808,12 +4808,12 @@ "evaluationFrequency": { "value": "[parameters('ERPRxLightLevelHighEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPRxLightLevelHighPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPRxLightLevelHighWindowSize')]" }, + "effect": { + "value": "[parameters('ERPRxLightLevelHighPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPRxLightLevelHighAlertSeverity')]" }, @@ -4835,12 +4835,12 @@ "evaluationFrequency": { "value": "[parameters('ERPRxLightLevelLowEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPRxLightLevelLowPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPRxLightLevelLowWindowSize')]" }, + "effect": { + "value": "[parameters('ERPRxLightLevelLowPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPRxLightLevelLowAlertSeverity')]" }, @@ -4862,12 +4862,12 @@ "evaluationFrequency": { "value": "[parameters('ERPTxLightLevelHighEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPTxLightLevelHighPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPTxLightLevelHighWindowSize')]" }, + "effect": { + "value": "[parameters('ERPTxLightLevelHighPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPTxLightLevelHighAlertSeverity')]" }, @@ -4889,12 +4889,12 @@ "evaluationFrequency": { "value": "[parameters('ERPTxLightLevelLowEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('ERPTxLightLevelLowPolicyEffect')]" - }, "windowSize": { "value": "[parameters('ERPTxLightLevelLowWindowSize')]" }, + "effect": { + "value": "[parameters('ERPTxLightLevelLowPolicyEffect')]" + }, "severity": { "value": "[parameters('ERPTxLightLevelLowAlertSeverity')]" }, diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-hybridvm.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-hybridvm.jsonc index 663dd03..c564d05 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-hybridvm.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-hybridvm.jsonc @@ -5,45 +5,53 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid VMs", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.", "metadata": { - "_deployed_by_amba": true, "version": "1.1.0", - "category": "Monitoring", + "_deployed_by_amba": true, + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "category": "Monitoring" }, "parameters": { - "ALZMonitorResourceGroupLocation": { + "ALZMonitorResourceGroupName": { "metadata": { - "displayName": "ALZ Monitor Resource Group Location", - "description": "Location of the resource group where the ALZ Monitor resources will be deployed" + "description": "Name of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" }, - "defaultValue": "centralus", + "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, "ALZMonitorResourceGroupTags": { "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" }, "defaultValue": { "_deployed_by_alz_monitor": true }, "type": "Object" }, - "ALZMonitorResourceGroupName": { + "ALZMonitorResourceGroupLocation": { "metadata": { - "displayName": "ALZ Monitor Resource Group Name", - "description": "Name of the resource group where the ALZ Monitor resources will be deployed" + "description": "Location of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" }, - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "centralus", + "type": "String" + }, + "ALZMonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", "type": "String" }, "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, "defaultValue": [ "true", @@ -53,18 +61,10 @@ ], "type": "Array" }, - "ALZMonitorDisableTagName": { - "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "ALZUserAssignedManagedIdentityName": { "metadata": { - "displayName": "Name of the user assigned managed identity to be created.", - "description": "The name of the user assigned managed identity to be created for monitoring purpose." + "description": "The name of the user assigned managed identity to be created for monitoring purpose.", + "displayName": "Name of the user assigned managed identity to be created." }, "defaultValue": "id-AMBA-ARG-Reader-001", "type": "string" @@ -78,16 +78,16 @@ }, "BYOUserAssignedManagedIdentityResourceId": { "metadata": { - "displayName": "Customer defined User Assigned managed Identity resource Id.", - "description": "The resource Id of the user assigned managed identity provided by the customer." + "description": "The resource Id of the user assigned managed identity provided by the customer.", + "displayName": "Customer defined User Assigned managed Identity resource Id." }, "defaultValue": "", "type": "string" }, "HybridVMHeartBeatRGAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Alert Severity", - "description": "Severity of the alert for VM Heart Beat RG" + "description": "Severity of the alert for VM Heart Beat RG", + "displayName": "Hybrid VM Heart Beat RG Alert Severity" }, "allowedValues": [ "0", @@ -101,8 +101,8 @@ }, "HybridVMHeartBeatRGWindowSize": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Heart Beat RG Window Size" }, "allowedValues": [ "PT1M", @@ -119,8 +119,8 @@ }, "HybridVMHeartBeatRGEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Heart Beat RG Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -134,32 +134,32 @@ }, "HybridVMHeartBeatRGAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Heart Beat RG Auto Mitigate" }, "defaultValue": "true", "type": "string" }, "HybridVMHeartBeatRGAutoResolve": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Heart Beat RG Auto Resolve" }, "defaultValue": "true", "type": "string" }, "HybridVMHeartBeatRGAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Heart Beat RG Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, "HybridVMHeartBeatRGPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Heart Beat RG Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -170,24 +170,24 @@ }, "HybridVMHeartBeatRGAlertState": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Hybrid VM Heart Beat RG Alert State" }, "defaultValue": "true", "type": "string" }, "HybridVMHeartBeatRGThreshold": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Heart Beat RG Threshold" }, "defaultValue": "10", "type": "string" }, "HybridVMHeartBeatRGOperator": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Heart Beat RG Operator" }, "allowedValues": [ "GreaterThan" @@ -197,8 +197,8 @@ }, "HybridVMHeartBeatRGTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Heart Beat RG Time Aggregation" }, "allowedValues": [ "Count" @@ -208,8 +208,8 @@ }, "HybridVMHeartBeatRGComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Heart Beat RG Computers To Include", - "description": "Computers To Include for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Heart Beat RG Computers To Include" }, "defaultValue": [ "*" @@ -218,16 +218,16 @@ }, "HybridVMHeartBeatRGFailingPeriods": { "metadata": { - "displayName": "HybridVM Heart Beat RG Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "HybridVM Heart Beat RG Failing Periods" }, "defaultValue": "1", "type": "string" }, "HybridVMNetworkInAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Network In Alert Severity", - "description": "Severity of the alert for VM Network In" + "description": "Severity of the alert for VM Network In", + "displayName": "Hybrid VM Network In Alert Severity" }, "allowedValues": [ "0", @@ -241,8 +241,8 @@ }, "HybridVMNetworkInWindowSize": { "metadata": { - "displayName": "Hybrid VM Network In Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Network In Window Size" }, "allowedValues": [ "PT1M", @@ -259,8 +259,8 @@ }, "HybridVMNetworkInEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Network In Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Network In Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -274,32 +274,32 @@ }, "HybridVMNetworkInAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Network In Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Network In Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkInAutoResolve": { + "HybridVMOSDiskReadLatencyAutoResolve": { "metadata": { - "displayName": "Hybrid VM Network In Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkInAutoResolveTime": { + "HybridVMOSDiskReadLatencyAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Network In Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMNetworkInPolicyEffect": { + "HybridVMOSDiskReadLatencyPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Network In Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM OS Disk Read Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -308,26 +308,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMNetworkInAlertState": { + "HybridVMOSDiskReadLatencyAlertState": { "metadata": { - "displayName": "Hybrid VM Network In Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM OS Disk Read Latency Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkInThreshold": { + "HybridVMOSDiskReadLatencyThreshold": { "metadata": { - "displayName": "Hybrid VM Network In Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Threshold" }, - "defaultValue": "10000000", + "defaultValue": "30", "type": "string" }, - "HybridVMNetworkInOperator": { + "HybridVMOSDiskReadLatencyOperator": { "metadata": { - "displayName": "Hybrid VM Network In Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Operator" }, "allowedValues": [ "GreaterThan" @@ -335,10 +335,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMNetworkInTimeAggregation": { + "HybridVMOSDiskReadLatencyTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Network In Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Time Aggregation" }, "allowedValues": [ "Count" @@ -346,36 +346,36 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMNetworkInEvaluationPeriods": { + "HybridVMOSDiskReadLatencyEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Network In Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMNetworkInFailingPeriods": { + "HybridVMOSDiskReadLatencyFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Network In Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMNetworkInComputersToInclude": { + "HybridVMOSDiskReadLatencyComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Network In Computers To Include", - "description": "Computers To Include for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Computers To Include" }, "defaultValue": [ "*" ], "type": "array" }, - "HybridVMNetworkOutAlertSeverity": { + "HybridVMOSDiskWriteLatencyAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Network Out Alert Severity", - "description": "Severity of the alert for VM Network Out" + "description": "Severity of the alert for VM OS Disk Write Latency", + "displayName": "Hybrid VM OS Disk Write Latency Alert Severity" }, "allowedValues": [ "0", @@ -387,10 +387,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMNetworkOutWindowSize": { + "HybridVMOSDiskWriteLatencyWindowSize": { "metadata": { - "displayName": "Hybrid VM Network Out Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Window Size" }, "allowedValues": [ "PT1M", @@ -405,10 +405,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMNetworkOutEvaluationFrequency": { + "HybridVMOSDiskWriteLatencyEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Network Out Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -420,34 +420,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMNetworkOutAutoMitigate": { + "HybridVMOSDiskWriteLatencyAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Network Out Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkOutAutoResolve": { + "HybridVMOSDiskWriteLatencyAutoResolve": { "metadata": { - "displayName": "Hybrid VM Network Out Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkOutAutoResolveTime": { + "HybridVMOSDiskWriteLatencyAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Network Out Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMNetworkOutPolicyEffect": { + "HybridVMOSDiskWriteLatencyPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Network Out Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM OS Disk Write Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -456,26 +456,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMNetworkOutAlertState": { + "HybridVMOSDiskWriteLatencyAlertState": { "metadata": { - "displayName": "Hybrid VM Network Out Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM OS Disk Write Latency Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMNetworkOutThreshold": { + "HybridVMOSDiskWriteLatencyThreshold": { "metadata": { - "displayName": "Hybrid VM Network Out Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Threshold" }, - "defaultValue": "10000000", + "defaultValue": "50", "type": "string" }, - "HybridVMNetworkOutOperator": { + "HybridVMOSDiskWriteLatencyOperator": { "metadata": { - "displayName": "Hybrid VM Network Out Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Operator" }, "allowedValues": [ "GreaterThan" @@ -483,10 +483,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMNetworkOutTimeAggregation": { + "HybridVMOSDiskWriteLatencyTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Network Out Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Time Aggregation" }, "allowedValues": [ "Count" @@ -494,36 +494,36 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMNetworkOutEvaluationPeriods": { + "HybridVMOSDiskWriteLatencyEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Network Out Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMNetworkOutFailingPeriods": { + "HybridVMOSDiskWriteLatencyFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Network Out Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMNetworkOutComputersToInclude": { + "HybridVMOSDiskWriteLatencyComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Network Out Computers To Include", - "description": "Computers To Include for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM OS Disk Write Latency Computers To Include" }, "defaultValue": [ "*" ], "type": "array" }, - "HybridVMOSDiskReadLatencyAlertSeverity": { + "HybridVMOSDiskSpaceAlertSeverity": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Alert Severity", - "description": "Severity of the alert for VM OS Disk Read Latency" + "description": "Severity of the alert for VM OS Disk Space", + "displayName": "Hybrid VM OS Disk Space Alert Severity" }, "allowedValues": [ "0", @@ -535,10 +535,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMOSDiskReadLatencyWindowSize": { + "HybridVMOSDiskSpaceWindowSize": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM OS Disk Space Window Size" }, "allowedValues": [ "PT1M", @@ -553,10 +553,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMOSDiskReadLatencyEvaluationFrequency": { + "HybridVMOSDiskSpaceEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM OS Disk Space Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -568,34 +568,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMOSDiskReadLatencyAutoMitigate": { + "HybridVMOSDiskSpaceAutoMitigate": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM OS Disk Space Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskReadLatencyAutoResolve": { + "HybridVMOSDiskSpaceAutoResolve": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM OS Disk Space Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskReadLatencyAutoResolveTime": { + "HybridVMOSDiskSpaceAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM OS Disk Space Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMOSDiskReadLatencyPolicyEffect": { + "HybridVMOSDiskSpacePolicyEffect": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM OS Disk Space Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -604,26 +604,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMOSDiskReadLatencyAlertState": { + "HybridVMOSDiskSpaceAlertState": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM OS Disk Space Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskReadLatencyThreshold": { + "HybridVMOSDiskSpaceThreshold": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM OS Disk Space Threshold" }, - "defaultValue": "30", + "defaultValue": "10", "type": "string" }, - "HybridVMOSDiskReadLatencyOperator": { + "HybridVMOSDiskSpaceOperator": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM OS Disk Space Operator" }, "allowedValues": [ "GreaterThan" @@ -631,10 +631,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMOSDiskReadLatencyTimeAggregation": { + "HybridVMOSDiskSpaceTimeAggregation": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM OS Disk Space Time Aggregation" }, "allowedValues": [ "Count" @@ -642,36 +642,36 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMOSDiskReadLatencyEvaluationPeriods": { + "HybridVMOSDiskSpaceEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM OS Disk Space Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMOSDiskReadLatencyFailingPeriods": { + "HybridVMOSDiskSpaceFailingPeriods": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM OS Disk Space Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMOSDiskReadLatencyComputersToInclude": { + "HybridVMOSDiskSpaceComputersToInclude": { "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM OS Disk Space Computers To Include" }, "defaultValue": [ "*" ], "type": "array" }, - "HybridVMOSDiskWriteLatencyAlertSeverity": { + "HybridVMPercentCPUAlertSeverity": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Alert Severity", - "description": "Severity of the alert for VM OS Disk Write Latency" + "description": "Severity of the alert for VM Percent CPU", + "displayName": "Hybrid VM Percent CPU Alert Severity" }, "allowedValues": [ "0", @@ -683,10 +683,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMOSDiskWriteLatencyWindowSize": { + "HybridVMPercentCPUWindowSize": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Percent CPU Window Size" }, "allowedValues": [ "PT1M", @@ -701,10 +701,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMOSDiskWriteLatencyEvaluationFrequency": { + "HybridVMPercentCPUEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Percent CPU Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -716,34 +716,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMOSDiskWriteLatencyAutoMitigate": { + "HybridVMPercentCPUAutoMitigate": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Percent CPU Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskWriteLatencyAutoResolve": { + "HybridVMPercentCPUAutoResolve": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Percent CPU Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskWriteLatencyAutoResolveTime": { + "HybridVMPercentCPUAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Percent CPU Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMOSDiskWriteLatencyPolicyEffect": { + "HybridVMPercentCPUPolicyEffect": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Percent CPU Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -752,26 +752,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMOSDiskWriteLatencyAlertState": { + "HybridVMPercentCPUAlertState": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Percent CPU Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskWriteLatencyThreshold": { + "HybridVMPercentCPUThreshold": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Percent CPU Threshold" }, - "defaultValue": "50", + "defaultValue": "85", "type": "string" }, - "HybridVMOSDiskWriteLatencyOperator": { + "HybridVMPercentCPUOperator": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Percent CPU Operator" }, "allowedValues": [ "GreaterThan" @@ -779,10 +779,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMOSDiskWriteLatencyTimeAggregation": { + "HybridVMPercentCPUTimeAggregation": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Percent CPU Time Aggregation" }, "allowedValues": [ "Count" @@ -790,36 +790,18 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMOSDiskWriteLatencyEvaluationPeriods": { - "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Evaluation Periods", - "description": "Evaluation Periods for the alert" - }, - "defaultValue": "1", - "type": "string" - }, - "HybridVMOSDiskWriteLatencyFailingPeriods": { + "HybridVMPercentCPUFailingPeriods": { "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Percent CPU Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMOSDiskWriteLatencyComputersToInclude": { - "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, - "HybridVMOSDiskSpaceAlertSeverity": { + "HybridVMPercentMemoryAlertSeverity": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Alert Severity", - "description": "Severity of the alert for VM OS Disk Space" + "description": "Severity of the alert for VM Percent Memory", + "displayName": "Hybrid VM Percent Memory Alert Severity" }, "allowedValues": [ "0", @@ -831,10 +813,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMOSDiskSpaceWindowSize": { + "HybridVMPercentMemoryWindowSize": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Percent Memory Window Size" }, "allowedValues": [ "PT1M", @@ -849,10 +831,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMOSDiskSpaceEvaluationFrequency": { + "HybridVMPercentMemoryEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Percent Memory Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -864,34 +846,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMOSDiskSpaceAutoMitigate": { + "HybridVMPercentMemoryAutoMitigate": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Percent Memory Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskSpaceAutoResolve": { + "HybridVMPercentMemoryAutoResolve": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Percent Memory Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskSpaceAutoResolveTime": { + "HybridVMPercentMemoryAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Percent Memory Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMOSDiskSpacePolicyEffect": { + "HybridVMPercentMemoryPolicyEffect": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Percent Memory Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -900,26 +882,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMOSDiskSpaceAlertState": { + "HybridVMPercentMemoryAlertState": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Percent Memory Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMOSDiskSpaceThreshold": { + "HybridVMPercentMemoryThreshold": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Percent Memory Threshold" }, "defaultValue": "10", "type": "string" }, - "HybridVMOSDiskSpaceOperator": { + "HybridVMPercentMemoryOperator": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Percent Memory Operator" }, "allowedValues": [ "GreaterThan" @@ -927,10 +909,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMOSDiskSpaceTimeAggregation": { + "HybridVMPercentMemoryTimeAggregation": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Percent Memory Time Aggregation" }, "allowedValues": [ "Count" @@ -938,36 +920,18 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMOSDiskSpaceEvaluationPeriods": { - "metadata": { - "displayName": "Hybrid VM OS Disk Space Evaluation Periods", - "description": "Evaluation Periods for the alert" - }, - "defaultValue": "1", - "type": "string" - }, - "HybridVMOSDiskSpaceFailingPeriods": { + "HybridVMPercentMemoryFailingPeriods": { "metadata": { - "displayName": "Hybrid VM OS Disk Space Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Percent Memory Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMOSDiskSpaceComputersToInclude": { - "metadata": { - "displayName": "Hybrid VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - }, - "defaultValue": [ - "*" - ], - "type": "array" - }, - "HybridVMPercentCPUAlertSeverity": { + "HybridVMDataDiskSpaceAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Percent CPU Alert Severity", - "description": "Severity of the alert for VM Percent CPU" + "description": "Severity of the alert for VM Data Disk Space", + "displayName": "Hybrid VM Data Disk Space Alert Severity" }, "allowedValues": [ "0", @@ -979,10 +943,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMPercentCPUWindowSize": { + "HybridVMDataDiskSpaceWindowSize": { "metadata": { - "displayName": "Hybrid VM Percent CPU Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Data Disk Space Window Size" }, "allowedValues": [ "PT1M", @@ -997,10 +961,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMPercentCPUEvaluationFrequency": { + "HybridVMDataDiskSpaceEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Percent CPU Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Data Disk Space Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1012,34 +976,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMPercentCPUAutoMitigate": { + "HybridVMDataDiskSpaceAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Percent CPU Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Data Disk Space Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentCPUAutoResolve": { + "HybridVMDataDiskSpaceAutoResolve": { "metadata": { - "displayName": "Hybrid VM Percent CPU Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Data Disk Space Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentCPUAutoResolveTime": { + "HybridVMDataDiskSpaceAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Percent CPU Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Data Disk Space Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMPercentCPUPolicyEffect": { + "HybridVMDataDiskSpacePolicyEffect": { "metadata": { - "displayName": "Hybrid VM Percent CPU Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Data Disk Space Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1048,26 +1012,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMPercentCPUAlertState": { + "HybridVMDataDiskSpaceAlertState": { "metadata": { - "displayName": "Hybrid VM Percent CPU Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Data Disk Space Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentCPUThreshold": { + "HybridVMDataDiskSpaceThreshold": { "metadata": { - "displayName": "Hybrid VM Percent CPU Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Data Disk Space Threshold" }, - "defaultValue": "85", + "defaultValue": "10", "type": "string" }, - "HybridVMPercentCPUOperator": { + "HybridVMDataDiskSpaceOperator": { "metadata": { - "displayName": "Hybrid VM Percent CPU Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Data Disk Space Operator" }, "allowedValues": [ "GreaterThan" @@ -1075,10 +1039,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMPercentCPUTimeAggregation": { + "HybridVMDataDiskSpaceTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Percent CPU Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Data Disk Space Time Aggregation" }, "allowedValues": [ "Count" @@ -1086,18 +1050,36 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMPercentCPUFailingPeriods": { + "HybridVMDataDiskSpaceEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Percent CPU Failing Periods", - "description": "Failing Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM Data Disk Space Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMPercentMemoryAlertSeverity": { + "HybridVMDataDiskSpaceFailingPeriods": { + "metadata": { + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Data Disk Space Failing Periods" + }, + "defaultValue": "1", + "type": "string" + }, + "HybridVMDataDiskSpaceComputersToInclude": { + "metadata": { + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Data Disk Space Computers To Include" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, + "HybridVMDataDiskReadLatencyAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Percent Memory Alert Severity", - "description": "Severity of the alert for VM Percent Memory" + "description": "Severity of the alert for VM Data Disk Read Latency", + "displayName": "Hybrid VM Data Disk Read Latency Alert Severity" }, "allowedValues": [ "0", @@ -1109,10 +1091,10 @@ "defaultValue": "2", "type": "String" }, - "HybridVMPercentMemoryWindowSize": { + "HybridVMDataDiskReadLatencyWindowSize": { "metadata": { - "displayName": "Hybrid VM Percent Memory Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Window Size" }, "allowedValues": [ "PT1M", @@ -1127,10 +1109,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMPercentMemoryEvaluationFrequency": { + "HybridVMDataDiskReadLatencyEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Percent Memory Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1142,34 +1124,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMPercentMemoryAutoMitigate": { + "HybridVMDataDiskReadLatencyAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Percent Memory Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentMemoryAutoResolve": { + "HybridVMDataDiskReadLatencyAutoResolve": { "metadata": { - "displayName": "Hybrid VM Percent Memory Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentMemoryAutoResolveTime": { + "HybridVMDataDiskReadLatencyAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Percent Memory Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMPercentMemoryPolicyEffect": { + "HybridVMDataDiskReadLatencyPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Percent Memory Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Data Disk Read Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1178,26 +1160,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMPercentMemoryAlertState": { + "HybridVMDataDiskReadLatencyAlertState": { "metadata": { - "displayName": "Hybrid VM Percent Memory Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Data Disk Read Latency Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMPercentMemoryThreshold": { + "HybridVMDataDiskReadLatencyThreshold": { "metadata": { - "displayName": "Hybrid VM Percent Memory Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Threshold" }, - "defaultValue": "10", + "defaultValue": "30", "type": "string" }, - "HybridVMPercentMemoryOperator": { + "HybridVMDataDiskReadLatencyOperator": { "metadata": { - "displayName": "Hybrid VM Percent Memory Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Operator" }, "allowedValues": [ "GreaterThan" @@ -1205,10 +1187,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMPercentMemoryTimeAggregation": { + "HybridVMDataDiskReadLatencyTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Percent Memory Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Time Aggregation" }, "allowedValues": [ "Count" @@ -1216,33 +1198,51 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMPercentMemoryFailingPeriods": { + "HybridVMDataDiskReadLatencyEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Percent Memory Failing Periods", - "description": "Failing Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskSpaceAlertSeverity": { + "HybridVMDataDiskReadLatencyFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Alert Severity", - "description": "Severity of the alert for VM Data Disk Space" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Failing Periods" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "defaultValue": "1", + "type": "string" + }, + "HybridVMDataDiskReadLatencyComputersToInclude": { + "metadata": { + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Data Disk Read Latency Computers To Include" + }, + "defaultValue": [ + "*" + ], + "type": "array" + }, + "HybridVMDataDiskWriteLatencyAlertSeverity": { + "metadata": { + "description": "Severity of the alert for VM Data Disk Write Latency", + "displayName": "Hybrid VM Data Disk Write Latency Alert Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" ], "defaultValue": "2", "type": "String" }, - "HybridVMDataDiskSpaceWindowSize": { + "HybridVMDataDiskWriteLatencyWindowSize": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Window Size" }, "allowedValues": [ "PT1M", @@ -1257,10 +1257,10 @@ "defaultValue": "PT15M", "type": "string" }, - "HybridVMDataDiskSpaceEvaluationFrequency": { + "HybridVMDataDiskWriteLatencyEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1272,34 +1272,34 @@ "defaultValue": "PT5M", "type": "string" }, - "HybridVMDataDiskSpaceAutoMitigate": { + "HybridVMDataDiskWriteLatencyAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskSpaceAutoResolve": { + "HybridVMDataDiskWriteLatencyAutoResolve": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve" }, "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskSpaceAutoResolveTime": { + "HybridVMDataDiskWriteLatencyAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve Time" }, "defaultValue": "00:10:00", "type": "string" }, - "HybridVMDataDiskSpacePolicyEffect": { + "HybridVMDataDiskWriteLatencyPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Data Disk Write Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1308,26 +1308,26 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMDataDiskSpaceAlertState": { + "HybridVMDataDiskWriteLatencyAlertState": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Data Disk Write Latency Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskSpaceThreshold": { + "HybridVMDataDiskWriteLatencyThreshold": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Threshold" }, - "defaultValue": "10", + "defaultValue": "30", "type": "string" }, - "HybridVMDataDiskSpaceOperator": { + "HybridVMDataDiskWriteLatencyOperator": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Operator", - "description": "Operator for the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Operator" }, "allowedValues": [ "GreaterThan" @@ -1335,10 +1335,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMDataDiskSpaceTimeAggregation": { + "HybridVMDataDiskWriteLatencyTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Time Aggregation" }, "allowedValues": [ "Count" @@ -1346,28 +1346,36 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMDataDiskSpaceFailingPeriods": { + "HybridVMDataDiskWriteLatencyEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Failing Periods", - "description": "Failing Periods for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskSpaceComputersToInclude": { + "HybridVMDataDiskWriteLatencyFailingPeriods": { + "metadata": { + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Failing Periods" + }, + "defaultValue": "1", + "type": "string" + }, + "HybridVMDataDiskWriteLatencyComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Computers To Include", - "description": "Computers To Include for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Data Disk Write Latency Computers To Include" }, "defaultValue": [ "*" ], "type": "array" }, - "HybridVMDataDiskReadLatencyAlertSeverity": { + "HybridVMDisconnectedAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Alert Severity", - "description": "Severity of the alert for VM Data Disk Read Latency" + "description": "Severity of the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Alert Severity" }, "allowedValues": [ "0", @@ -1376,70 +1384,52 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, - "HybridVMDataDiskReadLatencyWindowSize": { + "HybridVMDisconnectedAlertWindowSize": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Window Size", - "description": "Window size for the alert" + "description": "Window size for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Window Size" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", "PT12H", "P1D" ], - "defaultValue": "PT15M", + "defaultValue": "P1D", "type": "string" }, - "HybridVMDataDiskReadLatencyEvaluationFrequency": { + "HybridVMDisconnectedAlertEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Evaluation Frequency" }, "allowedValues": [ - "PT1M", "PT5M", + "PT10M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT2H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "PT5M", - "type": "string" - }, - "HybridVMDataDiskReadLatencyAutoMitigate": { - "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Auto Mitigate", - "description": "Auto Mitigate for the alert" - }, - "defaultValue": "true", + "defaultValue": "PT10M", "type": "string" }, - "HybridVMDataDiskReadLatencyAutoResolve": { + "HybridVMDisconnectedAlertAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Auto Mitigate for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Auto Mitigate" }, "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskReadLatencyAutoResolveTime": { - "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Auto Resolve Time", - "description": "Auto Resolve Time for the alert" - }, - "defaultValue": "00:10:00", - "type": "string" - }, - "HybridVMDataDiskReadLatencyPolicyEffect": { + "HybridVMDisconnectedAlertPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Disconnected Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1448,26 +1438,41 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMDataDiskReadLatencyAlertState": { + "HybridVMDisconnectedAlertState": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Disconnected Alert State" }, "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskReadLatencyThreshold": { + "HybridVMDisconnectedAlertThreshold": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Threshold", - "description": "Threshold for the alert" + "description": "Threshold in timespan value for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)" }, - "defaultValue": "30", + "allowedValues": [ + "5m", + "10m", + "15m", + "30m", + "1h", + "2h", + "3h", + "6h", + "12h", + "1d", + "2d", + "3d", + "7d" + ], + "defaultValue": "10m", "type": "string" }, - "HybridVMDataDiskReadLatencyOperator": { + "HybridVMDisconnectedAlertOperator": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Operator", - "description": "Operator for the alert" + "description": "Operator for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Operator" }, "allowedValues": [ "GreaterThan" @@ -1475,10 +1480,10 @@ "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMDataDiskReadLatencyTimeAggregation": { + "HybridVMDisconnectedAlertTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Time Aggregation for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Time Aggregation" }, "allowedValues": [ "Count" @@ -1486,36 +1491,44 @@ "defaultValue": "Count", "type": "string" }, - "HybridVMDataDiskReadLatencyEvaluationPeriods": { + "HybridVMDisconnectedAlertEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Evaluation Periods for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Evaluation Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskReadLatencyFailingPeriods": { + "HybridVMDisconnectedAlertFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Failing Periods", - "description": "Failing Periods for the alert" + "description": "Failing Periods for the Hybrid VM Disconnected alert", + "displayName": "Hybrid VM Disconnected Failing Periods" }, "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskReadLatencyComputersToInclude": { + "HybridVMOSDiskReadLatencyWindowSize": { "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Window Size" }, - "defaultValue": [ - "*" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "type": "array" + "defaultValue": "PT15M", + "type": "string" }, - "HybridVMDataDiskWriteLatencyAlertSeverity": { + "HybridVMOSDiskReadLatencyAlertSeverity": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Alert Severity", - "description": "Severity of the alert for VM Data Disk Write Latency" + "description": "Severity of the alert for VM OS Disk Read Latency", + "displayName": "Hybrid VM OS Disk Read Latency Alert Severity" }, "allowedValues": [ "0", @@ -1527,143 +1540,158 @@ "defaultValue": "2", "type": "String" }, - "HybridVMDataDiskWriteLatencyWindowSize": { + "HybridVMOSDiskReadLatencyEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Window Size", - "description": "Window size for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT15M", + "defaultValue": "PT5M", "type": "string" }, - "HybridVMDataDiskWriteLatencyEvaluationFrequency": { + "HybridVMNetworkOutComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Network Out Computers To Include" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "defaultValue": [ + "*" ], - "defaultValue": "PT5M", - "type": "string" + "type": "array" }, - "HybridVMDataDiskWriteLatencyAutoMitigate": { + "HybridVMNetworkOutFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Auto Mitigate", - "description": "Auto Mitigate for the alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Network Out Failing Periods" }, - "defaultValue": "true", + "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskWriteLatencyAutoResolve": { + "HybridVMNetworkOutEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve", - "description": "Auto Resolve for the alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM Network Out Evaluation Periods" }, - "defaultValue": "true", + "defaultValue": "1", "type": "string" }, - "HybridVMDataDiskWriteLatencyAutoResolveTime": { + "HybridVMNetworkOutTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Auto Resolve Time", - "description": "Auto Resolve Time for the alert" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Network Out Time Aggregation" }, - "defaultValue": "00:10:00", + "allowedValues": [ + "Count" + ], + "defaultValue": "Count", "type": "string" }, - "HybridVMDataDiskWriteLatencyPolicyEffect": { + "HybridVMNetworkOutOperator": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Operator for the alert", + "displayName": "Hybrid VM Network Out Operator" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "GreaterThan" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMDataDiskWriteLatencyAlertState": { + "HybridVMNetworkOutThreshold": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Network Out Threshold" }, - "defaultValue": "true", + "defaultValue": "10000000", "type": "string" }, - "HybridVMDataDiskWriteLatencyThreshold": { + "HybridVMNetworkOutAlertState": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Threshold", - "description": "Threshold for the alert" + "description": "Alert state for the alert, true will enable the alert, false will disable the alert", + "displayName": "Hybrid VM Network Out Alert State" }, - "defaultValue": "30", + "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskWriteLatencyOperator": { + "HybridVMNetworkOutPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Operator", - "description": "Operator for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Network Out Policy Effect" }, "allowedValues": [ - "GreaterThan" + "deployIfNotExists", + "disabled" ], - "defaultValue": "GreaterThan", + "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMDataDiskWriteLatencyTimeAggregation": { + "HybridVMNetworkOutAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Time Aggregation", - "description": "Time Aggregation for the alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Network Out Auto Resolve Time" }, - "allowedValues": [ - "Count" - ], - "defaultValue": "Count", + "defaultValue": "00:10:00", "type": "string" }, - "HybridVMDataDiskWriteLatencyEvaluationPeriods": { + "HybridVMNetworkOutAutoResolve": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Network Out Auto Resolve" }, - "defaultValue": "1", + "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskWriteLatencyFailingPeriods": { + "HybridVMNetworkOutAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Failing Periods", - "description": "Failing Periods for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM Network Out Auto Mitigate" }, - "defaultValue": "1", + "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskWriteLatencyComputersToInclude": { + "HybridVMNetworkOutEvaluationFrequency": { "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Hybrid VM Network Out Evaluation Frequency" }, - "defaultValue": [ - "*" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "type": "array" + "defaultValue": "PT5M", + "type": "string" }, - "HybridVMDisconnectedAlertSeverity": { + "HybridVMNetworkOutWindowSize": { "metadata": { - "displayName": "Hybrid VM Disconnected Alert Severity", - "description": "Severity of the Hybrid VM Disconnected alert" + "description": "Window size for the alert", + "displayName": "Hybrid VM Network Out Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT15M", + "type": "string" + }, + "HybridVMNetworkOutAlertSeverity": { + "metadata": { + "description": "Severity of the alert for VM Network Out", + "displayName": "Hybrid VM Network Out Alert Severity" }, "allowedValues": [ "0", @@ -1672,135 +1700,107 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "HybridVMDisconnectedAlertWindowSize": { + "HybridVMNetworkInComputersToInclude": { "metadata": { - "displayName": "Hybrid VM Disconnected Window Size", - "description": "Window size for the Hybrid VM Disconnected alert" + "description": "Computers To Include for the alert", + "displayName": "Hybrid VM Network In Computers To Include" }, - "allowedValues": [ - "PT12H", - "P1D" + "defaultValue": [ + "*" ], - "defaultValue": "P1D", - "type": "string" + "type": "array" }, - "HybridVMDisconnectedAlertEvaluationFrequency": { + "HybridVMNetworkInFailingPeriods": { "metadata": { - "displayName": "Hybrid VM Disconnected Evaluation Frequency", - "description": "Evaluation frequency for the Hybrid VM Disconnected alert" + "description": "Failing Periods for the alert", + "displayName": "Hybrid VM Network In Failing Periods" }, - "allowedValues": [ - "PT5M", - "PT10M", - "PT15M", - "PT30M", - "PT1H", - "PT2H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT10M", + "defaultValue": "1", "type": "string" }, - "HybridVMDisconnectedAlertAutoMitigate": { + "HybridVMNetworkInEvaluationPeriods": { "metadata": { - "displayName": "Hybrid VM Disconnected Auto Mitigate", - "description": "Auto Mitigate for the Hybrid VM Disconnected alert" + "description": "Evaluation Periods for the alert", + "displayName": "Hybrid VM Network In Evaluation Periods" }, - "defaultValue": "true", + "defaultValue": "1", "type": "string" }, - "HybridVMDisconnectedAlertPolicyEffect": { + "HybridVMNetworkInTimeAggregation": { "metadata": { - "displayName": "Hybrid VM Disconnected Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Time Aggregation for the alert", + "displayName": "Hybrid VM Network In Time Aggregation" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "Count" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "Count", "type": "string" }, - "HybridVMDisconnectedAlertState": { + "HybridVMNetworkInOperator": { "metadata": { - "displayName": "Hybrid VM Disconnected Alert State", - "description": "Alert state for the alert, true will enable the alert, false will disable the alert" + "description": "Operator for the alert", + "displayName": "Hybrid VM Network In Operator" }, - "defaultValue": "true", + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "GreaterThan", "type": "string" }, - "HybridVMDisconnectedAlertThreshold": { + "HybridVMNetworkInThreshold": { "metadata": { - "displayName": "Hybrid VM Disconnected Threshold (expressed in timespan)", - "description": "Threshold in timespan value for the Hybrid VM Disconnected alert" + "description": "Threshold for the alert", + "displayName": "Hybrid VM Network In Threshold" }, - "allowedValues": [ - "5m", - "10m", - "15m", - "30m", - "1h", - "2h", - "3h", - "6h", - "12h", - "1d", - "2d", - "3d", - "7d" - ], - "defaultValue": "10m", + "defaultValue": "10000000", "type": "string" }, - "HybridVMDisconnectedAlertOperator": { + "HybridVMNetworkInAlertState": { "metadata": { - "displayName": "Hybrid VM Disconnected Operator", - "description": "Operator for the Hybrid VM Disconnected alert" + "description": "Alert state for the alert", + "displayName": "Hybrid VM Network In Alert State" }, - "allowedValues": [ - "GreaterThan" - ], - "defaultValue": "GreaterThan", + "defaultValue": "true", "type": "string" }, - "HybridVMDisconnectedAlertTimeAggregation": { + "HybridVMNetworkInPolicyEffect": { "metadata": { - "displayName": "Hybrid VM Disconnected Time Aggregation", - "description": "Time Aggregation for the Hybrid VM Disconnected alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Hybrid VM Network In Policy Effect" }, "allowedValues": [ - "Count" + "deployIfNotExists", + "disabled" ], - "defaultValue": "Count", + "defaultValue": "deployIfNotExists", "type": "string" }, - "HybridVMDisconnectedAlertEvaluationPeriods": { + "HybridVMNetworkInAutoResolveTime": { "metadata": { - "displayName": "Hybrid VM Disconnected Evaluation Periods", - "description": "Evaluation Periods for the Hybrid VM Disconnected alert" + "description": "Auto Resolve Time for the alert", + "displayName": "Hybrid VM Network In Auto Resolve Time" }, - "defaultValue": "1", + "defaultValue": "00:10:00", "type": "string" }, - "HybridVMDisconnectedAlertFailingPeriods": { + "HybridVMNetworkInAutoResolve": { "metadata": { - "displayName": "Hybrid VM Disconnected Failing Periods", - "description": "Failing Periods for the Hybrid VM Disconnected alert" + "description": "Auto Resolve for the alert", + "displayName": "Hybrid VM Network In Auto Resolve" }, - "defaultValue": "1", + "defaultValue": "true", "type": "string" }, - "HybridVMDataDiskSpaceEvaluationPeriods": { + "HybridVMOSDiskReadLatencyAutoMitigate": { "metadata": { - "displayName": "Hybrid VM Data Disk Space Evaluation Periods", - "description": "Evaluation Periods for the alert" + "description": "Auto Mitigate for the alert", + "displayName": "Hybrid VM OS Disk Read Latency Auto Mitigate" }, - "defaultValue": "1", + "defaultValue": "true", "type": "string" } }, @@ -1812,20 +1812,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMHeartBeatRGEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMHeartBeatRGAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMHeartBeatRGAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMHeartBeatRGPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMHeartBeatRGWindowSize')]" @@ -1836,32 +1842,26 @@ "severity": { "value": "[parameters('HybridVMHeartBeatRGAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMHeartBeatRGThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMHeartBeatRGTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + "threshold": { + "value": "[parameters('HybridVMHeartBeatRGThreshold')]" }, "failingPeriods": { "value": "[parameters('HybridVMHeartBeatRGFailingPeriods')]" }, - "effect": { - "value": "[parameters('HybridVMHeartBeatRGPolicyEffect')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "operator": { - "value": "[parameters('HybridVMHeartBeatRGOperator')]" + "computersToInclude": { + "value": "[parameters('HybridVMHeartBeatRGComputersToInclude')]" }, "autoResolveTime": { "value": "[parameters('HybridVMHeartBeatRGAutoResolveTime')]" }, - "computersToInclude": { - "value": "[parameters('HybridVMHeartBeatRGComputersToInclude')]" + "operator": { + "value": "[parameters('HybridVMHeartBeatRGOperator')]" }, "autoResolve": { "value": "[parameters('HybridVMHeartBeatRGAutoResolve')]" @@ -1875,20 +1875,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMNetworkInEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMNetworkInAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMNetworkInAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMNetworkInPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMNetworkInWindowSize')]" @@ -1899,23 +1905,23 @@ "severity": { "value": "[parameters('HybridVMNetworkInAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMNetworkInThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMNetworkInTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMNetworkInThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMNetworkInFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMNetworkInFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMNetworkInComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMNetworkInPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMNetworkInAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMNetworkInEvaluationPeriods')]" @@ -1923,12 +1929,6 @@ "operator": { "value": "[parameters('HybridVMNetworkInOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMNetworkInAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMNetworkInComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMNetworkInAutoResolve')]" } @@ -1941,20 +1941,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMNetworkOutEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMNetworkOutAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMNetworkOutAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMNetworkOutPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMNetworkOutWindowSize')]" @@ -1965,23 +1971,23 @@ "severity": { "value": "[parameters('HybridVMNetworkOutAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMNetworkOutThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMNetworkOutTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMNetworkOutThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMNetworkOutFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMNetworkOutFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMNetworkOutComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMNetworkOutPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMNetworkOutAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMNetworkOutEvaluationPeriods')]" @@ -1989,12 +1995,6 @@ "operator": { "value": "[parameters('HybridVMNetworkOutOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMNetworkOutAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMNetworkOutComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMNetworkOutAutoResolve')]" } @@ -2007,20 +2007,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMOSDiskReadLatencyEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMOSDiskReadLatencyAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMOSDiskReadLatencyAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMOSDiskReadLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMOSDiskReadLatencyWindowSize')]" @@ -2031,23 +2037,23 @@ "severity": { "value": "[parameters('HybridVMOSDiskReadLatencyAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMOSDiskReadLatencyThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMOSDiskReadLatencyTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMOSDiskReadLatencyThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMOSDiskReadLatencyFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMOSDiskReadLatencyFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMOSDiskReadLatencyComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMOSDiskReadLatencyPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMOSDiskReadLatencyAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMOSDiskReadLatencyEvaluationPeriods')]" @@ -2055,12 +2061,6 @@ "operator": { "value": "[parameters('HybridVMOSDiskReadLatencyOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMOSDiskReadLatencyAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMOSDiskReadLatencyComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMOSDiskReadLatencyAutoResolve')]" } @@ -2073,20 +2073,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMOSDiskWriteLatencyEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMOSDiskWriteLatencyAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMOSDiskWriteLatencyAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMOSDiskWriteLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMOSDiskWriteLatencyWindowSize')]" @@ -2097,23 +2103,23 @@ "severity": { "value": "[parameters('HybridVMOSDiskWriteLatencyAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMOSDiskWriteLatencyThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMOSDiskWriteLatencyTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMOSDiskWriteLatencyThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMOSDiskWriteLatencyFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMOSDiskWriteLatencyFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMOSDiskWriteLatencyComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMOSDiskWriteLatencyPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMOSDiskWriteLatencyAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMOSDiskWriteLatencyEvaluationPeriods')]" @@ -2121,12 +2127,6 @@ "operator": { "value": "[parameters('HybridVMOSDiskWriteLatencyOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMOSDiskWriteLatencyAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMOSDiskWriteLatencyComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMOSDiskWriteLatencyAutoResolve')]" } @@ -2139,20 +2139,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMOSDiskSpaceEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMOSDiskSpaceAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMOSDiskSpaceAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMOSDiskSpacePolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMOSDiskSpaceWindowSize')]" @@ -2161,25 +2167,25 @@ "value": "[parameters('HybridVMOSDiskSpaceAlertState')]" }, "severity": { - "value": "[parameters('HybridVMOSDiskSpaceAlertSeverity')]" - }, - "threshold": { - "value": "[parameters('HybridVMOSDiskSpaceThreshold')]" + "value": "[parameters('HybridVMOSDiskSpaceAlertSeverity')]" }, "timeAggregation": { "value": "[parameters('HybridVMOSDiskSpaceTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMOSDiskSpaceThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMOSDiskSpaceFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMOSDiskSpaceFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMOSDiskSpaceComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMOSDiskSpacePolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMOSDiskSpaceAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMOSDiskSpaceEvaluationPeriods')]" @@ -2187,12 +2193,6 @@ "operator": { "value": "[parameters('HybridVMOSDiskSpaceOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMOSDiskSpaceAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMOSDiskSpaceComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMOSDiskSpaceAutoResolve')]" } @@ -2205,20 +2205,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMPercentCPUEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMPercentCPUAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMPercentCPUAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMPercentCPUPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMPercentCPUWindowSize')]" @@ -2229,30 +2235,24 @@ "severity": { "value": "[parameters('HybridVMPercentCPUAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMPercentCPUThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMPercentCPUTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + "threshold": { + "value": "[parameters('HybridVMPercentCPUThreshold')]" }, "failingPeriods": { "value": "[parameters('HybridVMPercentCPUFailingPeriods')]" }, - "effect": { - "value": "[parameters('HybridVMPercentCPUPolicyEffect')]" - }, - "operator": { - "value": "[parameters('HybridVMPercentCPUOperator')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "autoResolveTime": { "value": "[parameters('HybridVMPercentCPUAutoResolveTime')]" }, + "operator": { + "value": "[parameters('HybridVMPercentCPUOperator')]" + }, "autoResolve": { "value": "[parameters('HybridVMPercentCPUAutoResolve')]" } @@ -2265,20 +2265,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMPercentMemoryEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMPercentMemoryAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMPercentMemoryAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMPercentMemoryPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMPercentMemoryWindowSize')]" @@ -2289,30 +2295,24 @@ "severity": { "value": "[parameters('HybridVMPercentMemoryAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMPercentMemoryThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMPercentMemoryTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + "threshold": { + "value": "[parameters('HybridVMPercentMemoryThreshold')]" }, "failingPeriods": { "value": "[parameters('HybridVMPercentMemoryFailingPeriods')]" }, - "effect": { - "value": "[parameters('HybridVMPercentMemoryPolicyEffect')]" - }, - "operator": { - "value": "[parameters('HybridVMPercentMemoryOperator')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "autoResolveTime": { "value": "[parameters('HybridVMPercentMemoryAutoResolveTime')]" }, + "operator": { + "value": "[parameters('HybridVMPercentMemoryOperator')]" + }, "autoResolve": { "value": "[parameters('HybridVMPercentMemoryAutoResolve')]" } @@ -2325,20 +2325,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMDataDiskSpaceEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMDataDiskSpaceAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMDataDiskSpaceAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMDataDiskSpacePolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMDataDiskSpaceWindowSize')]" @@ -2349,23 +2355,23 @@ "severity": { "value": "[parameters('HybridVMDataDiskSpaceAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMDataDiskSpaceThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMDataDiskSpaceTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMDataDiskSpaceThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMDataDiskSpaceFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMDataDiskSpaceFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMDataDiskSpaceComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMDataDiskSpacePolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMDataDiskSpaceAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMDataDiskSpaceEvaluationPeriods')]" @@ -2373,12 +2379,6 @@ "operator": { "value": "[parameters('HybridVMDataDiskSpaceOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMDataDiskSpaceAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMDataDiskSpaceComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMDataDiskSpaceAutoResolve')]" } @@ -2391,20 +2391,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMDataDiskReadLatencyEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMDataDiskReadLatencyAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMDataDiskReadLatencyAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMDataDiskReadLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMDataDiskReadLatencyWindowSize')]" @@ -2415,23 +2421,23 @@ "severity": { "value": "[parameters('HybridVMDataDiskReadLatencyAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMDataDiskReadLatencyThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMDataDiskReadLatencyTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMDataDiskReadLatencyThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMDataDiskReadLatencyFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMDataDiskReadLatencyFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMDataDiskReadLatencyComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMDataDiskReadLatencyPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMDataDiskReadLatencyAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMDataDiskReadLatencyEvaluationPeriods')]" @@ -2439,12 +2445,6 @@ "operator": { "value": "[parameters('HybridVMDataDiskReadLatencyOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMDataDiskReadLatencyAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMDataDiskReadLatencyComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMDataDiskReadLatencyAutoResolve')]" } @@ -2457,20 +2457,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMDataDiskWriteLatencyEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMDataDiskWriteLatencyAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMDataDiskWriteLatencyAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMDataDiskWriteLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMDataDiskWriteLatencyWindowSize')]" @@ -2481,23 +2487,23 @@ "severity": { "value": "[parameters('HybridVMDataDiskWriteLatencyAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMDataDiskWriteLatencyThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMDataDiskWriteLatencyTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "threshold": { + "value": "[parameters('HybridVMDataDiskWriteLatencyThreshold')]" + }, + "failingPeriods": { + "value": "[parameters('HybridVMDataDiskWriteLatencyFailingPeriods')]" }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, - "failingPeriods": { - "value": "[parameters('HybridVMDataDiskWriteLatencyFailingPeriods')]" + "computersToInclude": { + "value": "[parameters('HybridVMDataDiskWriteLatencyComputersToInclude')]" }, - "effect": { - "value": "[parameters('HybridVMDataDiskWriteLatencyPolicyEffect')]" + "autoResolveTime": { + "value": "[parameters('HybridVMDataDiskWriteLatencyAutoResolveTime')]" }, "evaluationPeriods": { "value": "[parameters('HybridVMDataDiskWriteLatencyEvaluationPeriods')]" @@ -2505,12 +2511,6 @@ "operator": { "value": "[parameters('HybridVMDataDiskWriteLatencyOperator')]" }, - "autoResolveTime": { - "value": "[parameters('HybridVMDataDiskWriteLatencyAutoResolveTime')]" - }, - "computersToInclude": { - "value": "[parameters('HybridVMDataDiskWriteLatencyComputersToInclude')]" - }, "autoResolve": { "value": "[parameters('HybridVMDataDiskWriteLatencyAutoResolve')]" } @@ -2523,20 +2523,26 @@ "evaluationFrequency": { "value": "[parameters('HybridVMDisconnectedAlertEvaluationFrequency')]" }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "autoMitigate": { + "value": "[parameters('HybridVMDisconnectedAlertAutoMitigate')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "autoMitigate": { - "value": "[parameters('HybridVMDisconnectedAlertAutoMitigate')]" + "effect": { + "value": "[parameters('HybridVMDisconnectedAlertPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "windowSize": { "value": "[parameters('HybridVMDisconnectedAlertWindowSize')]" @@ -2547,23 +2553,17 @@ "severity": { "value": "[parameters('HybridVMDisconnectedAlertSeverity')]" }, - "threshold": { - "value": "[parameters('HybridVMDisconnectedAlertThreshold')]" - }, "timeAggregation": { "value": "[parameters('HybridVMDisconnectedAlertTimeAggregation')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + "threshold": { + "value": "[parameters('HybridVMDisconnectedAlertThreshold')]" }, "failingPeriods": { "value": "[parameters('HybridVMDisconnectedAlertFailingPeriods')]" }, - "effect": { - "value": "[parameters('HybridVMDisconnectedAlertPolicyEffect')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "evaluationPeriods": { "value": "[parameters('HybridVMDisconnectedAlertEvaluationPeriods')]" diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-identity.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-identity.jsonc index fe4fbdc..94ec1f6 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-identity.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-identity.jsonc @@ -6,98 +6,80 @@ "description": "Initiative to deploy AMBA alerts relevant to the ALZ Identity management group", "metadata": { "_deployed_by_amba": true, + "version": "1.1.0", "alzCloudEnvironments": [ "AzureCloud" ], - "version": "1.1.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorResourceGroupName": { + "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitor Resource Group Name", - "description": "Name of the resource group where the alerting resources will be deployed" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "defaultValue": "ALZ-Monitoring-RG", - "type": "String" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" }, - "ALZMonitorResourceGroupTags": { + "ALZMonitorDisableTagName": { "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the alerting resources will be deployed" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "defaultValue": { - "_deployed_by_alz_monitor": true - }, - "type": "Object" + "defaultValue": "MonitorDisable", + "type": "String" }, "ALZMonitorResourceGroupLocation": { "metadata": { - "displayName": "ALZ Monitor Resource Group Location", - "description": "Location of the resource group where the alerting resources will be deployed" + "description": "Location of the resource group where the alerting resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" }, "defaultValue": "centralus", "type": "String" }, - "ALZMonitorDisableTagName": { + "ALZMonitorResourceGroupName": { "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Name of the resource group where the alerting resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" }, - "defaultValue": "MonitorDisable", + "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, - "ALZMonitorDisableTagValues": { + "ALZMonitorResourceGroupTags": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tags for the resource group where the alerting resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, - "KVRequestAlertSeverity": { - "metadata": { - "displayName": "KeyVault Request Alert Severity", - "description": "Severity of the alert" + "defaultValue": { + "_deployed_by_alz_monitor": true }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", - "type": "String" + "type": "Object" }, - "KVRequestWindowSize": { + "HSMsLatencyAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "KeyVault Request Alert Window Size", - "description": "Window size for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "KVRequestEvaluationFrequency": { + "KvLatencyAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "KeyVault Request Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "KeyVault Latency Alert Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -109,30 +91,10 @@ "defaultValue": "PT5M", "type": "string" }, - "KVRequestPolicyEffect": { - "metadata": { - "displayName": "KeyVault Request Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, - "KVRequestAlertState": { - "metadata": { - "displayName": "KeyVault Request Alert State", - "description": "State of the alert, true will enable the alert, false will disable the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KvAvailabilityAlertSeverity": { + "HSMsLatencyAvailabilityAlertSeverity": { "metadata": { - "displayName": "KeyVault Availability Alert Severity", - "description": "Severity of the alert" + "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability", + "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity" }, "allowedValues": [ "0", @@ -141,31 +103,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "KvAvailabilityWindowSize": { - "metadata": { - "displayName": "KeyVault Availability Alert Window Size", - "description": "Window size for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT1M", - "type": "string" - }, - "KvAvailabilityEvaluationFrequency": { + "HSMsAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "KeyVault Availability Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -177,10 +121,10 @@ "defaultValue": "PT1M", "type": "string" }, - "KvAvailabilityPolicyEffect": { + "HSMsLatencyAvailabilityPolicyEffect": { "metadata": { - "displayName": "KeyVault Availability Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -189,26 +133,10 @@ "defaultValue": "disabled", "type": "string" }, - "KvAvailabilityAlertState": { - "metadata": { - "displayName": "KeyVault Availability Alert State", - "description": "State of the alert, true will enable the alert, false will disable the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KVAvailabilityThreshold": { - "metadata": { - "displayName": "KeyVault Availability Alert Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "20", - "type": "string" - }, "KvLatencyAvailabilityAlertSeverity": { "metadata": { - "displayName": "KeyVault Latency Alert Severity", - "description": "Severity of the alert" + "description": "Severity of the alert", + "displayName": "KeyVault Latency Alert Severity" }, "allowedValues": [ "0", @@ -220,10 +148,10 @@ "defaultValue": "3", "type": "String" }, - "KvLatencyAvailabilityWindowSize": { + "HSMsLatencyAvailabilityWindowSize": { "metadata": { - "displayName": "KeyVault Latency Alert Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Window Size" }, "allowedValues": [ "PT1M", @@ -238,25 +166,18 @@ "defaultValue": "PT5M", "type": "string" }, - "KvLatencyAvailabilityEvaluationFrequency": { + "HSMsLatencyAvailabilityAlertState": { "metadata": { - "displayName": "KeyVault Latency Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Alert state for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Alert State" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "string" }, "KvLatencyAvailabilityPolicyEffect": { "metadata": { - "displayName": "KeyVault Latency Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "KeyVault Latency Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -265,41 +186,41 @@ "defaultValue": "disabled", "type": "string" }, - "KvLatencyAvailabilityAlertState": { + "KvAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "KeyVault Latency Alert State", - "description": "State of the alert, true will enable the alert, false will disable the alert" + "description": "Evaluation frequency for the alert", + "displayName": "KeyVault Availability Alert Evaluation Frequency" }, - "defaultValue": "true", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", "type": "string" }, - "KvLatencyAvailabilityThreshold": { + "HSMsLatencyAvailabilityThreshold": { "metadata": { - "displayName": "KeyVault Latency Alert Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Threshold" }, "defaultValue": "1000", "type": "string" }, - "KVCapacityAlertSeverity": { + "KvLatencyAvailabilityAlertState": { "metadata": { - "displayName": "KeyVault Capacity Alert Severity", - "description": "Severity of the alert" + "description": "State of the alert, true will enable the alert, false will disable the alert", + "displayName": "KeyVault Latency Alert State" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "1", - "type": "String" + "defaultValue": "true", + "type": "string" }, - "KVCapacityWindowSize": { + "KvLatencyAvailabilityWindowSize": { "metadata": { - "displayName": "KeyVault Capacity Alert Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "KeyVault Latency Alert Window Size" }, "allowedValues": [ "PT1M", @@ -314,10 +235,30 @@ "defaultValue": "PT5M", "type": "string" }, + "KvLatencyAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "KeyVault Latency Alert Threshold" + }, + "defaultValue": "1000", + "type": "string" + }, + "activityHSMsDeletePolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Delete Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "string" + }, "KVCapacityEvaluationFrequency": { "metadata": { - "displayName": "KeyVault Capacity Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "KeyVault Capacity Alert Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -329,46 +270,60 @@ "defaultValue": "PT1M", "type": "string" }, - "KVCapacityPolicyEffect": { + "HSMsAvailabilityAlertSeverity": { "metadata": { - "displayName": "KeyVault Capacity Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "description": "Severity of the alert for Key Vault Managed HSMs Availability", + "displayName": "Key Vault Managed HSMs Availability Alert Severity" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "disabled", - "type": "string" + "defaultValue": "1", + "type": "String" }, - "KVCapacityAlertState": { + "activityHSMsDeleteAlertState": { "metadata": { - "displayName": "KeyVault Capacity Alert State", - "description": "State of the alert, true will enable the alert, false will disable the alert" + "description": "Alert state for the alert", + "displayName": "Activity Key Vault Managed HSMs Delete Alert State" }, "defaultValue": "true", "type": "string" }, - "KVCapacityThreshold": { + "HSMsAvailabilityPolicyEffect": { "metadata": { - "displayName": "KeyVault Capacity Alert Threshold", - "description": "Threshold for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Availability Policy Effect" }, - "defaultValue": "75", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", "type": "string" }, - "activityKVDeleteAlertState": { + "KVRequestEvaluationFrequency": { "metadata": { - "displayName": "Activity Log KeyVault Delete Alert State", - "description": "State of the alert, true will enable the alert, false will disable the alert" + "description": "Evaluation frequency for the alert", + "displayName": "KeyVault Request Alert Evaluation Frequency" }, - "defaultValue": "true", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", "type": "string" }, "activityKVDeletePolicyEffect": { "metadata": { - "displayName": "Key Vault Delete Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Delete Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -377,10 +332,10 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HSMsAvailabilityAlertSeverity": { + "KvAvailabilityAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Alert Severity", - "description": "Severity of the alert for Key Vault Managed HSMs Availability" + "description": "Severity of the alert", + "displayName": "KeyVault Availability Alert Severity" }, "allowedValues": [ "0", @@ -392,10 +347,30 @@ "defaultValue": "1", "type": "String" }, + "KvAvailabilityPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "KeyVault Availability Alert Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, + "HSMsAvailabilityAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Key Vault Managed HSMs Availability Alert State" + }, + "defaultValue": "true", + "type": "string" + }, "HSMsAvailabilityWindowSize": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Managed HSMs Availability Window Size" }, "allowedValues": [ "PT1M", @@ -410,53 +385,60 @@ "defaultValue": "PT1M", "type": "string" }, - "HSMsAvailabilityEvaluationFrequency": { + "activityKVDeleteAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "State of the alert, true will enable the alert, false will disable the alert", + "displayName": "Activity Log KeyVault Delete Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "HSMsAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Key Vault Managed HSMs Availability Threshold" + }, + "defaultValue": "20", + "type": "string" + }, + "KvAvailabilityWindowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "KeyVault Availability Alert Window Size" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], "defaultValue": "PT1M", "type": "string" }, - "HSMsAvailabilityPolicyEffect": { - "metadata": { - "displayName": "Key Vault Managed HSMs Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, - "HSMsAvailabilityAlertState": { + "KvAvailabilityAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Alert State", - "description": "Alert state for the alert" + "description": "State of the alert, true will enable the alert, false will disable the alert", + "displayName": "KeyVault Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "HSMsAvailabilityThreshold": { + "KVAvailabilityThreshold": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "KeyVault Availability Alert Threshold" }, "defaultValue": "20", "type": "string" }, - "HSMsLatencyAvailabilityAlertSeverity": { + "KVCapacityAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity", - "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability" + "description": "Severity of the alert", + "displayName": "KeyVault Capacity Alert Severity" }, "allowedValues": [ "0", @@ -465,46 +447,40 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "HSMsLatencyAvailabilityWindowSize": { + "KVRequestAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Window Size", - "description": "Window size for the alert" + "description": "Severity of the alert", + "displayName": "KeyVault Request Alert Severity" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT5M", - "type": "string" + "defaultValue": "2", + "type": "String" }, - "HSMsLatencyAvailabilityEvaluationFrequency": { + "KVCapacityPolicyEffect": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "KeyVault Capacity Alert Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "disabled", "type": "string" }, - "HSMsLatencyAvailabilityPolicyEffect": { + "KVRequestPolicyEffect": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "KeyVault Request Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -513,40 +489,64 @@ "defaultValue": "disabled", "type": "string" }, - "HSMsLatencyAvailabilityAlertState": { + "KVCapacityAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Alert State", - "description": "Alert state for the alert" + "description": "State of the alert, true will enable the alert, false will disable the alert", + "displayName": "KeyVault Capacity Alert State" }, "defaultValue": "true", "type": "string" }, - "HSMsLatencyAvailabilityThreshold": { + "KVCapacityWindowSize": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Threshold", - "description": "Threshold for the alert" + "description": "Window size for the alert", + "displayName": "KeyVault Capacity Alert Window Size" }, - "defaultValue": "1000", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "activityHSMsDeleteAlertState": { + "KVRequestWindowSize": { "metadata": { - "displayName": "Activity Key Vault Managed HSMs Delete Alert State", - "description": "Alert state for the alert" + "description": "Window size for the alert", + "displayName": "KeyVault Request Alert Window Size" }, - "defaultValue": "true", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "activityHSMsDeletePolicyEffect": { + "KVCapacityThreshold": { "metadata": { - "displayName": "Key Vault Managed HSMs Delete Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Threshold for the alert", + "displayName": "KeyVault Capacity Alert Threshold" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "75", + "type": "string" + }, + "KVRequestAlertState": { + "metadata": { + "description": "State of the alert, true will enable the alert, false will disable the alert", + "displayName": "KeyVault Request Alert State" + }, + "defaultValue": "true", "type": "string" } }, @@ -555,8 +555,8 @@ "policyDefinitionReferenceId": "ALZ_KVRequest", "policyDefinitionName": "Deploy_KeyVault_Requests_Alert", "parameters": { - "effect": { - "value": "[parameters('KVRequestPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('KVRequestEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -564,15 +564,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('KVRequestEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('KVRequestAlertState')]" + "effect": { + "value": "[parameters('KVRequestPolicyEffect')]" }, "windowSize": { "value": "[parameters('KVRequestWindowSize')]" }, + "enabled": { + "value": "[parameters('KVRequestAlertState')]" + }, "severity": { "value": "[parameters('KVRequestAlertSeverity')]" } @@ -582,8 +582,8 @@ "policyDefinitionReferenceId": "ALZ_KvAvailability", "policyDefinitionName": "Deploy_KeyVault_Availability_Alert", "parameters": { - "effect": { - "value": "[parameters('KvAvailabilityPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('KvAvailabilityEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -591,20 +591,20 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('KvAvailabilityEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('KvAvailabilityAlertState')]" + "effect": { + "value": "[parameters('KvAvailabilityPolicyEffect')]" }, "windowSize": { "value": "[parameters('KvAvailabilityWindowSize')]" }, - "threshold": { - "value": "[parameters('KVAvailabilityThreshold')]" + "enabled": { + "value": "[parameters('KvAvailabilityAlertState')]" }, "severity": { "value": "[parameters('KvAvailabilityAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('KVAvailabilityThreshold')]" } } }, @@ -612,8 +612,8 @@ "policyDefinitionReferenceId": "ALZ_KvLatencyAvailability", "policyDefinitionName": "Deploy_KeyVault_Latency_Alert", "parameters": { - "effect": { - "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('KvLatencyAvailabilityEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -621,20 +621,20 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('KvLatencyAvailabilityEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('KvLatencyAvailabilityAlertState')]" + "effect": { + "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" }, "windowSize": { "value": "[parameters('KvLatencyAvailabilityWindowSize')]" }, - "threshold": { - "value": "[parameters('KvLatencyAvailabilityThreshold')]" + "enabled": { + "value": "[parameters('KvLatencyAvailabilityAlertState')]" }, "severity": { "value": "[parameters('KvLatencyAvailabilityAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('KvLatencyAvailabilityThreshold')]" } } }, @@ -642,8 +642,8 @@ "policyDefinitionReferenceId": "ALZ_KVCapacity", "policyDefinitionName": "Deploy_KeyVault_Capacity_Alert", "parameters": { - "effect": { - "value": "[parameters('KVCapacityPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('KVCapacityEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -651,20 +651,20 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('KVCapacityEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('KVCapacityAlertState')]" + "effect": { + "value": "[parameters('KVCapacityPolicyEffect')]" }, "windowSize": { "value": "[parameters('KVCapacityWindowSize')]" }, - "threshold": { - "value": "[parameters('KVCapacityThreshold')]" + "enabled": { + "value": "[parameters('KVCapacityAlertState')]" }, "severity": { "value": "[parameters('KVCapacityAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('KVCapacityThreshold')]" } } }, @@ -672,26 +672,26 @@ "policyDefinitionReferenceId": "ALZ_activityKVDelete", "policyDefinitionName": "Deploy_activitylog_KeyVault_Delete", "parameters": { - "effect": { - "value": "[parameters('activityKVDeletePolicyEffect')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "effect": { + "value": "[parameters('activityKVDeletePolicyEffect')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "MonitorDisableTagName": { - "value": "[parameters('ALZMonitorDisableTagName')]" + "enabled": { + "value": "[parameters('activityKVDeleteAlertState')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "enabled": { - "value": "[parameters('activityKVDeleteAlertState')]" } } }, @@ -699,8 +699,8 @@ "policyDefinitionReferenceId": "ALZ_ManagedHSMsAvailability", "policyDefinitionName": "Deploy_ManagedHSMs_Availability_Alert", "parameters": { - "effect": { - "value": "[parameters('HSMsAvailabilityPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('HSMsAvailabilityEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -708,20 +708,20 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('HSMsAvailabilityEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('HSMsAvailabilityAlertState')]" + "effect": { + "value": "[parameters('HSMsAvailabilityPolicyEffect')]" }, "windowSize": { "value": "[parameters('HSMsAvailabilityWindowSize')]" }, - "threshold": { - "value": "[parameters('HSMsAvailabilityThreshold')]" + "enabled": { + "value": "[parameters('HSMsAvailabilityAlertState')]" }, "severity": { "value": "[parameters('HSMsAvailabilityAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('HSMsAvailabilityThreshold')]" } } }, @@ -729,8 +729,8 @@ "policyDefinitionReferenceId": "ALZ_ManagedHSMsLatencyAvailability", "policyDefinitionName": "Deploy_ManagedHSMs_Latency_Alert", "parameters": { - "effect": { - "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('HSMsLatencyAvailabilityEvaluationFrequency')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -738,20 +738,20 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "evaluationFrequency": { - "value": "[parameters('HSMsLatencyAvailabilityEvaluationFrequency')]" - }, - "enabled": { - "value": "[parameters('HSMsLatencyAvailabilityAlertState')]" + "effect": { + "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]" }, "windowSize": { "value": "[parameters('HSMsLatencyAvailabilityWindowSize')]" }, - "threshold": { - "value": "[parameters('HSMsLatencyAvailabilityThreshold')]" + "enabled": { + "value": "[parameters('HSMsLatencyAvailabilityAlertState')]" }, "severity": { "value": "[parameters('HSMsLatencyAvailabilityAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('HSMsLatencyAvailabilityThreshold')]" } } }, @@ -759,26 +759,26 @@ "policyDefinitionReferenceId": "ALZ_activityManagedHSMsDelete", "policyDefinitionName": "Deploy_ActivityLog_ManagedHSMs_Delete", "parameters": { - "effect": { - "value": "[parameters('activityHSMsDeletePolicyEffect')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" + }, + "effect": { + "value": "[parameters('activityHSMsDeletePolicyEffect')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, - "MonitorDisableTagName": { - "value": "[parameters('ALZMonitorDisableTagName')]" + "enabled": { + "value": "[parameters('activityHSMsDeleteAlertState')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "enabled": { - "value": "[parameters('activityHSMsDeleteAlertState')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-keymanagement.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-keymanagement.jsonc index 078e08a..79362e6 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-keymanagement.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-keymanagement.jsonc @@ -7,43 +7,17 @@ "metadata": { "_deployed_by_amba": true, "version": "1.0.0", - "category": "Monitoring", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorResourceGroupLocation": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Location", - "description": "Location of the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": "centralus", - "type": "String" - }, - "ALZMonitorResourceGroupTags": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": { - "_deployed_by_amba": true - }, - "type": "Object" - }, - "ALZMonitorResourceGroupName": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Name", - "description": "Name of the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": "ALZ-Monitoring-RG", - "type": "String" - }, "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, "defaultValue": [ "true", @@ -55,49 +29,57 @@ }, "ALZMonitorDisableTagName": { "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, "defaultValue": "MonitorDisable", "type": "String" }, - "KVRequestAlertSeverity": { + "ALZMonitorResourceGroupLocation": { "metadata": { - "displayName": "Key Vault Request Alert Severity", - "description": "Severity of the alert for Key Vault Request" + "description": "Location of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "centralus", "type": "String" }, - "KVRequestWindowSize": { + "ALZMonitorResourceGroupName": { "metadata": { - "displayName": "Key Vault Request Window Size", - "description": "Window size for the alert" + "description": "Name of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" + }, + "defaultValue": "ALZ-Monitoring-RG", + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" + }, + "defaultValue": { + "_deployed_by_amba": true + }, + "type": "Object" + }, + "HSMsLatencyAvailabilityEvaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "KVRequestEvaluationFrequency": { + "KvLatencyAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Request Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Latency Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -109,30 +91,10 @@ "defaultValue": "PT5M", "type": "string" }, - "KVRequestPolicyEffect": { - "metadata": { - "displayName": "Key Vault Request Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, - "KVRequestAlertState": { - "metadata": { - "displayName": "Key Vault Request Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KvAvailabilityAlertSeverity": { + "HSMsLatencyAvailabilityAlertSeverity": { "metadata": { - "displayName": "Key Vault Availability Alert Severity", - "description": "Severity of the alert for Key Vault Availability" + "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability", + "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity" }, "allowedValues": [ "0", @@ -141,31 +103,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "KvAvailabilityWindowSize": { - "metadata": { - "displayName": "Key Vault Availability Window Size", - "description": "Window size for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT1M", - "type": "string" - }, - "KvAvailabilityEvaluationFrequency": { + "HSMsAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -177,10 +121,10 @@ "defaultValue": "PT1M", "type": "string" }, - "KvAvailabilityPolicyEffect": { + "HSMsLatencyAvailabilityPolicyEffect": { "metadata": { - "displayName": "Key Vault Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -189,26 +133,10 @@ "defaultValue": "disabled", "type": "string" }, - "KvAvailabilityAlertState": { - "metadata": { - "displayName": "Key Vault Availability Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KVAvailabilityThreshold": { - "metadata": { - "displayName": "Key Vault Availability Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "20", - "type": "string" - }, "KvLatencyAvailabilityAlertSeverity": { "metadata": { - "displayName": "Key Vault Latency Availability Alert Severity", - "description": "Severity of the alert for Key Vault Latency Availability" + "description": "Severity of the alert for Key Vault Latency Availability", + "displayName": "Key Vault Latency Availability Alert Severity" }, "allowedValues": [ "0", @@ -220,10 +148,10 @@ "defaultValue": "3", "type": "String" }, - "KvLatencyAvailabilityWindowSize": { + "HSMsLatencyAvailabilityWindowSize": { "metadata": { - "displayName": "Key Vault Latency Availability Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Window Size" }, "allowedValues": [ "PT1M", @@ -238,10 +166,30 @@ "defaultValue": "PT5M", "type": "string" }, - "KvLatencyAvailabilityEvaluationFrequency": { + "HSMsLatencyAvailabilityAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "KvLatencyAvailabilityPolicyEffect": { "metadata": { - "displayName": "Key Vault Latency Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Latency Availability Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, + "KvAvailabilityEvaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -250,44 +198,29 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", - "type": "string" - }, - "KvLatencyAvailabilityAlertState": { - "metadata": { - "displayName": "Key Vault Latency Availability Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", + "defaultValue": "PT1M", "type": "string" }, - "KvLatencyAvailabilityThreshold": { + "HSMsLatencyAvailabilityThreshold": { "metadata": { - "displayName": "Key Vault Latency Availability Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Key Vault Managed HSMs Latency Availability Threshold" }, "defaultValue": "1000", "type": "string" }, - "KVCapacityAlertSeverity": { + "KvLatencyAvailabilityAlertState": { "metadata": { - "displayName": "Key Vault Capacity Alert Severity", - "description": "Severity of the alert for Key Vault Capacity" + "description": "Alert state for the alert", + "displayName": "Key Vault Latency Availability Alert State" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "1", - "type": "String" + "defaultValue": "true", + "type": "string" }, - "KVCapacityWindowSize": { + "KvLatencyAvailabilityWindowSize": { "metadata": { - "displayName": "Key Vault Capacity Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Latency Availability Window Size" }, "allowedValues": [ "PT1M", @@ -302,10 +235,30 @@ "defaultValue": "PT5M", "type": "string" }, + "KvLatencyAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Key Vault Latency Availability Threshold" + }, + "defaultValue": "1000", + "type": "string" + }, + "activityHSMsDeletePolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Delete Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "string" + }, "KVCapacityEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Capacity Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Capacity Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -317,46 +270,60 @@ "defaultValue": "PT1M", "type": "string" }, - "KVCapacityPolicyEffect": { + "HSMsAvailabilityAlertSeverity": { "metadata": { - "displayName": "Key Vault Capacity Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Severity of the alert for Key Vault Managed HSMs Availability", + "displayName": "Key Vault Managed HSMs Availability Alert Severity" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "disabled", - "type": "string" + "defaultValue": "1", + "type": "String" }, - "KVCapacityAlertState": { + "activityHSMsDeleteAlertState": { "metadata": { - "displayName": "Key Vault Capacity Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Activity Key Vault Managed HSMs Delete Alert State" }, "defaultValue": "true", "type": "string" }, - "KVCapacityThreshold": { + "HSMsAvailabilityPolicyEffect": { "metadata": { - "displayName": "Key Vault Capacity Threshold", - "description": "Threshold for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Managed HSMs Availability Policy Effect" }, - "defaultValue": "75", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", "type": "string" }, - "activityKVDeleteAlertState": { + "KVRequestEvaluationFrequency": { "metadata": { - "displayName": "Activity Key Vault Delete Alert State", - "description": "Alert state for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Key Vault Request Evaluation Frequency" }, - "defaultValue": "true", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT5M", "type": "string" }, "activityKVDeletePolicyEffect": { "metadata": { - "displayName": "Key Vault Delete Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Delete Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -365,10 +332,10 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "HSMsAvailabilityAlertSeverity": { + "KvAvailabilityAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Alert Severity", - "description": "Severity of the alert for Key Vault Managed HSMs Availability" + "description": "Severity of the alert for Key Vault Availability", + "displayName": "Key Vault Availability Alert Severity" }, "allowedValues": [ "0", @@ -380,10 +347,30 @@ "defaultValue": "1", "type": "String" }, + "KvAvailabilityPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Availability Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, + "HSMsAvailabilityAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "Key Vault Managed HSMs Availability Alert State" + }, + "defaultValue": "true", + "type": "string" + }, "HSMsAvailabilityWindowSize": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Managed HSMs Availability Window Size" }, "allowedValues": [ "PT1M", @@ -398,53 +385,60 @@ "defaultValue": "PT1M", "type": "string" }, - "HSMsAvailabilityEvaluationFrequency": { + "activityKVDeleteAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Alert state for the alert", + "displayName": "Activity Key Vault Delete Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "HSMsAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "Key Vault Managed HSMs Availability Threshold" + }, + "defaultValue": "20", + "type": "string" + }, + "KvAvailabilityWindowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "Key Vault Availability Window Size" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], "defaultValue": "PT1M", "type": "string" }, - "HSMsAvailabilityPolicyEffect": { - "metadata": { - "displayName": "Key Vault Managed HSMs Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, - "HSMsAvailabilityAlertState": { + "KvAvailabilityAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Key Vault Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "HSMsAvailabilityThreshold": { + "KVAvailabilityThreshold": { "metadata": { - "displayName": "Key Vault Managed HSMs Availability Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Key Vault Availability Threshold" }, "defaultValue": "20", "type": "string" }, - "HSMsLatencyAvailabilityAlertSeverity": { + "KVCapacityAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Alert Severity", - "description": "Severity of the alert for Key Vault Managed HSMs Latency Availability" + "description": "Severity of the alert for Key Vault Capacity", + "displayName": "Key Vault Capacity Alert Severity" }, "allowedValues": [ "0", @@ -453,46 +447,40 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "1", "type": "String" }, - "HSMsLatencyAvailabilityWindowSize": { + "KVRequestAlertSeverity": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Window Size", - "description": "Window size for the alert" + "description": "Severity of the alert for Key Vault Request", + "displayName": "Key Vault Request Alert Severity" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT5M", - "type": "string" + "defaultValue": "2", + "type": "String" }, - "HSMsLatencyAvailabilityEvaluationFrequency": { + "KVCapacityPolicyEffect": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Capacity Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "disabled", "type": "string" }, - "HSMsLatencyAvailabilityPolicyEffect": { + "KVRequestPolicyEffect": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Key Vault Request Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -501,52 +489,64 @@ "defaultValue": "disabled", "type": "string" }, - "HSMsLatencyAvailabilityAlertState": { + "KVCapacityAlertState": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Key Vault Capacity Alert State" }, "defaultValue": "true", "type": "string" }, - "HSMsLatencyAvailabilityThreshold": { + "KVCapacityWindowSize": { "metadata": { - "displayName": "Key Vault Managed HSMs Latency Availability Threshold", - "description": "Threshold for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Capacity Window Size" }, - "defaultValue": "1000", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "activityHSMsDeleteAlertState": { + "KVRequestWindowSize": { "metadata": { - "displayName": "Activity Key Vault Managed HSMs Delete Alert State", - "description": "Alert state for the alert" + "description": "Window size for the alert", + "displayName": "Key Vault Request Window Size" }, - "defaultValue": "true", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "activityHSMsDeletePolicyEffect": { + "KVCapacityThreshold": { "metadata": { - "displayName": "Key Vault Managed HSMs Delete Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Threshold for the alert", + "displayName": "Key Vault Capacity Threshold" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "75", "type": "string" }, - "KvLatencyAvailabilityPolicyEffect": { + "KVRequestAlertState": { "metadata": { - "displayName": "Key Vault Latency Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Alert state for the alert", + "displayName": "Key Vault Request Alert State" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "true", "type": "string" } }, @@ -564,6 +564,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('KVRequestPolicyEffect')]" + }, "windowSize": { "value": "[parameters('KVRequestWindowSize')]" }, @@ -572,9 +575,6 @@ }, "severity": { "value": "[parameters('KVRequestAlertSeverity')]" - }, - "effect": { - "value": "[parameters('KVRequestPolicyEffect')]" } } }, @@ -591,6 +591,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('KvAvailabilityPolicyEffect')]" + }, "windowSize": { "value": "[parameters('KvAvailabilityWindowSize')]" }, @@ -602,9 +605,6 @@ }, "threshold": { "value": "[parameters('KVAvailabilityThreshold')]" - }, - "effect": { - "value": "[parameters('KvAvailabilityPolicyEffect')]" } } }, @@ -621,6 +621,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" + }, "windowSize": { "value": "[parameters('KvLatencyAvailabilityWindowSize')]" }, @@ -632,9 +635,6 @@ }, "threshold": { "value": "[parameters('KvLatencyAvailabilityThreshold')]" - }, - "effect": { - "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" } } }, @@ -651,6 +651,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('KVCapacityPolicyEffect')]" + }, "windowSize": { "value": "[parameters('KVCapacityWindowSize')]" }, @@ -662,9 +665,6 @@ }, "threshold": { "value": "[parameters('KVCapacityThreshold')]" - }, - "effect": { - "value": "[parameters('KVCapacityPolicyEffect')]" } } }, @@ -675,23 +675,23 @@ "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "effect": { + "value": "[parameters('activityKVDeletePolicyEffect')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "enabled": { "value": "[parameters('activityKVDeleteAlertState')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "effect": { - "value": "[parameters('activityKVDeletePolicyEffect')]" } } }, @@ -708,6 +708,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('HSMsAvailabilityPolicyEffect')]" + }, "windowSize": { "value": "[parameters('HSMsAvailabilityWindowSize')]" }, @@ -719,9 +722,6 @@ }, "threshold": { "value": "[parameters('HSMsAvailabilityThreshold')]" - }, - "effect": { - "value": "[parameters('HSMsAvailabilityPolicyEffect')]" } } }, @@ -738,6 +738,9 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]" + }, "windowSize": { "value": "[parameters('HSMsLatencyAvailabilityWindowSize')]" }, @@ -749,9 +752,6 @@ }, "threshold": { "value": "[parameters('HSMsLatencyAvailabilityThreshold')]" - }, - "effect": { - "value": "[parameters('HSMsLatencyAvailabilityPolicyEffect')]" } } }, @@ -762,23 +762,23 @@ "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "effect": { + "value": "[parameters('activityHSMsDeletePolicyEffect')]" + }, + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "enabled": { "value": "[parameters('activityHSMsDeleteAlertState')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "effect": { - "value": "[parameters('activityHSMsDeletePolicyEffect')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-landingzone.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-landingzone.jsonc index 9702edd..2b3bae6 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-landingzone.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-landingzone.jsonc @@ -6,9 +6,9 @@ "description": "Initiative to deploy AMBA alerts relevant to the ALZ LandingZone management group", "metadata": { "_deployed_by_amba": true, - "category": "Monitoring", "version": "1.1.0-deprecated", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Monitoring", "deprecated": true, "supersededBy": "Alerting-KeyManagement, Alerting-LoadBalancing, Alerting-NetworkChanges, Alerting-RecoveryServices, Alerting-Storage, Alerting-VM, Alerting-Web", "alzCloudEnvironments": [ @@ -24,6 +24,16 @@ "defaultValue": "centralus", "type": "String" }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "displayName": "ALZ Monitor Resource Group Tags", + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" + }, + "defaultValue": { + "_deployed_by_alz_monitor": true + }, + "type": "Object" + }, "ALZMonitorResourceGroupName": { "metadata": { "displayName": "ALZ Monitor Resource Group Name", @@ -32,25 +42,10 @@ "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, - "KvLatencyAvailabilityEvaluationFrequency": { - "metadata": { - "displayName": "Key Vault Latency Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", - "type": "string" - }, - "KvLatencyAvailabilityAlertSeverity": { + "KVRequestAlertSeverity": { "metadata": { - "displayName": "Key Vault Latency Availability Alert Severity", - "description": "Severity of the alert for Key Vault Latency Availability" + "displayName": "Key Vault Request Alert Severity", + "description": "Severity of the alert for Key Vault Request" }, "allowedValues": [ "0", @@ -59,47 +54,12 @@ "3", "4" ], - "defaultValue": "3", + "defaultValue": "2", "type": "String" }, - "KvLatencyAvailabilityPolicyEffect": { - "metadata": { - "displayName": "Key Vault Latency Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, - "KvAvailabilityEvaluationFrequency": { - "metadata": { - "displayName": "Key Vault Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT1M", - "type": "string" - }, - "KvLatencyAvailabilityAlertState": { - "metadata": { - "displayName": "Key Vault Latency Availability Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KvLatencyAvailabilityWindowSize": { + "KVRequestWindowSize": { "metadata": { - "displayName": "Key Vault Latency Availability Window Size", + "displayName": "Key Vault Request Window Size", "description": "Window size for the alert" }, "allowedValues": [ @@ -115,17 +75,9 @@ "defaultValue": "PT5M", "type": "string" }, - "KvLatencyAvailabilityThreshold": { - "metadata": { - "displayName": "Key Vault Latency Availability Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "1000", - "type": "string" - }, - "KVCapacityEvaluationFrequency": { + "KVRequestEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Capacity Evaluation Frequency", + "displayName": "Key Vault Request Evaluation Frequency", "description": "Evaluation frequency for the alert" }, "allowedValues": [ @@ -135,33 +87,28 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "KVRequestEvaluationFrequency": { + "KVRequestPolicyEffect": { "metadata": { - "displayName": "Key Vault Request Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "Key Vault Request Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "disabled", "type": "string" }, - "ALZMonitorResourceGroupTags": { + "KVRequestAlertState": { "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": { - "_deployed_by_alz_monitor": true + "displayName": "Key Vault Request Alert State", + "description": "Alert state for the alert" }, - "type": "Object" + "defaultValue": "true", + "type": "string" }, "KvAvailabilityAlertSeverity": { "metadata": { @@ -178,26 +125,6 @@ "defaultValue": "1", "type": "String" }, - "activityKVDeleteAlertState": { - "metadata": { - "displayName": "Activity Key Vault Delete Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "KvAvailabilityPolicyEffect": { - "metadata": { - "displayName": "Key Vault Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", - "type": "string" - }, "KvAvailabilityWindowSize": { "metadata": { "displayName": "Key Vault Availability Window Size", @@ -216,6 +143,33 @@ "defaultValue": "PT1M", "type": "string" }, + "KvAvailabilityEvaluationFrequency": { + "metadata": { + "displayName": "Key Vault Availability Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "string" + }, + "KvAvailabilityPolicyEffect": { + "metadata": { + "displayName": "Key Vault Availability Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, "KvAvailabilityAlertState": { "metadata": { "displayName": "Key Vault Availability Alert State", @@ -224,10 +178,18 @@ "defaultValue": "true", "type": "string" }, - "KVCapacityAlertSeverity": { + "KVAvailabilityThreshold": { "metadata": { - "displayName": "Key Vault Capacity Alert Severity", - "description": "Severity of the alert for Key Vault Capacity" + "displayName": "Key Vault Availability Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "20", + "type": "string" + }, + "KvLatencyAvailabilityAlertSeverity": { + "metadata": { + "displayName": "Key Vault Latency Availability Alert Severity", + "description": "Severity of the alert for Key Vault Latency Availability" }, "allowedValues": [ "0", @@ -236,47 +198,45 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "3", "type": "String" }, - "KVAvailabilityThreshold": { - "metadata": { - "displayName": "Key Vault Availability Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "20", - "type": "string" - }, - "KVCapacityPolicyEffect": { + "KvLatencyAvailabilityWindowSize": { "metadata": { - "displayName": "Key Vault Capacity Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "displayName": "Key Vault Latency Availability Window Size", + "description": "Window size for the alert" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "disabled", + "defaultValue": "PT5M", "type": "string" }, - "KVRequestAlertSeverity": { + "KvLatencyAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Request Alert Severity", - "description": "Severity of the alert for Key Vault Request" + "displayName": "Key Vault Latency Availability Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "2", - "type": "String" + "defaultValue": "PT5M", + "type": "string" }, - "KVRequestPolicyEffect": { + "KvLatencyAvailabilityPolicyEffect": { "metadata": { - "displayName": "Key Vault Request Policy Effect", + "displayName": "Key Vault Latency Availability Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ @@ -286,14 +246,37 @@ "defaultValue": "disabled", "type": "string" }, - "KVCapacityAlertState": { + "KvLatencyAvailabilityAlertState": { "metadata": { - "displayName": "Key Vault Capacity Alert State", + "displayName": "Key Vault Latency Availability Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, + "KvLatencyAvailabilityThreshold": { + "metadata": { + "displayName": "Key Vault Latency Availability Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "1000", + "type": "string" + }, + "KVCapacityAlertSeverity": { + "metadata": { + "displayName": "Key Vault Capacity Alert Severity", + "description": "Severity of the alert for Key Vault Capacity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, "KVCapacityWindowSize": { "metadata": { "displayName": "Key Vault Capacity Window Size", @@ -312,27 +295,36 @@ "defaultValue": "PT5M", "type": "string" }, - "KVRequestWindowSize": { + "KVCapacityEvaluationFrequency": { "metadata": { - "displayName": "Key Vault Request Window Size", - "description": "Window size for the alert" + "displayName": "Key Vault Capacity Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "KVRequestAlertState": { + "KVCapacityPolicyEffect": { "metadata": { - "displayName": "Key Vault Request Alert State", + "displayName": "Key Vault Capacity Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, + "KVCapacityAlertState": { + "metadata": { + "displayName": "Key Vault Capacity Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", @@ -346,31 +338,18 @@ "defaultValue": "75", "type": "string" }, - "PIPBytesInDDoSThreshold": { - "metadata": { - "displayName": "PIP Bytes In DDoS Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "8000000", - "type": "string" - }, - "RVBackupHealthMonitorPolicyEffect": { + "activityKVDeleteAlertState": { "metadata": { - "displayName": "Recovery Vault Backup Health Monitor Policy Effect", - "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist" + "displayName": "Activity Key Vault Delete Alert State", + "description": "Alert state for the alert" }, - "allowedValues": [ - "modify", - "audit", - "disabled" - ], - "defaultValue": "modify", + "defaultValue": "true", "type": "string" }, - "VNETDDOSAttackAlertSeverity": { + "StorageAccountAvailabilityAlertSeverity": { "metadata": { - "displayName": "VNET DDoS Attack Alert Severity", - "description": "Severity of the alert for VNET DDoS Attack" + "displayName": "Storage Account Availability Alert Severity", + "description": "Severity of the alert for Storage Account Availability" }, "allowedValues": [ "0", @@ -382,9 +361,9 @@ "defaultValue": "1", "type": "String" }, - "VNETDDOSAttackWindowSize": { + "StorageAccountAvailabilityWindowSize": { "metadata": { - "displayName": "VNET DDoS Attack Window Size", + "displayName": "Storage Account Availability Window Size", "description": "Window size for the alert" }, "allowedValues": [ @@ -400,9 +379,9 @@ "defaultValue": "PT5M", "type": "string" }, - "VNETDDOSAttackEvaluationFrequency": { + "StorageAccountAvailabilityFrequency": { "metadata": { - "displayName": "VNET DDoS Attack Evaluation Frequency", + "displayName": "Storage Account Availability Evaluation Frequency", "description": "Evaluation frequency for the alert" }, "allowedValues": [ @@ -412,12 +391,12 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "VNETDDOSAttackPolicyEffect": { + "StorageAccountAvailabilityPolicyEffect": { "metadata": { - "displayName": "VNET DDoS Attack Policy Effect", + "displayName": "Storage Account Availability Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ @@ -427,42 +406,46 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "VNETDDOSAttackAlertState": { + "StorageAccountAvailabilityAlertState": { "metadata": { - "displayName": "VNET DDoS Attack Alert State", + "displayName": "Storage Account Availability Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "VNETDDOSAttackThreshold": { + "StorageAccountAvailabilityThreshold": { "metadata": { - "displayName": "VNET DDoS Attack Threshold", + "displayName": "Storage Account Availability Threshold", "description": "Threshold for the alert" }, - "defaultValue": "1", + "defaultValue": "90", "type": "string" }, - "activityNSGDeleteAlertState": { + "StorageAccountDeletePolicyEffect": { "metadata": { - "displayName": "Activity NSG Delete Alert State", - "description": "Alert state for the alert" + "displayName": "Storage Account Delete Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, - "defaultValue": "true", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "string" }, - "activityUDRUpdateAlertState": { + "StorageAccountDeleteAlertState": { "metadata": { - "displayName": "Activity UDR Update Alert State", + "displayName": "Storage Account Delete Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "VMHeartBeatRGAlertSeverity": { + "PIPDDoSAttackAlertSeverity": { "metadata": { - "displayName": "VM Heart Beat RG Alert Severity", - "description": "Severity of the alert for VM Heart Beat RG" + "displayName": "PIP DDoS Attack Alert Severity", + "description": "Severity of the alert for PIP DDoS Attack" }, "allowedValues": [ "0", @@ -474,9 +457,9 @@ "defaultValue": "1", "type": "String" }, - "VMHeartBeatRGWindowSize": { + "PIPDDoSAttackWindowSize": { "metadata": { - "displayName": "VM Heart Beat RG Window Size", + "displayName": "PIP DDoS Attack Window Size", "description": "Window size for the alert" }, "allowedValues": [ @@ -489,12 +472,12 @@ "PT12H", "P1D" ], - "defaultValue": "PT6H", + "defaultValue": "PT5M", "type": "string" }, - "VMHeartBeatRGEvaluationFrequency": { + "PIPDDoSAttackEvaluationFrequency": { "metadata": { - "displayName": "VM Heart Beat RG Evaluation Frequency", + "displayName": "PIP DDoS Attack Evaluation Frequency", "description": "Evaluation frequency for the alert" }, "allowedValues": [ @@ -507,33 +490,9 @@ "defaultValue": "PT5M", "type": "string" }, - "VMHeartBeatRGAutoMitigate": { - "metadata": { - "displayName": "VM Heart Beat RG Auto Mitigate", - "description": "Auto Mitigate for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "VMHeartBeatRGAutoResolve": { - "metadata": { - "displayName": "VM Heart Beat RG Auto Resolve", - "description": "Auto Resolve for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "VMHeartBeatRGAutoResolveTime": { - "metadata": { - "displayName": "VM Heart Beat RG Auto Resolve Time", - "description": "Auto Resolve Time for the alert" - }, - "defaultValue": "00:10:00", - "type": "string" - }, - "VMHeartBeatRGPolicyEffect": { + "PIPDDoSAttackPolicyEffect": { "metadata": { - "displayName": "VM Heart Beat RG Policy Effect", + "displayName": "PIP DDoS Attack Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ @@ -543,6 +502,14 @@ "defaultValue": "deployIfNotExists", "type": "string" }, + "PIPDDoSAttackAlertState": { + "metadata": { + "displayName": "PIP DDoS Attack Alert State", + "description": "Alert state for the alert" + }, + "defaultValue": "true", + "type": "string" + }, "VMHeartBeatRGAlertState": { "metadata": { "displayName": "VM Heart Beat RG Alert State", @@ -2523,16 +2490,12 @@ "defaultValue": "PT1M", "type": "string" }, - "AGWResponseStatusPolicyEffect": { + "VMHeartBeatRGAutoResolveTime": { "metadata": { - "displayName": "AGW Response Status Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "displayName": "VM Heart Beat RG Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "00:10:00", "type": "string" }, "AGWResponseStatusAlertState": { @@ -2659,18 +2622,6 @@ "defaultValue": "PT1M", "type": "string" }, - "LBDatapathAvailabilityPolicyEffect": { - "metadata": { - "displayName": "LB Data path Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, "LBDatapathAvailabilityAlertState": { "metadata": { "displayName": "LB Data path Availability Alert State", @@ -3444,20 +3395,35 @@ }, "WSFHttpQueueLengthWindowSize": { "metadata": { - "displayName": "WSF HTTP Queue Lenght Window Size", - "description": "Window size for the alert" + "displayName": "WSF HTTP Queue Lenght Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "string" + }, + "WSFHttpQueueLengthEvaluationFrequency": { + "metadata": { + "displayName": "WSF HTTP Queue Lenght Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, "WSFHttpQueueLengthPolicyEffect": { @@ -3616,57 +3582,85 @@ "defaultValue": "true", "type": "string" }, - "StorageAccountAvailabilityAlertSeverity": { + "LBDatapathAvailabilityPolicyEffect": { "metadata": { - "displayName": "Storage Account Availability Alert Severity", - "description": "Severity of the alert for Storage Account Availability" + "displayName": "LB Data path Availability Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "1", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "StorageAccountAvailabilityWindowSize": { + "VMHeartBeatRGAutoResolve": { "metadata": { - "displayName": "Storage Account Availability Window Size", - "description": "Window size for the alert" + "displayName": "VM Heart Beat RG Auto Resolve", + "description": "Auto Resolve for the alert" + }, + "defaultValue": "true", + "type": "string" + }, + "VMHeartBeatRGAutoMitigate": { + "metadata": { + "displayName": "VM Heart Beat RG Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "defaultValue": "true", + "type": "string" + }, + "VMHeartBeatRGEvaluationFrequency": { + "metadata": { + "displayName": "VM Heart Beat RG Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "StorageAccountAvailabilityFrequency": { + "VMHeartBeatRGWindowSize": { "metadata": { - "displayName": "Storage Account Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "VM Heart Beat RG Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "PT5M", + "defaultValue": "PT6H", "type": "string" }, - "StorageAccountAvailabilityPolicyEffect": { + "VMHeartBeatRGAlertSeverity": { "metadata": { - "displayName": "Storage Account Availability Policy Effect", + "displayName": "VM Heart Beat RG Alert Severity", + "description": "Severity of the alert for VM Heart Beat RG" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "VMHeartBeatRGPolicyEffect": { + "metadata": { + "displayName": "VM Heart Beat RG Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ @@ -3676,122 +3670,87 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "StorageAccountAvailabilityAlertState": { + "activityUDRUpdateAlertState": { "metadata": { - "displayName": "Storage Account Availability Alert State", + "displayName": "Activity UDR Update Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "StorageAccountAvailabilityThreshold": { + "activityNSGDeleteAlertState": { "metadata": { - "displayName": "Storage Account Availability Threshold", - "description": "Threshold for the alert" + "displayName": "Activity NSG Delete Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "90", + "defaultValue": "true", "type": "string" }, - "StorageAccountDeletePolicyEffect": { + "VNETDDOSAttackThreshold": { "metadata": { - "displayName": "Storage Account Delete Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" + "displayName": "VNET DDoS Attack Threshold", + "description": "Threshold for the alert" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "1", "type": "string" }, - "StorageAccountDeleteAlertState": { + "VNETDDOSAttackAlertState": { "metadata": { - "displayName": "Storage Account Delete Alert State", + "displayName": "VNET DDoS Attack Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "PIPDDoSAttackAlertSeverity": { + "VNETDDOSAttackPolicyEffect": { "metadata": { - "displayName": "PIP DDoS Attack Alert Severity", - "description": "Severity of the alert for PIP DDoS Attack" + "displayName": "VNET DDoS Attack Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "deployIfNotExists", + "disabled" ], - "defaultValue": "1", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "PIPDDoSAttackWindowSize": { + "VNETDDOSAttackEvaluationFrequency": { "metadata": { - "displayName": "PIP DDoS Attack Window Size", - "description": "Window size for the alert" + "displayName": "VNET DDoS Attack Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPDDoSAttackEvaluationFrequency": { + "VNETDDOSAttackWindowSize": { "metadata": { - "displayName": "PIP DDoS Attack Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "VNET DDoS Attack Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], "defaultValue": "PT5M", "type": "string" }, - "PIPDDoSAttackPolicyEffect": { - "metadata": { - "displayName": "PIP DDoS Attack Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "PIPDDoSAttackAlertState": { - "metadata": { - "displayName": "PIP DDoS Attack Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "PIPDDoSAttackThreshold": { - "metadata": { - "displayName": "PIP DDoS Attack Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "0", - "type": "string" - }, - "PIPPacketsInDDoSAlertSeverity": { + "VNETDDOSAttackAlertSeverity": { "metadata": { - "displayName": "PIP Packets In DDoS Alert Severity", - "description": "Severity of the alert for PIP Packets In DDoS" + "displayName": "VNET DDoS Attack Alert Severity", + "description": "Severity of the alert for VNET DDoS Attack" }, "allowedValues": [ "0", @@ -3800,88 +3759,68 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "1", "type": "String" }, - "PIPPacketsInDDoSWindowSize": { - "metadata": { - "displayName": "PIP Packets In DDoS Window Size", - "description": "Window size for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "string" - }, - "PIPPacketsInDDoSEvaluationFrequency": { + "RVBackupHealthMonitorPolicyEffect": { "metadata": { - "displayName": "PIP Packets In DDoS Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "Recovery Vault Backup Health Monitor Policy Effect", + "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "modify", + "audit", + "disabled" ], - "defaultValue": "PT5M", + "defaultValue": "modify", "type": "string" }, - "PIPPacketsInDDoSPolicyEffect": { + "PIPBytesInDDoSThreshold": { "metadata": { - "displayName": "PIP Packets In DDoS Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "displayName": "PIP Bytes In DDoS Threshold", + "description": "Threshold for the alert" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "disabled", + "defaultValue": "8000000", "type": "string" }, - "PIPPacketsInDDoSAlertState": { + "PIPBytesInDDoSAlertState": { "metadata": { - "displayName": "PIP Packets In DDoS Alert State", + "displayName": "PIP Bytes In DDoS Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "PIPPacketsInDDoSThreshold": { + "PIPBytesInDDoSPolicyEffect": { "metadata": { - "displayName": "PIP Packets In DDoS Threshold", - "description": "Threshold for the alert" + "displayName": "PIP Bytes In DDoS Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, - "defaultValue": "40000", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", "type": "string" }, - "PIPVIPAvailabilityAlertSeverity": { + "PIPBytesInDDoSEvaluationFrequency": { "metadata": { - "displayName": "PIP VIP Availability Alert Severity", - "description": "Severity of the alert for PIP VIP Availability" + "displayName": "PIP Bytes In DDoS Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "1", - "type": "String" + "defaultValue": "PT5M", + "type": "string" }, - "PIPVIPAvailabilityWindowSize": { + "PIPBytesInDDoSWindowSize": { "metadata": { - "displayName": "PIP VIP Availability Window Size", + "displayName": "PIP Bytes In DDoS Window Size", "description": "Window size for the alert" }, "allowedValues": [ @@ -3897,19 +3836,35 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPVIPAvailabilityEvaluationFrequency": { + "PIPBytesInDDoSAlertSeverity": { "metadata": { - "displayName": "PIP VIP Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "PIP Bytes In DDoS Alert Severity", + "description": "Severity of the alert for PIP Bytes In DDoS" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT1M", + "defaultValue": "4", + "type": "String" + }, + "PIPVIPAvailabilityThreshold": { + "metadata": { + "displayName": "PIP VIP Availability Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "1", + "type": "string" + }, + "PIPVIPAvailabilityAlertState": { + "metadata": { + "displayName": "PIP VIP Availability Alert State", + "description": "Alert state for the alert" + }, + "defaultValue": "true", "type": "string" }, "PIPVIPAvailabilityPolicyEffect": { @@ -3924,9 +3879,9 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "WSFHttpQueueLengthEvaluationFrequency": { + "PIPVIPAvailabilityEvaluationFrequency": { "metadata": { - "displayName": "WSF HTTP Queue Lenght Evaluation Frequency", + "displayName": "PIP VIP Availability Evaluation Frequency", "description": "Evaluation frequency for the alert" }, "allowedValues": [ @@ -3939,26 +3894,28 @@ "defaultValue": "PT1M", "type": "string" }, - "PIPVIPAvailabilityAlertState": { - "metadata": { - "displayName": "PIP VIP Availability Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" - }, - "PIPVIPAvailabilityThreshold": { + "PIPVIPAvailabilityWindowSize": { "metadata": { - "displayName": "PIP VIP Availability Threshold", - "description": "Threshold for the alert" + "displayName": "PIP VIP Availability Window Size", + "description": "Window size for the alert" }, - "defaultValue": "1", + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", "type": "string" }, - "PIPBytesInDDoSAlertSeverity": { + "PIPVIPAvailabilityAlertSeverity": { "metadata": { - "displayName": "PIP Bytes In DDoS Alert Severity", - "description": "Severity of the alert for PIP Bytes In DDoS" + "displayName": "PIP VIP Availability Alert Severity", + "description": "Severity of the alert for PIP VIP Availability" }, "allowedValues": [ "0", @@ -3967,60 +3924,103 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "1", "type": "String" }, - "PIPBytesInDDoSWindowSize": { + "PIPPacketsInDDoSThreshold": { "metadata": { - "displayName": "PIP Bytes In DDoS Window Size", - "description": "Window size for the alert" + "displayName": "PIP Packets In DDoS Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "40000", + "type": "string" + }, + "PIPPacketsInDDoSAlertState": { + "metadata": { + "displayName": "PIP Packets In DDoS Alert State", + "description": "Alert state for the alert" + }, + "defaultValue": "true", + "type": "string" + }, + "PIPPacketsInDDoSPolicyEffect": { + "metadata": { + "displayName": "PIP Packets In DDoS Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled", + "type": "string" + }, + "PIPPacketsInDDoSEvaluationFrequency": { + "metadata": { + "displayName": "PIP Packets In DDoS Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "PIPBytesInDDoSEvaluationFrequency": { + "PIPPacketsInDDoSWindowSize": { "metadata": { - "displayName": "PIP Bytes In DDoS Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "PIP Packets In DDoS Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], "defaultValue": "PT5M", "type": "string" }, - "PIPBytesInDDoSPolicyEffect": { + "PIPPacketsInDDoSAlertSeverity": { "metadata": { - "displayName": "PIP Bytes In DDoS Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "displayName": "PIP Packets In DDoS Alert Severity", + "description": "Severity of the alert for PIP Packets In DDoS" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "disabled", + "defaultValue": "4", + "type": "String" + }, + "PIPDDoSAttackThreshold": { + "metadata": { + "displayName": "PIP DDoS Attack Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "0", "type": "string" }, - "PIPBytesInDDoSAlertState": { + "AGWResponseStatusPolicyEffect": { "metadata": { - "displayName": "PIP Bytes In DDoS Alert State", - "description": "Alert state for the alert" + "displayName": "AGW Response Status Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" }, - "defaultValue": "true", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "string" } }, @@ -4032,12 +4032,12 @@ "evaluationFrequency": { "value": "[parameters('KVRequestEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('KVRequestPolicyEffect')]" - }, "windowSize": { "value": "[parameters('KVRequestWindowSize')]" }, + "effect": { + "value": "[parameters('KVRequestPolicyEffect')]" + }, "severity": { "value": "[parameters('KVRequestAlertSeverity')]" }, @@ -4053,12 +4053,12 @@ "evaluationFrequency": { "value": "[parameters('KvAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('KvAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('KvAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('KvAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('KvAvailabilityAlertSeverity')]" }, @@ -4077,12 +4077,12 @@ "evaluationFrequency": { "value": "[parameters('KvLatencyAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('KvLatencyAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('KvLatencyAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('KvLatencyAvailabilityAlertSeverity')]" }, @@ -4101,12 +4101,12 @@ "evaluationFrequency": { "value": "[parameters('KVCapacityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('KVCapacityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('KVCapacityWindowSize')]" }, + "effect": { + "value": "[parameters('KVCapacityPolicyEffect')]" + }, "severity": { "value": "[parameters('KVCapacityAlertSeverity')]" }, @@ -4143,12 +4143,12 @@ "evaluationFrequency": { "value": "[parameters('StorageAccountAvailabilityFrequency')]" }, - "effect": { - "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('StorageAccountAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('StorageAccountAvailabilityAlertSeverity')]" }, @@ -4188,12 +4188,12 @@ "evaluationFrequency": { "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPBytesInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPBytesInDDoSAlertSeverity')]" }, @@ -4212,12 +4212,12 @@ "evaluationFrequency": { "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPDDoSAttackPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPDDoSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('PIPDDoSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPDDoSAttackAlertSeverity')]" }, @@ -4236,12 +4236,12 @@ "evaluationFrequency": { "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPPacketsInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPPacketsInDDoSAlertSeverity')]" }, @@ -4260,12 +4260,12 @@ "evaluationFrequency": { "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('PIPVIPAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPVIPAvailabilityAlertSeverity')]" }, @@ -4329,12 +4329,12 @@ "evaluationFrequency": { "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VNETDDOSAttackPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VNETDDOSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('VNETDDOSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('VNETDDOSAttackAlertSeverity')]" }, @@ -4353,12 +4353,12 @@ "evaluationFrequency": { "value": "[parameters('VMHeartBeatRGEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMHeartBeatRGPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMHeartBeatRGWindowSize')]" }, + "effect": { + "value": "[parameters('VMHeartBeatRGPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4377,12 +4377,12 @@ "threshold": { "value": "[parameters('VMHeartBeatRGThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMHeartBeatRGAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMHeartBeatRGTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMHeartBeatRGAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMHeartBeatRGFailingPeriods')]" }, @@ -4402,14 +4402,14 @@ "policyDefinitionName": "Deploy_VM_NetworkIn_Alert", "parameters": { "evaluationFrequency": { - "value": "[parameters('VMNetworkInEvaluationFrequency')]" - }, - "effect": { - "value": "[parameters('VMNetworkInPolicyEffect')]" + "value": "[parameters('VMNetworkInEvaluationFrequency')]" }, "windowSize": { "value": "[parameters('VMNetworkInWindowSize')]" }, + "effect": { + "value": "[parameters('VMNetworkInPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4428,12 +4428,12 @@ "threshold": { "value": "[parameters('VMNetworkInThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMNetworkInAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMNetworkInTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMNetworkInAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMNetworkInFailingPeriods')]" }, @@ -4461,12 +4461,12 @@ "evaluationFrequency": { "value": "[parameters('VMNetworkOutEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMNetworkOutPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMNetworkOutWindowSize')]" }, + "effect": { + "value": "[parameters('VMNetworkOutPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4485,12 +4485,12 @@ "threshold": { "value": "[parameters('VMNetworkOutThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMNetworkOutAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMNetworkOutTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMNetworkOutAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMNetworkOutFailingPeriods')]" }, @@ -4518,12 +4518,12 @@ "evaluationFrequency": { "value": "[parameters('VMOSDiskReadLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMOSDiskReadLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMOSDiskReadLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('VMOSDiskReadLatencyPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4542,12 +4542,12 @@ "threshold": { "value": "[parameters('VMOSDiskReadLatencyThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMOSDiskReadLatencyAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMOSDiskReadLatencyTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMOSDiskReadLatencyAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMOSDiskReadLatencyFailingPeriods')]" }, @@ -4575,12 +4575,12 @@ "evaluationFrequency": { "value": "[parameters('VMOSDiskWriteLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMOSDiskWriteLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMOSDiskWriteLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('VMOSDiskWriteLatencyPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4599,12 +4599,12 @@ "threshold": { "value": "[parameters('VMOSDiskWriteLatencyThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMOSDiskWriteLatencyAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMOSDiskWriteLatencyTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMOSDiskWriteLatencyAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMOSDiskWriteLatencyFailingPeriods')]" }, @@ -4632,12 +4632,12 @@ "evaluationFrequency": { "value": "[parameters('VMOSDiskSpaceEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMOSDiskSpacePolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMOSDiskSpaceWindowSize')]" }, + "effect": { + "value": "[parameters('VMOSDiskSpacePolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4656,12 +4656,12 @@ "threshold": { "value": "[parameters('VMOSDiskSpaceThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMOSDiskSpaceAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMOSDiskSpaceTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMOSDiskSpaceAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMOSDiskSpaceFailingPeriods')]" }, @@ -4689,12 +4689,12 @@ "evaluationFrequency": { "value": "[parameters('VMPercentCPUEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMPercentCPUPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMPercentCPUWindowSize')]" }, + "effect": { + "value": "[parameters('VMPercentCPUPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4713,12 +4713,12 @@ "threshold": { "value": "[parameters('VMPercentCPUThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMPercentCPUAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMPercentCPUTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMPercentCPUAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMPercentCPUFailingPeriods')]" }, @@ -4740,12 +4740,12 @@ "evaluationFrequency": { "value": "[parameters('VMPercentMemoryEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMPercentMemoryPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMPercentMemoryWindowSize')]" }, + "effect": { + "value": "[parameters('VMPercentMemoryPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4764,12 +4764,12 @@ "threshold": { "value": "[parameters('VMPercentMemoryThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMPercentMemoryAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMPercentMemoryTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMPercentMemoryAutoResolveTime')]" + }, "autoMitigate": { "value": "[parameters('VMPercentMemoryAutoMitigate')]" }, @@ -4788,12 +4788,12 @@ "evaluationFrequency": { "value": "[parameters('VMDataDiskSpaceEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMDataDiskSpacePolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMDataDiskSpaceWindowSize')]" }, + "effect": { + "value": "[parameters('VMDataDiskSpacePolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4812,12 +4812,12 @@ "threshold": { "value": "[parameters('VMDataDiskSpaceThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMDataDiskSpaceAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMDataDiskSpaceTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMDataDiskSpaceAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMDataDiskSpaceFailingPeriods')]" }, @@ -4842,12 +4842,12 @@ "evaluationFrequency": { "value": "[parameters('VMDataDiskReadLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMDataDiskReadLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMDataDiskReadLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('VMDataDiskReadLatencyPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4866,12 +4866,12 @@ "threshold": { "value": "[parameters('VMDataDiskReadLatencyThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMDataDiskReadLatencyAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMDataDiskReadLatencyTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMDataDiskReadLatencyAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMDataDiskReadLatencyFailingPeriods')]" }, @@ -4899,12 +4899,12 @@ "evaluationFrequency": { "value": "[parameters('VMDataDiskWriteLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('VMDataDiskWriteLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('VMDataDiskWriteLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('VMDataDiskWriteLatencyPolicyEffect')]" + }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, @@ -4923,12 +4923,12 @@ "threshold": { "value": "[parameters('VMDataDiskWriteLatencyThreshold')]" }, - "autoResolveTime": { - "value": "[parameters('VMDataDiskWriteLatencyAutoResolveTime')]" - }, "timeAggregation": { "value": "[parameters('VMDataDiskWriteLatencyTimeAggregation')]" }, + "autoResolveTime": { + "value": "[parameters('VMDataDiskWriteLatencyAutoResolveTime')]" + }, "failingPeriods": { "value": "[parameters('VMDataDiskWriteLatencyFailingPeriods')]" }, @@ -4956,12 +4956,12 @@ "evaluationFrequency": { "value": "[parameters('AGWApplicationGatewayTotalTimeEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWApplicationGatewayTotalTimePolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWApplicationGatewayTotalTimeWindowSize')]" }, + "effect": { + "value": "[parameters('AGWApplicationGatewayTotalTimePolicyEffect')]" + }, "severity": { "value": "[parameters('AGWApplicationGatewayTotalTimeAlertSeverity')]" }, @@ -4980,12 +4980,12 @@ "evaluationFrequency": { "value": "[parameters('AGWBackendLastByteResponseTimeEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWBackendLastByteResponseTimePolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWBackendLastByteResponseTimeWindowSize')]" }, + "effect": { + "value": "[parameters('AGWBackendLastByteResponseTimePolicyEffect')]" + }, "severity": { "value": "[parameters('AGWBackendLastByteResponseTimeAlertSeverity')]" }, @@ -5004,12 +5004,12 @@ "evaluationFrequency": { "value": "[parameters('AGWCapacityUnitsEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWCapacityUnitsPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWCapacityUnitsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWCapacityUnitsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWCapacityUnitsAlertSeverity')]" }, @@ -5025,12 +5025,12 @@ "evaluationFrequency": { "value": "[parameters('AGWComputeUnitsEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWComputeUnitsPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWComputeUnitsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWComputeUnitsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWComputeUnitsAlertSeverity')]" }, @@ -5046,12 +5046,12 @@ "evaluationFrequency": { "value": "[parameters('AGWCPUUtilEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWCPUUtilPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWCPUUtilWindowSize')]" }, + "effect": { + "value": "[parameters('AGWCPUUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWCPUUtilAlertSeverity')]" }, @@ -5067,12 +5067,12 @@ "evaluationFrequency": { "value": "[parameters('AGWFailedRequestsEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWFailedRequestsPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWFailedRequestsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWFailedRequestsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWFailedRequestsAlertSeverity')]" }, @@ -5091,12 +5091,12 @@ "evaluationFrequency": { "value": "[parameters('AGWResponseStatusEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWResponseStatusPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWResponseStatusWindowSize')]" }, + "effect": { + "value": "[parameters('AGWResponseStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWResponseStatusAlertSeverity')]" }, @@ -5115,12 +5115,12 @@ "evaluationFrequency": { "value": "[parameters('AGWUnhealthyHostCountEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('AGWUnhealthyHostCountPolicyEffect')]" - }, "windowSize": { "value": "[parameters('AGWUnhealthyHostCountWindowSize')]" }, + "effect": { + "value": "[parameters('AGWUnhealthyHostCountPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWUnhealthyHostCountAlertSeverity')]" }, @@ -5136,12 +5136,12 @@ "evaluationFrequency": { "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBDataPathAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBDataPathAvailabilityAlertSeverity')]" }, @@ -5157,12 +5157,12 @@ "evaluationFrequency": { "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBGlobalBackendAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBGlobalBackendAvailabilityAlertSeverity')]" }, @@ -5178,12 +5178,12 @@ "evaluationFrequency": { "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBHealthProbeStatusWindowSize')]" }, + "effect": { + "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('LBHealthProbeStatusAlertSeverity')]" }, @@ -5199,12 +5199,12 @@ "evaluationFrequency": { "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" - }, "windowSize": { "value": "[parameters('LBUsedSNATPortsWindowSize')]" }, + "effect": { + "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" + }, "severity": { "value": "[parameters('LBUsedSNATPortsAlertSeverity')]" }, @@ -5220,12 +5220,12 @@ "evaluationFrequency": { "value": "[parameters('CDNPOriginHealthPercentageEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('CDNPOriginHealthPercentagePolicyEffect')]" - }, "windowSize": { "value": "[parameters('CDNPOriginHealthPercentageWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPOriginHealthPercentagePolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPOriginHealthPercentageAlertSeverity')]" }, @@ -5241,12 +5241,12 @@ "evaluationFrequency": { "value": "[parameters('CDNPOriginLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('CDNPOriginLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('CDNPOriginLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPOriginLatencyPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPOriginLatencyAlertSeverity')]" }, @@ -5262,12 +5262,12 @@ "evaluationFrequency": { "value": "[parameters('CDNPPercentage4XXEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('CDNPPercentage4XXPolicyEffect')]" - }, "windowSize": { "value": "[parameters('CDNPPercentage4XXWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPPercentage4XXPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPPercentage4XXAlertSeverity')]" }, @@ -5283,12 +5283,12 @@ "evaluationFrequency": { "value": "[parameters('CDNPPercentage5XXEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('CDNPPercentage5XXPolicyEffect')]" - }, "windowSize": { "value": "[parameters('CDNPPercentage5XXWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPPercentage5XXPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPPercentage5XXAlertSeverity')]" }, @@ -5304,12 +5304,12 @@ "evaluationFrequency": { "value": "[parameters('TMEndpointHealthEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('TMEndpointHealthPolicyEffect')]" - }, "windowSize": { "value": "[parameters('TMEndpointHealthWindowSize')]" }, + "effect": { + "value": "[parameters('TMEndpointHealthPolicyEffect')]" + }, "severity": { "value": "[parameters('TMEndpointHealthAlertSeverity')]" }, @@ -5325,12 +5325,12 @@ "evaluationFrequency": { "value": "[parameters('WSFCPUPercentageEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('WSFCPUPercentagePolicyEffect')]" - }, "windowSize": { "value": "[parameters('WSFCPUPercentageWindowSize')]" }, + "effect": { + "value": "[parameters('WSFCPUPercentagePolicyEffect')]" + }, "severity": { "value": "[parameters('WSFCPUPercentageAlertSeverity')]" }, @@ -5346,12 +5346,12 @@ "evaluationFrequency": { "value": "[parameters('WSFMemoryPercentageEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('WSFMemoryPercentagePolicyEffect')]" - }, "windowSize": { "value": "[parameters('WSFMemoryPercentageWindowSize')]" }, + "effect": { + "value": "[parameters('WSFMemoryPercentagePolicyEffect')]" + }, "severity": { "value": "[parameters('WSFMemoryPercentageAlertSeverity')]" }, @@ -5367,12 +5367,12 @@ "evaluationFrequency": { "value": "[parameters('WSFDiskQueueLengthEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('WSFDiskQueueLengthPolicyEffect')]" - }, "windowSize": { "value": "[parameters('WSFDiskQueueLengthWindowSize')]" }, + "effect": { + "value": "[parameters('WSFDiskQueueLengthPolicyEffect')]" + }, "severity": { "value": "[parameters('WSFDiskQueueLengthAlertSeverity')]" }, @@ -5388,12 +5388,12 @@ "evaluationFrequency": { "value": "[parameters('WSFHttpQueueLengthEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('WSFHttpQueueLengthPolicyEffect')]" - }, "windowSize": { "value": "[parameters('WSFHttpQueueLengthWindowSize')]" }, + "effect": { + "value": "[parameters('WSFHttpQueueLengthPolicyEffect')]" + }, "severity": { "value": "[parameters('WSFHttpQueueLengthAlertSeverity')]" }, @@ -5409,12 +5409,12 @@ "evaluationFrequency": { "value": "[parameters('FDBackendHealthEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('FDBackendHealthPolicyEffect')]" - }, "windowSize": { "value": "[parameters('FDBackendHealthWindowSize')]" }, + "effect": { + "value": "[parameters('FDBackendHealthPolicyEffect')]" + }, "severity": { "value": "[parameters('FDBackendHealthAlertSeverity')]" }, @@ -5430,12 +5430,12 @@ "evaluationFrequency": { "value": "[parameters('FDBackendRequestLatencyEvaluationFrequency')]" }, - "effect": { - "value": "[parameters('FDBackendRequestLatencyPolicyEffect')]" - }, "windowSize": { "value": "[parameters('FDBackendRequestLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('FDBackendRequestLatencyPolicyEffect')]" + }, "severity": { "value": "[parameters('FDBackendRequestLatencyAlertSeverity')]" }, diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-loadbalancing.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-loadbalancing.jsonc index 81cf41a..958ccf1 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-loadbalancing.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-loadbalancing.jsonc @@ -5,73 +5,34 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Load Balancing", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.", "metadata": { - "_deployed_by_amba": true, + "category": "Monitoring", "version": "1.0.0", "alzCloudEnvironments": [ "AzureCloud" ], - "category": "Monitoring", + "_deployed_by_amba": true, "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, - "ALZMonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "VNETDDOSAttackAlertSeverity": { - "metadata": { - "description": "Severity of the alert for VNET DDoS Attack", - "displayName": "VNET DDoS Attack Alert Severity" - }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "1", - "type": "String" - }, - "VNETDDOSAttackWindowSize": { + "LBGlobalBackendAvailabilityEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "VNET DDoS Attack Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "LB Global Backend Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "VNETDDOSAttackEvaluationFrequency": { + "LBDatapathAvailabilityEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "VNET DDoS Attack Evaluation Frequency" + "displayName": "LB Data path Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -83,38 +44,10 @@ "defaultValue": "PT1M", "type": "string" }, - "VNETDDOSAttackPolicyEffect": { - "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VNET DDoS Attack Policy Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "VNETDDOSAttackAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "VNET DDoS Attack Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "VNETDDOSAttackThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "VNET DDoS Attack Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "AGWApplicationGatewayTotalTimeAlertSeverity": { + "LBGlobalBackendAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "AGW Total Time Alert Severity" + "displayName": "LB Global Backend Availability Alert Severity" }, "allowedValues": [ "0", @@ -123,44 +56,40 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "0", "type": "String" }, - "AGWApplicationGatewayTotalTimeAlertSensitivity": { + "LBGlobalBackendAvailabilityPolicyEffect": { "metadata": { - "description": "Dynamic Sensitivity of the alert", - "displayName": "AGW Total Time Dynamic Alert Sensitivity" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "LB Global Backend Availability Policy Effect" }, "allowedValues": [ - "Low", - "Medium", - "High" + "deployIfNotExists", + "disabled" ], - "defaultValue": "Medium", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "AGWApplicationGatewayTotalTimeWindowSize": { + "LBHealthProbeStatusEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "AGW Total Time Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "LB Health Probe Status Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "AGWApplicationGatewayTotalTimeEvaluationFrequency": { + "PIPVIPAvailabilityEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "AGW Total Time Evaluation Frequency" + "displayName": "PIP VIP Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -172,30 +101,36 @@ "defaultValue": "PT1M", "type": "string" }, - "AGWApplicationGatewayTotalTimePolicyEffect": { + "LBGlobalBackendAvailabilityWindowSize": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Total Time Policy Effect" + "description": "Window size for the alert", + "displayName": "LB Global Backend Availability Window Size" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "string" }, - "AGWApplicationGatewayTotalTimeAlertState": { + "LBGlobalBackendAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AGW Total Time Alert State" + "displayName": "LB Global Backend Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWBackendLastByteResponseTimeAlertSeverity": { + "LBDatapathAvailabilityAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "AGW Backend Last Byte Response Time Alert Severity" + "displayName": "LB Data path Availability Alert Severity" }, "allowedValues": [ "0", @@ -204,44 +139,28 @@ "3", "4" ], - "defaultValue": "2", - "type": "String" - }, - "AGWBackendLastByteResponseTimeAlertSensitivity": { - "metadata": { - "description": "Dynamic Severity of the alert", - "displayName": "AGW Backend Last Byte Response Time Dynamic Alert Sensitivity" - }, - "allowedValues": [ - "Low", - "Medium", - "High" - ], - "defaultValue": "Medium", + "defaultValue": "0", "type": "String" }, - "AGWBackendLastByteResponseTimeWindowSize": { + "PIPPacketsInDDoSEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "AGW Backend Last Byte Response Time Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "PIP Packets In DDoS Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "AGWBackendLastByteResponseTimeEvaluationFrequency": { + "LBUsedSNATPortsEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "AGW Backend Last Byte Response Time Evaluation Frequency" + "displayName": "LB Used SNAT Ports Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -253,10 +172,10 @@ "defaultValue": "PT1M", "type": "string" }, - "AGWBackendLastByteResponseTimePolicyEffect": { + "LBDatapathAvailabilityPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Backend Last Byte Response Time Policy Effect" + "displayName": "LB Data path Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -265,51 +184,25 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "AGWBackendLastByteResponseTimeAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "AGW Backend Last Byte Response Time Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "AGWCapacityUnitsAlertSeverity": { - "metadata": { - "description": "Severity of the alert", - "displayName": "AGW Capacity Units Alert Severity" - }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", - "type": "String" - }, - "AGWCapacityUnitsWindowSize": { + "PIPBytesInDDoSEvaluationFrequency": { "metadata": { - "description": "Window size for the alert", - "displayName": "AGW Capacity Units Window Size" + "description": "Evaluation frequency for the alert", + "displayName": "PIP Bytes In DDoS Evaluation Frequency" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "PT1H" ], "defaultValue": "PT5M", "type": "string" }, - "AGWCapacityUnitsEvaluationFrequency": { + "VNETDDOSAttackEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "AGW Capacity Units Evaluation Frequency" + "displayName": "VNET DDoS Attack Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -321,30 +214,36 @@ "defaultValue": "PT1M", "type": "string" }, - "AGWCapacityUnitsPolicyEffect": { + "LBDatapathAvailabilityWindowSize": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Capacity Units Policy Effect" + "description": "Window size for the alert", + "displayName": "LB Data path Availability Window Size" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "string" }, - "AGWCapacityUnitsAlertState": { + "LBDatapathAvailabilityAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AGW Capacity Units Alert State" + "displayName": "LB Data path Availability Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWComputeUnitsAlertSeverity": { + "LBHealthProbeStatusAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "AGW Compute Units Alert Severity" + "displayName": "LB Health Probe Status Alert Severity" }, "allowedValues": [ "0", @@ -356,10 +255,10 @@ "defaultValue": "2", "type": "String" }, - "AGWComputeUnitsEvaluationFrequency": { + "PIPDDoSAttackEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "AGW Compute Units Evaluation Frequency" + "displayName": "PIP DDoS Attack Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -368,13 +267,28 @@ "PT30M", "PT1H" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "AGWComputeUnitsPolicyEffect": { + "PIPVIPAvailabilityAlertSeverity": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Compute Units Policy Effect" + "description": "Severity of the alert for PIP VIP Availability", + "displayName": "PIP VIP Availability Alert Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "LBHealthProbeStatusPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "LB Health Probe Status Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -383,18 +297,71 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "AGWComputeUnitsAlertState": { + "PIPVIPAvailabilityPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "PIP VIP Availability Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "string" + }, + "LBHealthProbeStatusWindowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "LB Health Probe Status Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "string" + }, + "PIPPacketsInDDoSAlertSeverity": { + "metadata": { + "description": "Severity of the alert for PIP Packets In DDoS", + "displayName": "PIP Packets In DDoS Alert Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "4", + "type": "String" + }, + "LBHealthProbeStatusAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AGW Compute Units Alert State" + "displayName": "LB Health Probe Status Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWCPUUtilAlertSeverity": { + "PIPVIPAvailabilityAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "PIP VIP Availability Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "LBUsedSNATPortsAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "AGW CPU Util Alert Severity" + "displayName": "LB Used SNAT Ports Alert Severity" }, "allowedValues": [ "0", @@ -403,13 +370,13 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, - "AGWCPUUtilWindowSize": { + "PIPVIPAvailabilityWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "AGW CPU Util Window Size" + "displayName": "PIP VIP Availability Window Size" }, "allowedValues": [ "PT1M", @@ -424,25 +391,37 @@ "defaultValue": "PT5M", "type": "string" }, - "AGWCPUUtilEvaluationFrequency": { + "PIPPacketsInDDoSPolicyEffect": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "AGW CPU Util Evaluation Frequency" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "PIP Packets In DDoS Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT1M", + "defaultValue": "disabled", "type": "string" }, - "AGWCPUUtilPolicyEffect": { + "PIPBytesInDDoSAlertSeverity": { + "metadata": { + "description": "Severity of the alert for PIP Bytes In DDoS", + "displayName": "PIP Bytes In DDoS Alert Severity" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "4", + "type": "String" + }, + "LBUsedSNATPortsPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW CPU Util Policy Effect" + "displayName": "LB Used SNAT Ports Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -451,18 +430,45 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "AGWCPUUtilAlertState": { + "VNETDDOSAttackAlertSeverity": { "metadata": { - "description": "Alert state for the alert", - "displayName": "AGW CPU Util Alert State" + "description": "Severity of the alert for VNET DDoS Attack", + "displayName": "VNET DDoS Attack Alert Severity" }, - "defaultValue": "true", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "1", + "type": "String" + }, + "PIPVIPAvailabilityThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PIP VIP Availability Threshold" + }, + "defaultValue": "1", "type": "string" }, - "AGWFailedRequestsAlertSeverity": { + "VNETDDOSAttackPolicyEffect": { "metadata": { - "description": "Severity of the alert", - "displayName": "AGW Failed Requests Alert Severity" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "VNET DDoS Attack Policy Effect" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", + "type": "string" + }, + "PIPDDoSAttackAlertSeverity": { + "metadata": { + "description": "Severity of the alert for PIP DDoS Attack", + "displayName": "PIP DDoS Attack Alert Severity" }, "allowedValues": [ "0", @@ -471,26 +477,26 @@ "3", "4" ], - "defaultValue": "2", + "defaultValue": "1", "type": "String" }, - "AGWFailedRequestsAlertSensitivity": { + "ALZMonitorDisableTagValues": { "metadata": { - "description": "Dynamic Sensitivity of the alert", - "displayName": "AGW Failed Requests Dynamic Alert Sensitivity" + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, - "allowedValues": [ - "Low", - "Medium", - "High" + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" ], - "defaultValue": "Medium", - "type": "String" + "type": "Array" }, - "AGWFailedRequestsWindowSize": { + "PIPPacketsInDDoSWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "AGW Failed Requests Window Size" + "displayName": "PIP Packets In DDoS Window Size" }, "allowedValues": [ "PT1M", @@ -505,25 +511,30 @@ "defaultValue": "PT5M", "type": "string" }, - "AGWFailedRequestsEvaluationFrequency": { + "PIPBytesInDDoSPolicyEffect": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "AGW Failed Requests Evaluation Frequency" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "PIP Bytes In DDoS Policy Effect" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" + "deployIfNotExists", + "disabled" ], - "defaultValue": "PT1M", + "defaultValue": "disabled", "type": "string" }, - "AGWFailedRequestsPolicyEffect": { + "PIPPacketsInDDoSAlertState": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Failed Requests Policy Effect" + "description": "Alert state for the alert", + "displayName": "PIP Packets In DDoS Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "PIPDDoSAttackPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "PIP DDoS Attack Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -532,46 +543,44 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "AGWFailedRequestsAlertState": { + "LBUsedSNATPortsAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AGW Failed Requests Alert State" + "displayName": "LB Used SNAT Ports Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWResponseStatusAlertSeverity": { + "LBUsedSNATPortsWindowSize": { "metadata": { - "description": "Severity of the alert", - "displayName": "AGW Response Status Alert Severity" + "description": "Window size for the alert", + "displayName": "LB Used SNAT Ports Window Size" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "2", - "type": "String" + "defaultValue": "PT5M", + "type": "string" }, - "AGWResponseStatusAlertSensitivity": { + "PIPPacketsInDDoSThreshold": { "metadata": { - "description": "Dynamic Sensitivity of the alert", - "displayName": "AGW Response Status Dynamic Alert Sensitivity" + "description": "Threshold for the alert", + "displayName": "PIP Packets In DDoS Threshold" }, - "allowedValues": [ - "Low", - "Medium", - "High" - ], - "defaultValue": "Medium", - "type": "String" + "defaultValue": "40000", + "type": "string" }, - "AGWResponseStatusWindowSize": { + "PIPBytesInDDoSWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "AGW Response Status Window Size" + "displayName": "PIP Bytes In DDoS Window Size" }, "allowedValues": [ "PT1M", @@ -586,113 +595,102 @@ "defaultValue": "PT5M", "type": "string" }, - "AGWResponseStatusEvaluationFrequency": { + "VNETDDOSAttackWindowSize": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "AGW Response Status Evaluation Frequency" + "description": "Window size for the alert", + "displayName": "VNET DDoS Attack Window Size" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "PT1M", + "defaultValue": "PT5M", "type": "string" }, - "AGWResponseStatusPolicyEffect": { + "PIPBytesInDDoSAlertState": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Response Status Policy Effect" + "description": "Alert state for the alert", + "displayName": "PIP Bytes In DDoS Alert State" }, - "allowedValues": [ - "deployIfNotExists", - "disabled" - ], - "defaultValue": "deployIfNotExists", + "defaultValue": "true", "type": "string" }, - "AGWResponseStatusAlertState": { + "VNETDDOSAttackAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "AGW Response Status Alert State" + "displayName": "VNET DDoS Attack Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWUnhealthyHostCountAlertSeverity": { + "ALZMonitorDisableTagName": { "metadata": { - "description": "Severity of the alert", - "displayName": "AGW Unhealthy Host Count Alert Severity" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "MonitorDisable", "type": "String" }, - "AGWUnhealthyHostCountWindowSize": { + "PIPDDoSAttackAlertState": { "metadata": { - "description": "Window size for the alert", - "displayName": "AGW Unhealthy Host Count Window Size" + "description": "Alert state for the alert", + "displayName": "PIP DDoS Attack Alert State" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", + "defaultValue": "true", + "type": "string" + }, + "VNETDDOSAttackThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "VNET DDoS Attack Threshold" + }, + "defaultValue": "1", + "type": "string" + }, + "PIPBytesInDDoSThreshold": { + "metadata": { + "description": "Threshold for the alert", + "displayName": "PIP Bytes In DDoS Threshold" + }, + "defaultValue": "8000000", "type": "string" }, - "AGWUnhealthyHostCountEvaluationFrequency": { + "PIPDDoSAttackWindowSize": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "AGW Unhealthy Host Count Evaluation Frequency" + "description": "Window size for the alert", + "displayName": "PIP DDoS Attack Window Size" }, "allowedValues": [ "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" - ], - "defaultValue": "PT1M", - "type": "string" - }, - "AGWUnhealthyHostCountPolicyEffect": { - "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "AGW Unhealthy Host Count Policy Effect" - }, - "allowedValues": [ - "deployIfNotExists", - "disabled" + "PT1H", + "PT6H", + "PT12H", + "P1D" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "PT5M", "type": "string" }, - "AGWUnhealthyHostCountAlertState": { + "PIPDDoSAttackThreshold": { "metadata": { - "description": "Alert state for the alert", - "displayName": "AGW Unhealthy Host Count Alert State" + "description": "Threshold for the alert", + "displayName": "PIP DDoS Attack Threshold" }, - "defaultValue": "true", + "defaultValue": "0", "type": "string" }, - "LBDatapathAvailabilityAlertSeverity": { + "AGWApplicationGatewayTotalTimeAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Data path Availability Alert Severity" + "displayName": "AGW Total Time Alert Severity" }, "allowedValues": [ "0", @@ -701,13 +699,26 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "2", "type": "String" }, - "LBDatapathAvailabilityWindowSize": { + "AGWApplicationGatewayTotalTimeAlertSensitivity": { + "metadata": { + "description": "Dynamic Sensitivity of the alert", + "displayName": "AGW Total Time Dynamic Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + }, + "AGWApplicationGatewayTotalTimeWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Data path Availability Window Size" + "displayName": "AGW Total Time Window Size" }, "allowedValues": [ "PT1M", @@ -722,10 +733,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBDatapathAvailabilityEvaluationFrequency": { + "AGWApplicationGatewayTotalTimeEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Data path Availability Evaluation Frequency" + "displayName": "AGW Total Time Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -737,10 +748,10 @@ "defaultValue": "PT1M", "type": "string" }, - "LBDatapathAvailabilityPolicyEffect": { + "AGWApplicationGatewayTotalTimePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Data path Availability Policy Effect" + "displayName": "AGW Total Time Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -749,18 +760,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "LBDatapathAvailabilityAlertState": { + "AGWApplicationGatewayTotalTimeAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Data path Availability Alert State" + "displayName": "AGW Total Time Alert State" }, "defaultValue": "true", "type": "string" }, - "LBGlobalBackendAvailabilityAlertSeverity": { + "AGWBackendLastByteResponseTimeAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Global Backend Availability Alert Severity" + "displayName": "AGW Backend Last Byte Response Time Alert Severity" }, "allowedValues": [ "0", @@ -769,13 +780,26 @@ "3", "4" ], - "defaultValue": "0", + "defaultValue": "2", "type": "String" }, - "LBGlobalBackendAvailabilityWindowSize": { + "AGWBackendLastByteResponseTimeAlertSensitivity": { + "metadata": { + "description": "Dynamic Severity of the alert", + "displayName": "AGW Backend Last Byte Response Time Dynamic Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + }, + "AGWBackendLastByteResponseTimeWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Global Backend Availability Window Size" + "displayName": "AGW Backend Last Byte Response Time Window Size" }, "allowedValues": [ "PT1M", @@ -790,10 +814,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBGlobalBackendAvailabilityEvaluationFrequency": { + "AGWBackendLastByteResponseTimeEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Global Backend Availability Evaluation Frequency" + "displayName": "AGW Backend Last Byte Response Time Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -805,10 +829,10 @@ "defaultValue": "PT1M", "type": "string" }, - "LBGlobalBackendAvailabilityPolicyEffect": { + "AGWBackendLastByteResponseTimePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Global Backend Availability Policy Effect" + "displayName": "AGW Backend Last Byte Response Time Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -817,18 +841,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "LBGlobalBackendAvailabilityAlertState": { + "AGWBackendLastByteResponseTimeAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Global Backend Availability Alert State" + "displayName": "AGW Backend Last Byte Response Time Alert State" }, "defaultValue": "true", "type": "string" }, - "LBHealthProbeStatusAlertSeverity": { + "AGWCapacityUnitsAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Health Probe Status Alert Severity" + "displayName": "AGW Capacity Units Alert Severity" }, "allowedValues": [ "0", @@ -840,10 +864,10 @@ "defaultValue": "2", "type": "String" }, - "LBHealthProbeStatusWindowSize": { + "AGWCapacityUnitsWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Health Probe Status Window Size" + "displayName": "AGW Capacity Units Window Size" }, "allowedValues": [ "PT1M", @@ -858,10 +882,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBHealthProbeStatusEvaluationFrequency": { + "AGWCapacityUnitsEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Health Probe Status Evaluation Frequency" + "displayName": "AGW Capacity Units Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -873,10 +897,10 @@ "defaultValue": "PT1M", "type": "string" }, - "LBHealthProbeStatusPolicyEffect": { + "AGWCapacityUnitsPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Health Probe Status Policy Effect" + "displayName": "AGW Capacity Units Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -885,18 +909,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "LBHealthProbeStatusAlertState": { + "AGWCapacityUnitsAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Health Probe Status Alert State" + "displayName": "AGW Capacity Units Alert State" }, "defaultValue": "true", "type": "string" }, - "LBUsedSNATPortsAlertSeverity": { + "AGWComputeUnitsAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "LB Used SNAT Ports Alert Severity" + "displayName": "AGW Compute Units Alert Severity" }, "allowedValues": [ "0", @@ -905,13 +929,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "LBUsedSNATPortsWindowSize": { + "AGWComputeUnitsWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "LB Used SNAT Ports Window Size" + "displayName": "AGW Compute Units Window Size" }, "allowedValues": [ "PT1M", @@ -926,10 +950,10 @@ "defaultValue": "PT5M", "type": "string" }, - "LBUsedSNATPortsEvaluationFrequency": { + "AGWComputeUnitsEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "LB Used SNAT Ports Evaluation Frequency" + "displayName": "AGW Compute Units Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -941,10 +965,10 @@ "defaultValue": "PT1M", "type": "string" }, - "LBUsedSNATPortsPolicyEffect": { + "AGWComputeUnitsPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "LB Used SNAT Ports Policy Effect" + "displayName": "AGW Compute Units Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -953,18 +977,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "LBUsedSNATPortsAlertState": { + "AGWComputeUnitsAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "LB Used SNAT Ports Alert State" + "displayName": "AGW Compute Units Alert State" }, "defaultValue": "true", "type": "string" }, - "CDNPOriginHealthPercentageAlertSeverity": { + "AGWCPUUtilAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "CDN Origin Health Percentage Alert Severity" + "displayName": "AGW CPU Util Alert Severity" }, "allowedValues": [ "0", @@ -976,10 +1000,10 @@ "defaultValue": "2", "type": "String" }, - "CDNPOriginHealthPercentageWindowSize": { + "AGWCPUUtilWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "CDN Origin Health Percentage Window Size" + "displayName": "AGW CPU Util Window Size" }, "allowedValues": [ "PT1M", @@ -994,10 +1018,10 @@ "defaultValue": "PT5M", "type": "string" }, - "CDNPOriginHealthPercentageEvaluationFrequency": { + "AGWCPUUtilEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "CDN Origin Health Percentage Evaluation Frequency" + "displayName": "AGW CPU Util Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1009,10 +1033,10 @@ "defaultValue": "PT1M", "type": "string" }, - "CDNPOriginHealthPercentagePolicyEffect": { + "AGWCPUUtilPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "CDN Origin Health Percentage Policy Effect" + "displayName": "AGW CPU Util Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1021,18 +1045,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "CDNPOriginHealthPercentageAlertState": { + "AGWCPUUtilAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "CDN Origin Health Percentage Alert State" + "displayName": "AGW CPU Util Alert State" }, "defaultValue": "true", "type": "string" }, - "CDNPOriginLatencyAlertSeverity": { + "AGWFailedRequestsAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "CDN Origin Latancy Alert Severity" + "displayName": "AGW Failed Requests Alert Severity" }, "allowedValues": [ "0", @@ -1044,10 +1068,23 @@ "defaultValue": "2", "type": "String" }, - "CDNPOriginLatencyWindowSize": { + "AGWFailedRequestsAlertSensitivity": { + "metadata": { + "description": "Dynamic Sensitivity of the alert", + "displayName": "AGW Failed Requests Dynamic Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + }, + "AGWFailedRequestsWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "CDN Origin Latency Window Size" + "displayName": "AGW Failed Requests Window Size" }, "allowedValues": [ "PT1M", @@ -1062,10 +1099,10 @@ "defaultValue": "PT5M", "type": "string" }, - "CDNPOriginLatencyEvaluationFrequency": { + "AGWFailedRequestsEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "CDN Origin Latency Evaluation Frequency" + "displayName": "AGW Failed Requests Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1077,30 +1114,30 @@ "defaultValue": "PT1M", "type": "string" }, - "CDNPOriginLatencyPolicyEffect": { + "AGWFailedRequestsPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "CDN Origin Latency Policy Effect" + "displayName": "AGW Failed Requests Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "CDNPOriginLatencyAlertState": { + "AGWFailedRequestsAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "CDN Origin Latency Alert State" + "displayName": "AGW Failed Requests Alert State" }, "defaultValue": "true", "type": "string" }, - "CDNPPercentage4XXAlertSeverity": { + "AGWResponseStatusAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "CDN Percentage 4XX Alert Severity" + "displayName": "AGW Response Status Alert Severity" }, "allowedValues": [ "0", @@ -1112,10 +1149,23 @@ "defaultValue": "2", "type": "String" }, - "CDNPPercentage4XXWindowSize": { + "AGWResponseStatusAlertSensitivity": { + "metadata": { + "description": "Dynamic Sensitivity of the alert", + "displayName": "AGW Response Status Dynamic Alert Sensitivity" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "Medium", + "type": "String" + }, + "AGWResponseStatusWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "CDN Percentage 4XX Window Size" + "displayName": "AGW Response Status Window Size" }, "allowedValues": [ "PT1M", @@ -1130,10 +1180,10 @@ "defaultValue": "PT5M", "type": "string" }, - "CDNPPercentage4XXEvaluationFrequency": { + "AGWResponseStatusEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "CDN Percentage 4XX Evaluation Frequency" + "displayName": "AGW Response Status Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1145,10 +1195,10 @@ "defaultValue": "PT1M", "type": "string" }, - "CDNPPercentage4XXPolicyEffect": { + "AGWResponseStatusPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "CDN Percentage 4XX Policy Effect" + "displayName": "AGW Response Status Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1157,18 +1207,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "CDNPPercentage4XXAlertState": { + "AGWResponseStatusAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "CDN Percentage 4XX Alert State" + "displayName": "AGW Response Status Alert State" }, "defaultValue": "true", "type": "string" }, - "CDNPPercentage5XXAlertSeverity": { + "AGWUnhealthyHostCountAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "CDN Percentage 5XX Alert Severity" + "displayName": "AGW Unhealthy Host Count Alert Severity" }, "allowedValues": [ "0", @@ -1180,10 +1230,10 @@ "defaultValue": "2", "type": "String" }, - "CDNPPercentage5XXWindowSize": { + "AGWUnhealthyHostCountWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "CDN Percentage 5XX Window Size" + "displayName": "AGW Unhealthy Host Count Window Size" }, "allowedValues": [ "PT1M", @@ -1198,10 +1248,10 @@ "defaultValue": "PT5M", "type": "string" }, - "CDNPPercentage5XXEvaluationFrequency": { + "AGWUnhealthyHostCountEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "CDN Percentage 5XX Evaluation Frequency" + "displayName": "AGW Unhealthy Host Count Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1213,10 +1263,10 @@ "defaultValue": "PT1M", "type": "string" }, - "CDNPPercentage5XXPolicyEffect": { + "AGWUnhealthyHostCountPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "CDN Percentage 5XX Policy Effect" + "displayName": "AGW Unhealthy Host Count Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1225,18 +1275,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "CDNPPercentage5XXAlertState": { + "AGWUnhealthyHostCountAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "CDN Percentage 5XX Alert State" + "displayName": "AGW Unhealthy Host Count Alert State" }, "defaultValue": "true", "type": "string" }, - "TMEndpointHealthAlertSeverity": { + "CDNPOriginHealthPercentageAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "TM Enpoint Health Alert Severity" + "displayName": "CDN Origin Health Percentage Alert Severity" }, "allowedValues": [ "0", @@ -1248,10 +1298,10 @@ "defaultValue": "2", "type": "String" }, - "TMEndpointHealthWindowSize": { + "CDNPOriginHealthPercentageWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "TM Enpoint Health Window Size" + "displayName": "CDN Origin Health Percentage Window Size" }, "allowedValues": [ "PT1M", @@ -1266,10 +1316,10 @@ "defaultValue": "PT5M", "type": "string" }, - "TMEndpointHealthEvaluationFrequency": { + "CDNPOriginHealthPercentageEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "TM Enpoint Health Evaluation Frequency" + "displayName": "CDN Origin Health Percentage Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1281,10 +1331,10 @@ "defaultValue": "PT1M", "type": "string" }, - "TMEndpointHealthPolicyEffect": { + "CDNPOriginHealthPercentagePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "TM Enpoint Health Policy Effect" + "displayName": "CDN Origin Health Percentage Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1293,18 +1343,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "TMEndpointHealthAlertState": { + "CDNPOriginHealthPercentageAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "TM Enpoint Health Alert State" + "displayName": "CDN Origin Health Percentage Alert State" }, "defaultValue": "true", "type": "string" }, - "FDBackendHealthAlertSeverity": { + "CDNPOriginLatencyAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "FD Backend Health Alert Severity" + "displayName": "CDN Origin Latancy Alert Severity" }, "allowedValues": [ "0", @@ -1316,10 +1366,10 @@ "defaultValue": "2", "type": "String" }, - "FDBackendHealthWindowSize": { + "CDNPOriginLatencyWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "FD Backend Health Window Size" + "displayName": "CDN Origin Latency Window Size" }, "allowedValues": [ "PT1M", @@ -1334,10 +1384,10 @@ "defaultValue": "PT5M", "type": "string" }, - "FDBackendHealthEvaluationFrequency": { + "CDNPOriginLatencyEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "FD Backend Health Evaluation Frequency" + "displayName": "CDN Origin Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1349,30 +1399,30 @@ "defaultValue": "PT1M", "type": "string" }, - "FDBackendHealthPolicyEffect": { + "CDNPOriginLatencyPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "FD Backend Health Policy Effect" + "displayName": "CDN Origin Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "disabled", "type": "string" }, - "FDBackendHealthAlertState": { + "CDNPOriginLatencyAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "FD Backend Health Alert State" + "displayName": "CDN Origin Latency Alert State" }, "defaultValue": "true", "type": "string" }, - "FDBackendRequestLatencyAlertSeverity": { + "CDNPPercentage4XXAlertSeverity": { "metadata": { "description": "Severity of the alert", - "displayName": "FD Backend Request Latency Alert Severity" + "displayName": "CDN Percentage 4XX Alert Severity" }, "allowedValues": [ "0", @@ -1384,10 +1434,10 @@ "defaultValue": "2", "type": "String" }, - "FDBackendRequestLatencyWindowSize": { + "CDNPPercentage4XXWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "FD Backend Request Latency Window Size" + "displayName": "CDN Percentage 4XX Window Size" }, "allowedValues": [ "PT1M", @@ -1402,10 +1452,10 @@ "defaultValue": "PT5M", "type": "string" }, - "FDBackendRequestLatencyEvaluationFrequency": { + "CDNPPercentage4XXEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "FD Backend Request Latency Evaluation Frequency" + "displayName": "CDN Percentage 4XX Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1417,10 +1467,10 @@ "defaultValue": "PT1M", "type": "string" }, - "FDBackendRequestLatencyPolicyEffect": { + "CDNPPercentage4XXPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "FD Backend Request Latency Policy Effect" + "displayName": "CDN Percentage 4XX Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1429,36 +1479,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "FDBackendRequestLatencyAlertState": { + "CDNPPercentage4XXAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "FD Backend Request Latency Alert State" + "displayName": "CDN Percentage 4XX Alert State" }, "defaultValue": "true", "type": "string" }, - "AGWComputeUnitsWindowSize": { - "metadata": { - "description": "Window size for the alert", - "displayName": "AGW Compute Units Window Size" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "string" - }, - "PIPDDoSAttackAlertSeverity": { + "CDNPPercentage5XXAlertSeverity": { "metadata": { - "description": "Severity of the alert for PIP DDoS Attack", - "displayName": "PIP DDoS Attack Alert Severity" + "description": "Severity of the alert", + "displayName": "CDN Percentage 5XX Alert Severity" }, "allowedValues": [ "0", @@ -1467,13 +1499,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "PIPDDoSAttackWindowSize": { + "CDNPPercentage5XXWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP DDoS Attack Window Size" + "displayName": "CDN Percentage 5XX Window Size" }, "allowedValues": [ "PT1M", @@ -1488,10 +1520,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPDDoSAttackEvaluationFrequency": { + "CDNPPercentage5XXEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP DDoS Attack Evaluation Frequency" + "displayName": "CDN Percentage 5XX Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1500,13 +1532,13 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPDDoSAttackPolicyEffect": { + "CDNPPercentage5XXPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "PIP DDoS Attack Policy Effect" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "CDN Percentage 5XX Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1515,26 +1547,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPDDoSAttackAlertState": { + "CDNPPercentage5XXAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP DDoS Attack Alert State" + "displayName": "CDN Percentage 5XX Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPDDoSAttackThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PIP DDoS Attack Threshold" - }, - "defaultValue": "0", - "type": "string" - }, - "PIPPacketsInDDoSAlertSeverity": { + "TMEndpointHealthAlertSeverity": { "metadata": { - "description": "Severity of the alert for PIP Packets In DDoS", - "displayName": "PIP Packets In DDoS Alert Severity" + "description": "Severity of the alert", + "displayName": "TM Enpoint Health Alert Severity" }, "allowedValues": [ "0", @@ -1543,13 +1567,13 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "2", "type": "String" }, - "PIPPacketsInDDoSWindowSize": { + "TMEndpointHealthWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP Packets In DDoS Window Size" + "displayName": "TM Enpoint Health Window Size" }, "allowedValues": [ "PT1M", @@ -1564,10 +1588,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPPacketsInDDoSEvaluationFrequency": { + "TMEndpointHealthEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP Packets In DDoS Evaluation Frequency" + "displayName": "TM Enpoint Health Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1576,41 +1600,33 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPPacketsInDDoSPolicyEffect": { + "TMEndpointHealthPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "PIP Packets In DDoS Policy Effect" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "TM Enpoint Health Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPPacketsInDDoSAlertState": { + "TMEndpointHealthAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP Packets In DDoS Alert State" + "displayName": "TM Enpoint Health Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPPacketsInDDoSThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PIP Packets In DDoS Threshold" - }, - "defaultValue": "40000", - "type": "string" - }, - "PIPVIPAvailabilityAlertSeverity": { + "FDBackendHealthAlertSeverity": { "metadata": { - "description": "Severity of the alert for PIP VIP Availability", - "displayName": "PIP VIP Availability Alert Severity" + "description": "Severity of the alert", + "displayName": "FD Backend Health Alert Severity" }, "allowedValues": [ "0", @@ -1619,13 +1635,13 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "PIPVIPAvailabilityWindowSize": { + "FDBackendHealthWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP VIP Availability Window Size" + "displayName": "FD Backend Health Window Size" }, "allowedValues": [ "PT1M", @@ -1640,10 +1656,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPVIPAvailabilityEvaluationFrequency": { + "FDBackendHealthEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP VIP Availability Evaluation Frequency" + "displayName": "FD Backend Health Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1655,10 +1671,10 @@ "defaultValue": "PT1M", "type": "string" }, - "PIPVIPAvailabilityPolicyEffect": { + "FDBackendHealthPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "PIP VIP Availability Policy Effect" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "FD Backend Health Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -1667,26 +1683,18 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPVIPAvailabilityAlertState": { + "FDBackendHealthAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP VIP Availability Alert State" + "displayName": "FD Backend Health Alert State" }, "defaultValue": "true", "type": "string" }, - "PIPVIPAvailabilityThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PIP VIP Availability Threshold" - }, - "defaultValue": "1", - "type": "string" - }, - "PIPBytesInDDoSAlertSeverity": { + "FDBackendRequestLatencyAlertSeverity": { "metadata": { - "description": "Severity of the alert for PIP Bytes In DDoS", - "displayName": "PIP Bytes In DDoS Alert Severity" + "description": "Severity of the alert", + "displayName": "FD Backend Request Latency Alert Severity" }, "allowedValues": [ "0", @@ -1695,13 +1703,13 @@ "3", "4" ], - "defaultValue": "4", + "defaultValue": "2", "type": "String" }, - "PIPBytesInDDoSWindowSize": { + "FDBackendRequestLatencyWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "PIP Bytes In DDoS Window Size" + "displayName": "FD Backend Request Latency Window Size" }, "allowedValues": [ "PT1M", @@ -1716,10 +1724,10 @@ "defaultValue": "PT5M", "type": "string" }, - "PIPBytesInDDoSEvaluationFrequency": { + "FDBackendRequestLatencyEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "PIP Bytes In DDoS Evaluation Frequency" + "displayName": "FD Backend Request Latency Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -1728,36 +1736,28 @@ "PT30M", "PT1H" ], - "defaultValue": "PT5M", + "defaultValue": "PT1M", "type": "string" }, - "PIPBytesInDDoSPolicyEffect": { + "FDBackendRequestLatencyPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "PIP Bytes In DDoS Policy Effect" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "FD Backend Request Latency Policy Effect" }, "allowedValues": [ "deployIfNotExists", "disabled" ], - "defaultValue": "disabled", + "defaultValue": "deployIfNotExists", "type": "string" }, - "PIPBytesInDDoSAlertState": { + "FDBackendRequestLatencyAlertState": { "metadata": { "description": "Alert state for the alert", - "displayName": "PIP Bytes In DDoS Alert State" + "displayName": "FD Backend Request Latency Alert State" }, "defaultValue": "true", "type": "string" - }, - "PIPBytesInDDoSThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "PIP Bytes In DDoS Threshold" - }, - "defaultValue": "8000000", - "type": "string" } }, "policyDefinitions": [ @@ -1765,27 +1765,27 @@ "policyDefinitionReferenceId": "ALZ_PIPBytesInDDoS", "policyDefinitionName": "Deploy_PublicIp_BytesInDDoSAttack_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('PIPBytesInDDoSEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('PIPBytesInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPBytesInDDoSAlertSeverity')]" }, "enabled": { "value": "[parameters('PIPBytesInDDoSAlertState')]" }, - "effect": { - "value": "[parameters('PIPBytesInDDoSPolicyEffect')]" - }, "threshold": { "value": "[parameters('PIPBytesInDDoSThreshold')]" } @@ -1795,27 +1795,27 @@ "policyDefinitionReferenceId": "ALZ_PIPDDoSAttack", "policyDefinitionName": "Deploy_PublicIp_DDoSAttack_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('PIPDDoSAttackEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('PIPDDoSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('PIPDDoSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPDDoSAttackAlertSeverity')]" }, "enabled": { "value": "[parameters('PIPDDoSAttackAlertState')]" }, - "effect": { - "value": "[parameters('PIPDDoSAttackPolicyEffect')]" - }, "threshold": { "value": "[parameters('PIPDDoSAttackThreshold')]" } @@ -1825,27 +1825,27 @@ "policyDefinitionReferenceId": "ALZ_PIPPacketsInDDoS", "policyDefinitionName": "Deploy_PublicIp_PacketsInDDoSAttack_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('PIPPacketsInDDoSEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('PIPPacketsInDDoSWindowSize')]" }, + "effect": { + "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPPacketsInDDoSAlertSeverity')]" }, "enabled": { "value": "[parameters('PIPPacketsInDDoSAlertState')]" }, - "effect": { - "value": "[parameters('PIPPacketsInDDoSPolicyEffect')]" - }, "threshold": { "value": "[parameters('PIPPacketsInDDoSThreshold')]" } @@ -1855,27 +1855,27 @@ "policyDefinitionReferenceId": "ALZ_PIPVIPAvailability", "policyDefinitionName": "Deploy_PublicIp_VIPAvailability_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('PIPVIPAvailabilityEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('PIPVIPAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('PIPVIPAvailabilityAlertSeverity')]" }, "enabled": { "value": "[parameters('PIPVIPAvailabilityAlertState')]" }, - "effect": { - "value": "[parameters('PIPVIPAvailabilityPolicyEffect')]" - }, "threshold": { "value": "[parameters('PIPVIPAvailabilityThreshold')]" } @@ -1885,27 +1885,27 @@ "policyDefinitionReferenceId": "ALZ_VNETDDOSAttack", "policyDefinitionName": "Deploy_VNET_DDoSAttack_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('VNETDDOSAttackEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('VNETDDOSAttackWindowSize')]" }, + "effect": { + "value": "[parameters('VNETDDOSAttackPolicyEffect')]" + }, "severity": { "value": "[parameters('VNETDDOSAttackAlertSeverity')]" }, "enabled": { "value": "[parameters('VNETDDOSAttackAlertState')]" }, - "effect": { - "value": "[parameters('VNETDDOSAttackPolicyEffect')]" - }, "threshold": { "value": "[parameters('VNETDDOSAttackThreshold')]" } @@ -1915,27 +1915,27 @@ "policyDefinitionReferenceId": "ALZ_AGWTotalTime", "policyDefinitionName": "Deploy_AG_ApplicationGatewayTotalTime_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWApplicationGatewayTotalTimeEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWApplicationGatewayTotalTimeEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWApplicationGatewayTotalTimeWindowSize')]" }, + "effect": { + "value": "[parameters('AGWApplicationGatewayTotalTimePolicyEffect')]" + }, "severity": { "value": "[parameters('AGWApplicationGatewayTotalTimeAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWApplicationGatewayTotalTimeAlertState')]" }, - "effect": { - "value": "[parameters('AGWApplicationGatewayTotalTimePolicyEffect')]" - }, "alertSensitivity": { "value": "[parameters('AGWApplicationGatewayTotalTimeAlertSensitivity')]" } @@ -1945,27 +1945,27 @@ "policyDefinitionReferenceId": "ALZ_AGWBackendLastByteResponseTime", "policyDefinitionName": "Deploy_AG_BackendLastByteResponseTime_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWBackendLastByteResponseTimeEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWBackendLastByteResponseTimeEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWBackendLastByteResponseTimeWindowSize')]" }, + "effect": { + "value": "[parameters('AGWBackendLastByteResponseTimePolicyEffect')]" + }, "severity": { "value": "[parameters('AGWBackendLastByteResponseTimeAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWBackendLastByteResponseTimeAlertState')]" }, - "effect": { - "value": "[parameters('AGWBackendLastByteResponseTimePolicyEffect')]" - }, "alertSensitivity": { "value": "[parameters('AGWBackendLastByteResponseTimeAlertSensitivity')]" } @@ -1975,26 +1975,26 @@ "policyDefinitionReferenceId": "ALZ_AGWCapacityUnits", "policyDefinitionName": "Deploy_AG_CapacityUnits_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWCapacityUnitsEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWCapacityUnitsEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWCapacityUnitsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWCapacityUnitsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWCapacityUnitsAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWCapacityUnitsAlertState')]" - }, - "effect": { - "value": "[parameters('AGWCapacityUnitsPolicyEffect')]" } } }, @@ -2002,26 +2002,26 @@ "policyDefinitionReferenceId": "ALZ_AGWComputeUnits", "policyDefinitionName": "Deploy_AG_ComputeUnits_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWComputeUnitsEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWComputeUnitsEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWComputeUnitsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWComputeUnitsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWComputeUnitsAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWComputeUnitsAlertState')]" - }, - "effect": { - "value": "[parameters('AGWComputeUnitsPolicyEffect')]" } } }, @@ -2029,26 +2029,26 @@ "policyDefinitionReferenceId": "ALZ_AGWCPUUtilization", "policyDefinitionName": "Deploy_AG_CPUUtilization_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWCPUUtilEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWCPUUtilEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWCPUUtilWindowSize')]" }, + "effect": { + "value": "[parameters('AGWCPUUtilPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWCPUUtilAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWCPUUtilAlertState')]" - }, - "effect": { - "value": "[parameters('AGWCPUUtilPolicyEffect')]" } } }, @@ -2056,27 +2056,27 @@ "policyDefinitionReferenceId": "ALZ_AGWFailedRequests", "policyDefinitionName": "Deploy_AG_FailedRequests_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWFailedRequestsEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWFailedRequestsEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWFailedRequestsWindowSize')]" }, + "effect": { + "value": "[parameters('AGWFailedRequestsPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWFailedRequestsAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWFailedRequestsAlertState')]" }, - "effect": { - "value": "[parameters('AGWFailedRequestsPolicyEffect')]" - }, "alertSensitivity": { "value": "[parameters('AGWFailedRequestsAlertSensitivity')]" } @@ -2086,27 +2086,27 @@ "policyDefinitionReferenceId": "ALZ_AGWResponseStatus", "policyDefinitionName": "Deploy_AG_ResponseStatus_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWResponseStatusEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWResponseStatusEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWResponseStatusWindowSize')]" }, + "effect": { + "value": "[parameters('AGWResponseStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWResponseStatusAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWResponseStatusAlertState')]" }, - "effect": { - "value": "[parameters('AGWResponseStatusPolicyEffect')]" - }, "alertSensitivity": { "value": "[parameters('AGWResponseStatusAlertSensitivity')]" } @@ -2116,26 +2116,26 @@ "policyDefinitionReferenceId": "ALZ_AGWUnhealthyHostCount", "policyDefinitionName": "Deploy_AG_UnhealthyHostCount_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AGWUnhealthyHostCountEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('AGWUnhealthyHostCountEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('AGWUnhealthyHostCountWindowSize')]" }, + "effect": { + "value": "[parameters('AGWUnhealthyHostCountPolicyEffect')]" + }, "severity": { "value": "[parameters('AGWUnhealthyHostCountAlertSeverity')]" }, "enabled": { "value": "[parameters('AGWUnhealthyHostCountAlertState')]" - }, - "effect": { - "value": "[parameters('AGWUnhealthyHostCountPolicyEffect')]" } } }, @@ -2143,26 +2143,26 @@ "policyDefinitionReferenceId": "ALZ_LBDataPathAvailability", "policyDefinitionName": "Deploy_ALB_DataPathAvailability_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('LBDataPathAvailabilityEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('LBDataPathAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBDataPathAvailabilityAlertSeverity')]" }, "enabled": { "value": "[parameters('LBDataPathAvailabilityAlertState')]" - }, - "effect": { - "value": "[parameters('LBDataPathAvailabilityPolicyEffect')]" } } }, @@ -2170,26 +2170,26 @@ "policyDefinitionReferenceId": "ALZ_LBGlobalBackendAvailability", "policyDefinitionName": "Deploy_ALB_GlobalBackendAvailability_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('LBGlobalBackendAvailabilityEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('LBGlobalBackendAvailabilityWindowSize')]" }, + "effect": { + "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" + }, "severity": { "value": "[parameters('LBGlobalBackendAvailabilityAlertSeverity')]" }, "enabled": { "value": "[parameters('LBGlobalBackendAvailabilityAlertState')]" - }, - "effect": { - "value": "[parameters('LBGlobalBackendAvailabilityPolicyEffect')]" } } }, @@ -2197,26 +2197,26 @@ "policyDefinitionReferenceId": "ALZ_LBHealthProbeStatus", "policyDefinitionName": "Deploy_ALB_HealthProbeStatus_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('LBHealthProbeStatusEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('LBHealthProbeStatusWindowSize')]" }, + "effect": { + "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" + }, "severity": { "value": "[parameters('LBHealthProbeStatusAlertSeverity')]" }, "enabled": { "value": "[parameters('LBHealthProbeStatusAlertState')]" - }, - "effect": { - "value": "[parameters('LBHealthProbeStatusPolicyEffect')]" } } }, @@ -2224,26 +2224,26 @@ "policyDefinitionReferenceId": "ALZ_LBUsedSNATPorts", "policyDefinitionName": "Deploy_ALB_UsedSNATPorts_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('LBUsedSNATPortsEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('LBUsedSNATPortsWindowSize')]" }, + "effect": { + "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" + }, "severity": { "value": "[parameters('LBUsedSNATPortsAlertSeverity')]" }, "enabled": { "value": "[parameters('LBUsedSNATPortsAlertState')]" - }, - "effect": { - "value": "[parameters('LBUsedSNATPortsPolicyEffect')]" } } }, @@ -2251,26 +2251,26 @@ "policyDefinitionReferenceId": "ALZ_CDNPOriginHealthPercentage", "policyDefinitionName": "Deploy_FrontDoorCDN_OriginHealthPercentage_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('CDNPOriginHealthPercentageEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('CDNPOriginHealthPercentageEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('CDNPOriginHealthPercentageWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPOriginHealthPercentagePolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPOriginHealthPercentageAlertSeverity')]" }, "enabled": { "value": "[parameters('CDNPOriginHealthPercentageAlertState')]" - }, - "effect": { - "value": "[parameters('CDNPOriginHealthPercentagePolicyEffect')]" } } }, @@ -2278,26 +2278,26 @@ "policyDefinitionReferenceId": "ALZ_CDNPOriginLatency", "policyDefinitionName": "Deploy_FrontDoorCDN_OriginLatency_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('CDNPOriginLatencyEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('CDNPOriginLatencyEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('CDNPOriginLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPOriginLatencyPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPOriginLatencyAlertSeverity')]" }, "enabled": { "value": "[parameters('CDNPOriginLatencyAlertState')]" - }, - "effect": { - "value": "[parameters('CDNPOriginLatencyPolicyEffect')]" } } }, @@ -2305,26 +2305,26 @@ "policyDefinitionReferenceId": "ALZ_CDNPPercentage4XX", "policyDefinitionName": "Deploy_FrontDoorCDN_Percentage4XX_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('CDNPPercentage4XXEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('CDNPPercentage4XXEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('CDNPPercentage4XXWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPPercentage4XXPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPPercentage4XXAlertSeverity')]" }, "enabled": { "value": "[parameters('CDNPPercentage4XXAlertState')]" - }, - "effect": { - "value": "[parameters('CDNPPercentage4XXPolicyEffect')]" } } }, @@ -2332,26 +2332,26 @@ "policyDefinitionReferenceId": "ALZ_CDNPPercentage5XX", "policyDefinitionName": "Deploy_FrontDoorCDN_Percentage5XX_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('CDNPPercentage5XXEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('CDNPPercentage5XXEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('CDNPPercentage5XXWindowSize')]" }, + "effect": { + "value": "[parameters('CDNPPercentage5XXPolicyEffect')]" + }, "severity": { "value": "[parameters('CDNPPercentage5XXAlertSeverity')]" }, "enabled": { "value": "[parameters('CDNPPercentage5XXAlertState')]" - }, - "effect": { - "value": "[parameters('CDNPPercentage5XXPolicyEffect')]" } } }, @@ -2359,26 +2359,26 @@ "policyDefinitionReferenceId": "ALZ_TMEndpointHealth", "policyDefinitionName": "Deploy_TM_EndpointHealth_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('TMEndpointHealthEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('TMEndpointHealthEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('TMEndpointHealthWindowSize')]" }, + "effect": { + "value": "[parameters('TMEndpointHealthPolicyEffect')]" + }, "severity": { "value": "[parameters('TMEndpointHealthAlertSeverity')]" }, "enabled": { "value": "[parameters('TMEndpointHealthAlertState')]" - }, - "effect": { - "value": "[parameters('TMEndpointHealthPolicyEffect')]" } } }, @@ -2386,26 +2386,26 @@ "policyDefinitionReferenceId": "ALZ_FDBackendHealth", "policyDefinitionName": "Deploy_FD_BackendHealth_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('FDBackendHealthEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('FDBackendHealthEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('FDBackendHealthWindowSize')]" }, + "effect": { + "value": "[parameters('FDBackendHealthPolicyEffect')]" + }, "severity": { "value": "[parameters('FDBackendHealthAlertSeverity')]" }, "enabled": { "value": "[parameters('FDBackendHealthAlertState')]" - }, - "effect": { - "value": "[parameters('FDBackendHealthPolicyEffect')]" } } }, @@ -2413,26 +2413,26 @@ "policyDefinitionReferenceId": "ALZ_FDBackendRequestLatency", "policyDefinitionName": "Deploy_FD_BackendRequestLatency_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('FDBackendRequestLatencyEvaluationFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "evaluationFrequency": { + "value": "[parameters('FDBackendRequestLatencyEvaluationFrequency')]" + }, "windowSize": { "value": "[parameters('FDBackendRequestLatencyWindowSize')]" }, + "effect": { + "value": "[parameters('FDBackendRequestLatencyPolicyEffect')]" + }, "severity": { "value": "[parameters('FDBackendRequestLatencyAlertSeverity')]" }, "enabled": { "value": "[parameters('FDBackendRequestLatencyAlertState')]" - }, - "effect": { - "value": "[parameters('FDBackendRequestLatencyPolicyEffect')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-management.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-management.jsonc index 9a77b3c..2c59556 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-management.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-management.jsonc @@ -5,8 +5,8 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Management", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group", "metadata": { - "version": "1.2.0", "category": "Monitoring", + "version": "1.3.0", "_deployed_by_amba": true, "alzCloudEnvironments": [ "AzureCloud" @@ -14,32 +14,69 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorResourceGroupLocation": { + "AATotalJobAlertEvaluationFrequency": { "metadata": { - "displayName": "ALZ Monitoring Resource Group Location", - "description": "Location of the resource group" + "displayName": "AA Total Job Alert Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, - "defaultValue": "centralus", - "type": "String" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "string" }, - "ALZMonitorResourceGroupTags": { + "AATotalJobAlertWindowSize": { "metadata": { - "displayName": "ALZ Monitoring Resource Group Tags", - "description": "Tags to apply to the resource group" - }, - "defaultValue": { - "_deployed_by_alz_monitor": true + "displayName": "AA Total Job Alert Window Size", + "description": "Window size for the alert" }, - "type": "Object" + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "string" }, - "ALZMonitorResourceGroupName": { + "AATotalJobAlertSeverity": { "metadata": { - "displayName": "ALZ Monitoring Resource Group Name", - "description": "Name of the resource group to deploy the ALZ monitoring resources to" + "displayName": "AA Total Job Alert Severity", + "description": "Severity of the alert" }, - "defaultValue": "ALZ-Monitoring-RG", + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "2", "type": "String" }, + "BYOUserAssignedManagedIdentityResourceId": { + "metadata": { + "displayName": "Customer defined User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity provided by the customer." + }, + "defaultValue": "", + "type": "string" + }, + "ALZManagementSubscriptionId": { + "metadata": { + "description": "The subscription ID of the management subscription where the user assigned managed identity will be created." + }, + "defaultValue": "", + "type": "string" + }, "ALZMonitorDisableTagValues": { "metadata": { "displayName": "ALZ Monitoring disabled tag values(s)", @@ -61,122 +98,166 @@ "defaultValue": "MonitorDisable", "type": "String" }, - "ALZUserAssignedManagedIdentityName": { + "LAWDailyCapLimitAlertState": { "metadata": { - "displayName": "Name of the user assigned managed identity to be created.", - "description": "The name of the user assigned managed identity to be created for monitoring purpose." + "displayName": "ALog Analytics Workspace Daily Cap Limit Reached Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "id-AMBA-ARG-Reader-001", + "defaultValue": "true", "type": "string" }, - "ALZManagementSubscriptionId": { + "LAWDailyCapLimitPolicyEffect": { "metadata": { - "description": "The subscription ID of the management subscription where the user assigned managed identity will be created." + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, - "defaultValue": "", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists", "type": "string" }, - "BYOUserAssignedManagedIdentityResourceId": { + "LAWDailyCapLimitEvaluationPeriods": { "metadata": { - "displayName": "Customer defined User Assigned managed Identity resource Id.", - "description": "The resource Id of the user assigned managed identity provided by the customer." + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Periods", + "description": "The number of aggregated lookback points." }, - "defaultValue": "", - "type": "string" + "defaultValue": "1", + "type": "String" }, - "AATotalJobAlertSeverity": { + "LAWDailyCapLimitFailingPeriods": { "metadata": { - "displayName": "AA Total Job Alert Severity", - "description": "Severity of the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Failing Periods", + "description": "Number of failing periods before alert is fired" + }, + "defaultValue": "1", + "type": "String" + }, + "ALZMonitorResourceGroupLocation": { + "metadata": { + "displayName": "ALZ Monitoring Resource Group Location", + "description": "Location of the resource group" + }, + "defaultValue": "centralus", + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "displayName": "ALZ Monitoring Resource Group Tags", + "description": "Tags to apply to the resource group" + }, + "defaultValue": { + "_deployed_by_alz_monitor": true + }, + "type": "Object" + }, + "ALZMonitorResourceGroupName": { + "metadata": { + "displayName": "ALZ Monitoring Resource Group Name", + "description": "Name of the resource group to deploy the ALZ monitoring resources to" + }, + "defaultValue": "ALZ-Monitoring-RG", + "type": "String" + }, + "LAWDailyCapLimitThreshold": { + "metadata": { + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "0", + "type": "String" + }, + "LAWDailyCapLimitAutoMitigate": { + "metadata": { + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "allowedValues": [ - "0", - "1", - "2", - "3", - "4" + "true", + "false" ], - "defaultValue": "2", + "defaultValue": "true", "type": "String" }, - "AATotalJobAlertWindowSize": { + "LAWDailyCapLimitEvaluationFrequency": { "metadata": { - "displayName": "AA Total Job Alert Window Size", - "description": "Window size for the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "PT1M", "PT5M", + "PT10M", "PT15M", "PT30M", + "PT45M", "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", "PT6H", - "PT12H", "P1D" ], - "defaultValue": "PT5M", - "type": "string" + "defaultValue": "PT1H", + "type": "String" }, - "AATotalJobAlertEvaluationFrequency": { + "LAWDailyCapLimitWindowSize": { "metadata": { - "displayName": "AA Total Job Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", "PT5M", + "PT10M", "PT15M", "PT30M", - "PT1H" + "PT45M", + "PT1H", + "PT2H", + "PT3H", + "PT4H", + "PT5H", + "PT6H", + "P1D" ], - "defaultValue": "PT1M", - "type": "string" + "defaultValue": "P1D", + "type": "String" }, - "AATotalJobAlertPolicyEffect": { + "LAWDailyCapLimitTimeAggregation": { "metadata": { - "displayName": "AA Total Job Alert Policy Effect", - "description": "Policy effect for the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert TimeAggregation" }, "allowedValues": [ - "deployIfNotExists", - "disabled" + "Count" ], - "defaultValue": "deployIfNotExists", - "type": "string" - }, - "AATotalJobAlertAlertState": { - "metadata": { - "displayName": "AA Total Job Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" + "defaultValue": "Count", + "type": "String" }, - "AATotalJobAlertThreshold": { + "LAWDailyCapLimitOperator": { "metadata": { - "displayName": "AA Total Job Alert Threshold", - "description": "Threshold for the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Operator" }, - "defaultValue": "20", - "type": "string" + "allowedValues": [ + "GreaterThan", + "GreaterThanOrEqual" + ], + "defaultValue": "GreaterThan", + "type": "String" }, - "RVBackupHealthMonitorPolicyEffect": { + "ALZUserAssignedManagedIdentityName": { "metadata": { - "displayName": "RV Backup Health Monitor Policy Effect", - "description": "Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults" + "displayName": "Name of the user assigned managed identity to be created.", + "description": "The name of the user assigned managed identity to be created for monitoring purpose." }, - "allowedValues": [ - "modify", - "audit", - "disabled" - ], - "defaultValue": "modify", + "defaultValue": "id-AMBA-ARG-Reader-001", "type": "string" }, - "StorageAccountAvailabilityAlertSeverity": { + "LAWDailyCapLimitSeverity": { "metadata": { - "displayName": "Storage Account Availability Alert Severity", - "description": "Severity of the alert" + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Severity", + "description": "Severity of the Alert" }, "allowedValues": [ "0", @@ -185,45 +266,20 @@ "3", "4" ], - "defaultValue": "1", + "defaultValue": "2", "type": "String" }, - "StorageAccountAvailabilityWindowSize": { - "metadata": { - "displayName": "Storage Account Availability Alert Window Size", - "description": "Window size for the alert" - }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ], - "defaultValue": "PT5M", - "type": "string" - }, - "StorageAccountAvailabilityFrequency": { + "activityLAWKeyRegenAlertState": { "metadata": { - "displayName": "Storage Account Availability Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "Activity Log Alert Key Regen Alert State", + "description": "Alert state for the alert" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT5M", + "defaultValue": "true", "type": "string" }, - "StorageAccountAvailabilityPolicyEffect": { + "activityLAWKeyRegenPolicyEffect": { "metadata": { - "displayName": "Storage Account Availability Alert Policy Effect", + "displayName": "LAW Key Regen Alert Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, "allowedValues": [ @@ -233,25 +289,17 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "StorageAccountAvailabilityAlertState": { + "activityLAWDeleteAlertState": { "metadata": { - "displayName": "Storage Account Availability Alert State", + "displayName": "Activity Log Alert Delete Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "StorageAccountAvailabilityThreshold": { - "metadata": { - "displayName": "Storage Account Availability Alert Threshold", - "description": "Threshold for the alert" - }, - "defaultValue": "90", - "type": "string" - }, - "StorageAccountDeletePolicyEffect": { + "activityLAWDeletePolicyEffect": { "metadata": { - "displayName": "Storage Account Delete Alert Policy Effect", + "displayName": "Activity Log Alert Delete Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, "allowedValues": [ @@ -269,9 +317,9 @@ "defaultValue": "true", "type": "string" }, - "activityLAWDeletePolicyEffect": { + "StorageAccountDeletePolicyEffect": { "metadata": { - "displayName": "Activity Log Alert Delete Policy Effect", + "displayName": "Storage Account Delete Alert Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, "allowedValues": [ @@ -281,155 +329,128 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "activityLAWDeleteAlertState": { + "StorageAccountAvailabilityThreshold": { "metadata": { - "displayName": "Activity Log Alert Delete Alert State", - "description": "Alert state for the alert" + "displayName": "Storage Account Availability Alert Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "true", + "defaultValue": "90", "type": "string" }, - "activityLAWKeyRegenPolicyEffect": { + "RVBackupHealthMonitorPolicyEffect": { "metadata": { - "displayName": "LAW Key Regen Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" + "displayName": "RV Backup Health Monitor Policy Effect", + "description": "Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults" }, "allowedValues": [ - "deployIfNotExists", + "modify", + "audit", "disabled" ], - "defaultValue": "deployIfNotExists", + "defaultValue": "modify", "type": "string" }, - "activityLAWKeyRegenAlertState": { + "StorageAccountAvailabilityAlertState": { "metadata": { - "displayName": "Activity Log Alert Key Regen Alert State", + "displayName": "Storage Account Availability Alert State", "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, - "LAWDailyCapLimitSeverity": { - "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Severity", - "description": "Severity of the Alert" - }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", - "type": "String" - }, - "LAWDailyCapLimitOperator": { + "StorageAccountAvailabilityPolicyEffect": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Operator" + "displayName": "Storage Account Availability Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" }, "allowedValues": [ - "GreaterThan", - "GreaterThanOrEqual" + "deployIfNotExists", + "disabled" ], - "defaultValue": "GreaterThan", - "type": "String" + "defaultValue": "deployIfNotExists", + "type": "string" }, - "LAWDailyCapLimitTimeAggregation": { + "StorageAccountAvailabilityFrequency": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert TimeAggregation" + "displayName": "Storage Account Availability Alert Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ - "Count" + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" ], - "defaultValue": "Count", - "type": "String" + "defaultValue": "PT5M", + "type": "string" }, - "LAWDailyCapLimitWindowSize": { + "StorageAccountAvailabilityWindowSize": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Window Size", + "displayName": "Storage Account Availability Alert Window Size", "description": "Window size for the alert" }, "allowedValues": [ "PT1M", "PT5M", - "PT10M", "PT15M", "PT30M", - "PT45M", "PT1H", - "PT2H", - "PT3H", - "PT4H", - "PT5H", "PT6H", + "PT12H", "P1D" ], - "defaultValue": "P1D", - "type": "String" + "defaultValue": "PT5M", + "type": "string" }, - "LAWDailyCapLimitEvaluationFrequency": { + "StorageAccountAvailabilityAlertSeverity": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "displayName": "Storage Account Availability Alert Severity", + "description": "Severity of the alert" }, "allowedValues": [ - "PT5M", - "PT10M", - "PT15M", - "PT30M", - "PT45M", - "PT1H", - "PT2H", - "PT3H", - "PT4H", - "PT5H", - "PT6H", - "P1D" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT1H", + "defaultValue": "1", "type": "String" }, - "LAWDailyCapLimitAutoMitigate": { + "RVASRHealthMonitorPolicyEffect": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Auto Mitigate", - "description": "Auto Mitigate for the alert" + "displayName": "Recovery Vault ASR Health Monitor Policy Effect", + "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist" }, "allowedValues": [ - "true", - "false" + "modify", + "audit", + "disabled" ], - "defaultValue": "true", - "type": "String" + "defaultValue": "modify", + "type": "string" }, - "LAWDailyCapLimitThreshold": { + "AATotalJobAlertThreshold": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Threshold", + "displayName": "AA Total Job Alert Threshold", "description": "Threshold for the alert" }, - "defaultValue": "0", - "type": "String" - }, - "LAWDailyCapLimitFailingPeriods": { - "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Failing Periods", - "description": "Number of failing periods before alert is fired" - }, - "defaultValue": "1", - "type": "String" + "defaultValue": "20", + "type": "string" }, - "LAWDailyCapLimitEvaluationPeriods": { + "AATotalJobAlertAlertState": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Evaluation Periods", - "description": "The number of aggregated lookback points." + "displayName": "AA Total Job Alert State", + "description": "Alert state for the alert" }, - "defaultValue": "1", - "type": "String" + "defaultValue": "true", + "type": "string" }, - "LAWDailyCapLimitPolicyEffect": { + "AATotalJobAlertPolicyEffect": { "metadata": { - "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" + "displayName": "AA Total Job Alert Policy Effect", + "description": "Policy effect for the alert" }, "allowedValues": [ "deployIfNotExists", @@ -437,14 +458,6 @@ ], "defaultValue": "deployIfNotExists", "type": "string" - }, - "LAWDailyCapLimitAlertState": { - "metadata": { - "displayName": "ALog Analytics Workspace Daily Cap Limit Reached Alert State", - "description": "Alert state for the alert" - }, - "defaultValue": "true", - "type": "string" } }, "policyDefinitions": [ @@ -452,8 +465,8 @@ "policyDefinitionReferenceId": "ALZ_activityLAWDelete", "policyDefinitionName": "Deploy_activitylog_LAWorkspace_Delete", "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "effect": { + "value": "[parameters('activityLAWDeletePolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -461,15 +474,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, - "effect": { - "value": "[parameters('activityLAWDeletePolicyEffect')]" + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "enabled": { "value": "[parameters('activityLAWDeleteAlertState')]" } @@ -479,8 +492,8 @@ "policyDefinitionReferenceId": "ALZ_activityLAWKeyRegen", "policyDefinitionName": "Deploy_activitylog_LAWorkspace_KeyRegen", "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "effect": { + "value": "[parameters('activityLAWKeyRegenPolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -488,15 +501,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, - "effect": { - "value": "[parameters('activityLAWKeyRegenPolicyEffect')]" + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "enabled": { "value": "[parameters('activityLAWKeyRegenAlertState')]" } @@ -506,8 +519,8 @@ "policyDefinitionReferenceId": "ALZ_LAWorkspaceDailyCapLimitReached", "policyDefinitionName": "Deploy_LAWorkspace_DailyCapLimitReached_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('LAWDailyCapLimitEvaluationFrequency')]" + "effect": { + "value": "[parameters('LAWDailyCapLimitPolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -515,38 +528,38 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "effect": { - "value": "[parameters('LAWDailyCapLimitPolicyEffect')]" + "evaluationFrequency": { + "value": "[parameters('LAWDailyCapLimitEvaluationFrequency')]" }, - "autoMitigate": { - "value": "[parameters('LAWDailyCapLimitAutoMitigate')]" + "enabled": { + "value": "[parameters('LAWDailyCapLimitAlertState')]" }, "windowSize": { "value": "[parameters('LAWDailyCapLimitWindowSize')]" }, - "enabled": { - "value": "[parameters('LAWDailyCapLimitAlertState')]" - }, "threshold": { "value": "[parameters('LAWDailyCapLimitThreshold')]" }, "severity": { "value": "[parameters('LAWDailyCapLimitSeverity')]" }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + "autoMitigate": { + "value": "[parameters('LAWDailyCapLimitAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('LAWDailyCapLimitTimeAggregation')]" }, + "operator": { + "value": "[parameters('LAWDailyCapLimitOperator')]" + }, + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" + }, "failingPeriods": { "value": "[parameters('LAWDailyCapLimitFailingPeriods')]" }, "evaluationPeriods": { "value": "[parameters('LAWDailyCapLimitEvaluationPeriods')]" - }, - "operator": { - "value": "[parameters('LAWDailyCapLimitOperator')]" } } }, @@ -554,8 +567,8 @@ "policyDefinitionReferenceId": "ALZ_AATotalJob", "policyDefinitionName": "Deploy_AA_TotalJob_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('AATotalJobAlertEvaluationFrequency')]" + "effect": { + "value": "[parameters('AATotalJobAlertPolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -563,15 +576,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "effect": { - "value": "[parameters('AATotalJobAlertPolicyEffect')]" - }, - "windowSize": { - "value": "[parameters('AATotalJobAlertWindowSize')]" + "evaluationFrequency": { + "value": "[parameters('AATotalJobAlertEvaluationFrequency')]" }, "enabled": { "value": "[parameters('AATotalJobAlertAlertState')]" }, + "windowSize": { + "value": "[parameters('AATotalJobAlertWindowSize')]" + }, "threshold": { "value": "[parameters('AATotalJobAlertThreshold')]" }, @@ -584,14 +597,29 @@ "policyDefinitionReferenceId": "ALZ_RVBackupHealth", "policyDefinitionName": "Deploy_RecoveryVault_BackupHealthMonitor_Alert", "parameters": { + "effect": { + "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" - }, + } + } + }, + { + "policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor", + "policyDefinitionName": "Deploy_RecoveryVault_ASRHealthMonitor_Alert", + "parameters": { "effect": { - "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]" + "value": "[parameters('RVASRHealthMonitorPolicyEffect')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" } } }, @@ -599,8 +627,8 @@ "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability", "policyDefinitionName": "Deploy_StorageAccount_Availability_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('StorageAccountAvailabilityFrequency')]" + "effect": { + "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -608,15 +636,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "effect": { - "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]" - }, - "windowSize": { - "value": "[parameters('StorageAccountAvailabilityWindowSize')]" + "evaluationFrequency": { + "value": "[parameters('StorageAccountAvailabilityFrequency')]" }, "enabled": { "value": "[parameters('StorageAccountAvailabilityAlertState')]" }, + "windowSize": { + "value": "[parameters('StorageAccountAvailabilityWindowSize')]" + }, "threshold": { "value": "[parameters('StorageAccountAvailabilityThreshold')]" }, @@ -629,8 +657,8 @@ "policyDefinitionReferenceId": "ALZ_activitySADelete", "policyDefinitionName": "Deploy_activitylog_StorageAccount_Delete", "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "effect": { + "value": "[parameters('StorageAccountDeletePolicyEffect')]" }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" @@ -638,15 +666,15 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, - "effect": { - "value": "[parameters('StorageAccountDeletePolicyEffect')]" + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "alertResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "enabled": { "value": "[parameters('StorageAccountDeleteAlertState')]" } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-networkchanges.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-networkchanges.jsonc index 6015fb9..320ac14 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-networkchanges.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-networkchanges.jsonc @@ -5,45 +5,19 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security", "description": "This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.", "metadata": { - "version": "1.0.0", - "category": "Monitoring", "_deployed_by_amba": true, + "version": "1.0.0", "alzCloudEnvironments": [ "AzureCloud" ], + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorResourceGroupLocation": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Location", - "description": "Location of the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": "centralus", - "type": "String" - }, - "ALZMonitorResourceGroupTags": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": { - "_deployed_by_alz_monitor": true - }, - "type": "Object" - }, - "ALZMonitorResourceGroupName": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Name", - "description": "Name of the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": "ALZ-Monitoring-RG", - "type": "String" - }, "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, "defaultValue": [ "true", @@ -55,16 +29,42 @@ }, "ALZMonitorDisableTagName": { "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, "defaultValue": "MonitorDisable", "type": "String" }, + "ALZMonitorResourceGroupLocation": { + "metadata": { + "description": "Location of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, + "ALZMonitorResourceGroupName": { + "metadata": { + "description": "Name of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" + }, + "defaultValue": "ALZ-Monitoring-RG", + "type": "String" + }, + "ALZMonitorResourceGroupTags": { + "metadata": { + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" + }, + "defaultValue": { + "_deployed_by_alz_monitor": true + }, + "type": "Object" + }, "activityNSGDeletePolicyEffect": { "metadata": { - "displayName": "Activity NSG Delete Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity NSG Delete Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -75,16 +75,16 @@ }, "activityNSGDeleteAlertState": { "metadata": { - "displayName": "Activity NSG Delete Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Activity NSG Delete Alert State" }, "defaultValue": "true", "type": "string" }, "activityUDRUpdatePolicyEffect": { "metadata": { - "displayName": "Activity UDR Update Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", + "displayName": "Activity UDR Update Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -95,8 +95,8 @@ }, "activityUDRUpdateAlertState": { "metadata": { - "displayName": "Activity UDR Update Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Activity UDR Update Alert State" }, "defaultValue": "true", "type": "string" @@ -107,26 +107,26 @@ "policyDefinitionReferenceId": "ALZ_activityNSGDelete", "policyDefinitionName": "Deploy_activitylog_NSG_Delete", "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "effect": { "value": "[parameters('activityNSGDeletePolicyEffect')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "enabled": { "value": "[parameters('activityNSGDeleteAlertState')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" } } }, @@ -134,26 +134,26 @@ "policyDefinitionReferenceId": "ALZ_activityUDRUpdate", "policyDefinitionName": "Deploy_activitylog_RouteTable_Update", "parameters": { - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "effect": { "value": "[parameters('activityUDRUpdatePolicyEffect')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "enabled": { "value": "[parameters('activityUDRUpdateAlertState')]" + }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-recoveryservices.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-recoveryservices.jsonc index 6a3f89b..7e3f3b2 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-recoveryservices.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-recoveryservices.jsonc @@ -5,15 +5,41 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Recovery Services", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.", "metadata": { + "category": "Monitoring", + "version": "1.1.0", "_deployed_by_amba": true, - "version": "1.0.0", "alzCloudEnvironments": [ "AzureCloud" ], - "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { + "RVASRHealthMonitorPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist", + "displayName": "Recovery Vault ASR Health Monitor Policy Effect" + }, + "allowedValues": [ + "modify", + "audit", + "disabled" + ], + "defaultValue": "modify", + "type": "string" + }, + "RVBackupHealthMonitorPolicyEffect": { + "metadata": { + "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist", + "displayName": "Recovery Vault Backup Health Monitor Policy Effect" + }, + "allowedValues": [ + "modify", + "audit", + "disabled" + ], + "defaultValue": "modify", + "type": "string" + }, "ALZMonitorDisableTagValues": { "metadata": { "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", @@ -34,19 +60,6 @@ }, "defaultValue": "MonitorDisable", "type": "String" - }, - "RVBackupHealthMonitorPolicyEffect": { - "metadata": { - "description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist", - "displayName": "Recovery Vault Backup Health Monitor Policy Effect" - }, - "allowedValues": [ - "modify", - "audit", - "disabled" - ], - "defaultValue": "modify", - "type": "string" } }, "policyDefinitions": [ @@ -54,14 +67,29 @@ "policyDefinitionReferenceId": "ALZ_RVBackupHealthMonitor", "policyDefinitionName": "Deploy_RecoveryVault_BackupHealthMonitor_Alert", "parameters": { + "effect": { + "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" - }, + } + } + }, + { + "policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor", + "policyDefinitionName": "Deploy_RecoveryVault_ASRHealthMonitor_Alert", + "parameters": { "effect": { - "value": "[parameters('RVBackupHealthMonitorPolicyEffect')]" + "value": "[parameters('RVASRHealthMonitorPolicyEffect')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-servicehealth.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-servicehealth.jsonc index ec9404b..4f73331 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-servicehealth.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-servicehealth.jsonc @@ -6,42 +6,42 @@ "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health.", "metadata": { "_deployed_by_amba": true, - "version": "1.5.0", - "category": "Monitoring", "alzCloudEnvironments": [ "AzureCloud" ], + "version": "1.5.0", + "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { "ALZMonitorActionGroupEmail": { "metadata": { - "displayName": "Action Group Email Addresses", - "description": "Email addresses to send alerts to" + "description": "Email addresses to send alerts to", + "displayName": "Action Group Email Addresses" }, "defaultValue": [], "type": "Array" }, - "ALZMonitorResourceGroupLocation": { - "metadata": { - "displayName": "Resource Group Location", - "description": "Location of the resource group" - }, - "defaultValue": "centralus", - "type": "String" - }, "BYOActionGroup": { "metadata": { - "displayName": "Customer defined Action Group Resource IDs", - "description": "The Resource IDs of existing Action Groups currently deployed in the environment." + "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", + "displayName": "Customer defined Action Group Resource IDs" }, "defaultValue": [], "type": "array" }, + "ALZMonitorResourceGroupLocation": { + "metadata": { + "description": "Location of the resource group", + "displayName": "Resource Group Location" + }, + "defaultValue": "centralus", + "type": "String" + }, "ALZMonitorResourceGroupTags": { "metadata": { - "displayName": "Resource Group Tags", - "description": "Tags to apply to the resource group" + "description": "Tags to apply to the resource group", + "displayName": "Resource Group Tags" }, "defaultValue": { "_deployed_by_alz_monitor": true @@ -50,16 +50,16 @@ }, "ALZMonitorResourceGroupName": { "metadata": { - "displayName": "Resource Group Name", - "description": "Name of the resource group to deploy the alerts to" + "description": "Name of the resource group to deploy the alerts to", + "displayName": "Resource Group Name" }, "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, "defaultValue": [ "true", @@ -71,88 +71,88 @@ }, "ALZMonitorDisableTagName": { "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, "defaultValue": "MonitorDisable", "type": "String" }, - "BYOAlertProcessingRule": { + "ALZLogicappCallbackUrl": { "metadata": { - "displayName": "Customer defined Alert Processing Rule Resource ID", - "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment" + "description": "Callback URL that triggers the Logic App", + "displayName": "Logic App Callback URL" }, "defaultValue": "", "type": "String" }, - "ALZLogicappCallbackUrl": { + "BYOAlertProcessingRule": { "metadata": { - "displayName": "Logic App Callback URL", - "description": "Callback URL that triggers the Logic App" + "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment", + "displayName": "Customer defined Alert Processing Rule Resource ID" }, "defaultValue": "", "type": "String" }, - "ALZFunctionResourceId": { + "ALZLogicappResourceId": { "metadata": { - "displayName": "Function Resource Id", - "description": "Function Resource Id for Action Group to send alerts to" + "description": "Logic App Resource Id for Action Group to send alerts to", + "displayName": "Logic App Resource Id" }, "defaultValue": "", "type": "String" }, - "ALZLogicappResourceId": { + "ALZFunctionTriggerUrl": { "metadata": { - "displayName": "Logic App Resource Id", - "description": "Logic App Resource Id for Action Group to send alerts to" + "description": "URL that triggers the Function App", + "displayName": "Function Trigger URL" }, "defaultValue": "", "type": "String" }, "ALZEventHubResourceId": { "metadata": { - "displayName": "Event Hub resource Ids", - "description": "Event Hub resource Ids for action group to send alerts to" + "description": "Event Hub resource Ids for action group to send alerts to", + "displayName": "Event Hub resource Ids" }, "defaultValue": [], "type": "array" }, - "ALZFunctionTriggerUrl": { + "ALZFunctionResourceId": { "metadata": { - "displayName": "Function Trigger URL", - "description": "URL that triggers the Function App" + "description": "Function Resource Id for Action Group to send alerts to", + "displayName": "Function Resource Id" }, "defaultValue": "", "type": "String" }, "ALZWebhookServiceUri": { "metadata": { - "displayName": "Webhook Service Uri(s)", - "description": "Indicates the service uri(s) of the webhook to send alerts to" + "description": "Indicates the service uri(s) of the webhook to send alerts to", + "displayName": "Webhook Service Uri(s)" }, "defaultValue": [], "type": "Array" }, "ALZArmRoleId": { "metadata": { - "displayName": "Arm Role Ids", - "description": "Arm Built-in Role Ids for action group to send alerts to" + "description": "Arm Built-in Role Ids for action group to send alerts to", + "displayName": "Arm Role Ids" }, "defaultValue": [], "type": "array" }, "ResHlthUnhealthyAlertState": { "metadata": { - "displayName": "Resource Health Unhealthy Alert State", - "description": "State of the Resource Health Unhealthy alert" + "description": "State of the Resource Health Unhealthy alert", + "displayName": "Resource Health Unhealthy Alert State" }, "defaultValue": "true", "type": "string" }, "ResHlthUnhealthyPolicyEffect": { "metadata": { - "displayName": "Resource Health Unhealthy Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Resource Health Unhealthy Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -163,16 +163,16 @@ }, "SvcHlthAdvisoryAlertState": { "metadata": { - "displayName": "Service Health Advisory Alert State", - "description": "State of the Service Health Advisory alert" + "description": "State of the Service Health Advisory alert", + "displayName": "Service Health Advisory Alert State" }, "defaultValue": "true", "type": "string" }, "serviceHealthAdvisoryPolicyEffect": { "metadata": { - "displayName": "Service Health Advisory Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Service Health Advisory Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -183,16 +183,16 @@ }, "SvcHlthIncidentAlertState": { "metadata": { - "displayName": "Service Health Incident Alert State", - "description": "State of the Service Health Incident alert" + "description": "State of the Service Health Incident alert", + "displayName": "Service Health Incident Alert State" }, "defaultValue": "true", "type": "string" }, "serviceHealthIncidentPolicyEffect": { "metadata": { - "displayName": "Service Health Incident Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Service Health Incident Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -203,16 +203,16 @@ }, "SvcHlthMaintenanceAlertState": { "metadata": { - "displayName": "Service Health Maintenance Alert State", - "description": "State of the Service Health Maintenance alert" + "description": "State of the Service Health Maintenance alert", + "displayName": "Service Health Maintenance Alert State" }, "defaultValue": "true", "type": "string" }, "serviceHealthMaintenancePolicyEffect": { "metadata": { - "displayName": "Service Health Maintenance Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Service Health Maintenance Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -223,16 +223,16 @@ }, "svcHlthSecAdvisoryAlertState": { "metadata": { - "displayName": "Service Health Security Advisory Alert State", - "description": "State of the Service Health Security Advisory alert" + "description": "State of the Service Health Security Advisory alert", + "displayName": "Service Health Security Advisory Alert State" }, "defaultValue": "true", "type": "string" }, "serviceHealthSecurityPolicyEffect": { "metadata": { - "displayName": "Service Health Security Advisory Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Service Health Security Advisory Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -250,41 +250,41 @@ "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, - "MonitorDisableTagName": { - "value": "[parameters('ALZMonitorDisableTagName')]" - }, "ALZMonitorActionGroupEmail": { "value": "[parameters('ALZMonitorActionGroupEmail')]" }, - "ALZMonitorResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" + "MonitorDisableTagName": { + "value": "[parameters('ALZMonitorDisableTagName')]" }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" }, + "ALZMonitorResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "ALZMonitorResourceGroupName": { "value": "[parameters('ALZMonitorResourceGroupName')]" }, - "BYOAlertProcessingRule": { - "value": "[parameters('BYOAlertProcessingRule')]" - }, "ALZLogicappCallbackUrl": { "value": "[parameters('ALZLogicappCallbackUrl')]" }, - "ALZFunctionResourceId": { - "value": "[parameters('ALZFunctionResourceId')]" + "BYOAlertProcessingRule": { + "value": "[parameters('BYOAlertProcessingRule')]" }, "ALZLogicappResourceId": { "value": "[parameters('ALZLogicappResourceId')]" }, + "ALZFunctionTriggerUrl": { + "value": "[parameters('ALZFunctionTriggerUrl')]" + }, "ALZEventHubResourceId": { "value": "[parameters('ALZEventHubResourceId')]" }, - "ALZFunctionTriggerUrl": { - "value": "[parameters('ALZFunctionTriggerUrl')]" + "ALZFunctionResourceId": { + "value": "[parameters('ALZFunctionResourceId')]" }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" @@ -298,24 +298,24 @@ "policyDefinitionReferenceId": "ALZ_ResHlthUnhealthy", "policyDefinitionName": "Deploy_activitylog_ResourceHealth_Unhealthy_Alert", "parameters": { - "MonitorDisableTagValues": { - "value": "[parameters('ALZMonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "enabled": { "value": "[parameters('ResHlthUnhealthyAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('ResHlthUnhealthyPolicyEffect')]" }, @@ -328,30 +328,30 @@ "policyDefinitionReferenceId": "ALZ_SvcHlthAdvisory", "policyDefinitionName": "Deploy_activitylog_ServiceHealth_HealthAdvisory", "parameters": { - "MonitorDisableTagValues": { - "value": "[parameters('ALZMonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "enabled": { "value": "[parameters('SvcHlthAdvisoryAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('serviceHealthAdvisoryPolicyEffect')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -361,30 +361,30 @@ "policyDefinitionReferenceId": "ALZ_SvcHlthIncident", "policyDefinitionName": "Deploy_activitylog_ServiceHealth_Incident", "parameters": { - "MonitorDisableTagValues": { - "value": "[parameters('ALZMonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "enabled": { "value": "[parameters('SvcHlthIncidentAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('serviceHealthIncidentPolicyEffect')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -394,30 +394,30 @@ "policyDefinitionReferenceId": "ALZ_SvcHlthMaintenance", "policyDefinitionName": "Deploy_activitylog_ServiceHealth_Maintenance", "parameters": { - "MonitorDisableTagValues": { - "value": "[parameters('ALZMonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "enabled": { "value": "[parameters('SvcHlthMaintenanceAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('serviceHealthMaintenancePolicyEffect')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } @@ -427,30 +427,30 @@ "policyDefinitionReferenceId": "ALZ_svcHlthSecAdvisory", "policyDefinitionName": "Deploy_activitylog_ServiceHealth_SecurityAdvisory", "parameters": { - "MonitorDisableTagValues": { - "value": "[parameters('ALZMonitorDisableTagValues')]" + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" }, "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, + "MonitorDisableTagValues": { + "value": "[parameters('ALZMonitorDisableTagValues')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, "enabled": { "value": "[parameters('svcHlthSecAdvisoryAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('serviceHealthSecurityPolicyEffect')]" }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" - }, "BYOActionGroup": { "value": "[parameters('BYOActionGroup')]" } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-storage.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-storage.jsonc index 5b57cd1..a68e877 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-storage.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-storage.jsonc @@ -14,44 +14,36 @@ "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { - "ALZMonitorResourceGroupName": { + "ALZMonitorResourceGroupLocation": { "metadata": { - "displayName": "ALZ Monitor Resource Group Name", - "description": "Name of the resource group where the ALZ Monitor resources will be deployed" + "description": "Location of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Location" }, - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "centralus", "type": "String" }, "ALZMonitorResourceGroupTags": { "metadata": { - "displayName": "ALZ Monitor Resource Group Tags", - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Tags" }, "defaultValue": { "_deployed_by_alz_monitor": true }, "type": "Object" }, - "ALZMonitorResourceGroupLocation": { - "metadata": { - "displayName": "ALZ Monitor Resource Group Location", - "description": "Location of the resource group where the ALZ Monitor resources will be deployed" - }, - "defaultValue": "centralus", - "type": "String" - }, - "ALZMonitorDisableTagName": { + "ALZMonitorResourceGroupName": { "metadata": { - "displayName": "ALZ Monitoring disabled tag name", - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Name of the resource group where the ALZ Monitor resources will be deployed", + "displayName": "ALZ Monitor Resource Group Name" }, - "defaultValue": "MonitorDisable", + "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, "ALZMonitorDisableTagValues": { "metadata": { - "displayName": "ALZ Monitoring disabled tag values(s)", - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag values(s)" }, "defaultValue": [ "true", @@ -61,10 +53,18 @@ ], "type": "Array" }, + "ALZMonitorDisableTagName": { + "metadata": { + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, "StorageAccountAvailabilityAlertSeverity": { "metadata": { - "displayName": "Storage Account Availability Alert Severity", - "description": "Severity of the alert for Storage Account Availability" + "description": "Severity of the alert for Storage Account Availability", + "displayName": "Storage Account Availability Alert Severity" }, "allowedValues": [ "0", @@ -78,8 +78,8 @@ }, "StorageAccountAvailabilityWindowSize": { "metadata": { - "displayName": "Storage Account Availability Window Size", - "description": "Window size for the alert" + "description": "Window size for the alert", + "displayName": "Storage Account Availability Window Size" }, "allowedValues": [ "PT1M", @@ -96,8 +96,8 @@ }, "StorageAccountAvailabilityFrequency": { "metadata": { - "displayName": "Storage Account Availability Evaluation Frequency", - "description": "Evaluation frequency for the alert" + "description": "Evaluation frequency for the alert", + "displayName": "Storage Account Availability Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -111,8 +111,8 @@ }, "StorageAccountAvailabilityPolicyEffect": { "metadata": { - "displayName": "Storage Account Availability Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", + "displayName": "Storage Account Availability Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -123,24 +123,24 @@ }, "StorageAccountAvailabilityAlertState": { "metadata": { - "displayName": "Storage Account Availability Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Storage Account Availability Alert State" }, "defaultValue": "true", "type": "string" }, "StorageAccountAvailabilityThreshold": { "metadata": { - "displayName": "Storage Account Availability Threshold", - "description": "Threshold for the alert" + "description": "Threshold for the alert", + "displayName": "Storage Account Availability Threshold" }, "defaultValue": "90", "type": "string" }, "StorageAccountDeletePolicyEffect": { "metadata": { - "displayName": "Storage Account Delete Alert Policy Effect", - "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert" + "description": "Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert", + "displayName": "Storage Account Delete Alert Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -151,8 +151,8 @@ }, "StorageAccountDeleteAlertState": { "metadata": { - "displayName": "Storage Account Delete Alert State", - "description": "Alert state for the alert" + "description": "Alert state for the alert", + "displayName": "Storage Account Delete Alert State" }, "defaultValue": "true", "type": "string" @@ -163,9 +163,6 @@ "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability", "policyDefinitionName": "Deploy_StorageAccount_Availability_Alert", "parameters": { - "evaluationFrequency": { - "value": "[parameters('StorageAccountAvailabilityFrequency')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, @@ -178,14 +175,17 @@ "effect": { "value": "[parameters('StorageAccountAvailabilityPolicyEffect')]" }, + "evaluationFrequency": { + "value": "[parameters('StorageAccountAvailabilityFrequency')]" + }, + "severity": { + "value": "[parameters('StorageAccountAvailabilityAlertSeverity')]" + }, "windowSize": { "value": "[parameters('StorageAccountAvailabilityWindowSize')]" }, "threshold": { "value": "[parameters('StorageAccountAvailabilityThreshold')]" - }, - "severity": { - "value": "[parameters('StorageAccountAvailabilityAlertSeverity')]" } } }, @@ -199,6 +199,9 @@ "alertResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, @@ -208,9 +211,6 @@ "enabled": { "value": "[parameters('StorageAccountDeleteAlertState')]" }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, "effect": { "value": "[parameters('StorageAccountDeletePolicyEffect')]" } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-vm.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-vm.jsonc index 16102a0..9ebef7f 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-vm.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-vm.jsonc @@ -10,43 +10,22 @@ "alzCloudEnvironments": [ "AzureCloud" ], - "category": "Monitoring", - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Monitoring" }, "parameters": { - "ALZMonitorDisableTagValues": { - "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" - }, - "defaultValue": [ - "true", - "Test", - "Dev", - "Sandbox" - ], - "type": "Array" - }, - "ALZMonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, "ALZMonitorResourceGroupName": { "metadata": { - "description": "Name of the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Name" + "displayName": "ALZ Monitor Resource Group Name", + "description": "Name of the resource group where the ALZ Monitor resources will be deployed" }, "defaultValue": "ALZ-Monitoring-RG", "type": "String" }, "ALZMonitorResourceGroupTags": { "metadata": { - "description": "Tags for the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Tags" + "displayName": "ALZ Monitor Resource Group Tags", + "description": "Tags for the resource group where the ALZ Monitor resources will be deployed" }, "defaultValue": { "_deployed_by_alz_monitor": true @@ -55,16 +34,37 @@ }, "ALZMonitorResourceGroupLocation": { "metadata": { - "description": "Location of the resource group where the ALZ Monitor resources will be deployed", - "displayName": "ALZ Monitor Resource Group Location" + "displayName": "ALZ Monitor Resource Group Location", + "description": "Location of the resource group where the ALZ Monitor resources will be deployed" }, "defaultValue": "centralus", "type": "String" }, + "ALZMonitorDisableTagName": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable", + "type": "String" + }, + "ALZMonitorDisableTagValues": { + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ], + "type": "Array" + }, "ALZUserAssignedManagedIdentityName": { "metadata": { - "description": "The name of the user assigned managed identity to be created for monitoring purpose.", - "displayName": "Name of the user assigned managed identity to be created." + "displayName": "Name of the user assigned managed identity to be created.", + "description": "The name of the user assigned managed identity to be created for monitoring purpose." }, "defaultValue": "id-AMBA-ARG-Reader-001", "type": "string" @@ -78,16 +78,16 @@ }, "BYOUserAssignedManagedIdentityResourceId": { "metadata": { - "description": "The resource Id of the user assigned managed identity provided by the customer.", - "displayName": "Customer defined User Assigned managed Identity resource Id." + "displayName": "Customer defined User Assigned managed Identity resource Id.", + "description": "The resource Id of the user assigned managed identity provided by the customer." }, "defaultValue": "", "type": "string" }, "VMHeartBeatRGAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Heart Beat RG", - "displayName": "VM Heart Beat RG Alert Severity" + "displayName": "VM Heart Beat RG Alert Severity", + "description": "Severity of the alert for VM Heart Beat RG" }, "allowedValues": [ "0", @@ -101,8 +101,8 @@ }, "VMHeartBeatRGWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Heart Beat RG Window Size" + "displayName": "VM Heart Beat RG Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -119,8 +119,8 @@ }, "VMHeartBeatRGEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Heart Beat RG Evaluation Frequency" + "displayName": "VM Heart Beat RG Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -134,32 +134,32 @@ }, "VMHeartBeatRGAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Heart Beat RG Auto Mitigate" + "displayName": "VM Heart Beat RG Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMHeartBeatRGAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Heart Beat RG Auto Resolve" + "displayName": "VM Heart Beat RG Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMHeartBeatRGAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Heart Beat RG Auto Resolve Time" + "displayName": "VM Heart Beat RG Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMHeartBeatRGPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Heart Beat RG Policy Effect" + "displayName": "VM Heart Beat RG Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -170,24 +170,24 @@ }, "VMHeartBeatRGAlertState": { "metadata": { - "description": "Alert state for the alert", - "displayName": "VM Heart Beat RG Alert State" + "displayName": "VM Heart Beat RG Alert State", + "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, "VMHeartBeatRGThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Heart Beat RG Threshold" + "displayName": "VM Heart Beat RG Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "string" }, "VMHeartBeatRGOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Heart Beat RG Operator" + "displayName": "VM Heart Beat RG Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -197,8 +197,8 @@ }, "VMHeartBeatRGTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Heart Beat RG Time Aggregation" + "displayName": "VM Heart Beat RG Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -208,8 +208,8 @@ }, "VMHeartBeatRGComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Heart Beat RG Computers To Include" + "displayName": "VM Heart Beat RG Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -218,16 +218,16 @@ }, "VMHeartBeatRGFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Heart Beat RG Failing Periods" + "displayName": "VM Heart Beat RG Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMNetworkInAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Network In", - "displayName": "VM Network In Alert Severity" + "displayName": "VM Network In Alert Severity", + "description": "Severity of the alert for VM Network In" }, "allowedValues": [ "0", @@ -241,8 +241,8 @@ }, "VMNetworkInWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Network In Window Size" + "displayName": "VM Network In Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -259,8 +259,8 @@ }, "VMNetworkInEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Network In Evaluation Frequency" + "displayName": "VM Network In Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -274,32 +274,32 @@ }, "VMNetworkInAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Network In Auto Mitigate" + "displayName": "VM Network In Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkInAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Network In Auto Resolve" + "displayName": "VM Network In Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkInAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Network In Auto Resolve Time" + "displayName": "VM Network In Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMNetworkInPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Network In Policy Effect" + "displayName": "VM Network In Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -310,24 +310,24 @@ }, "VMNetworkInAlertState": { "metadata": { - "description": "Alert state for the alert", - "displayName": "VM Network In Alert State" + "displayName": "VM Network In Alert State", + "description": "Alert state for the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkInThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Network In Threshold" + "displayName": "VM Network In Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10000000", "type": "string" }, "VMNetworkInOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Network In Operator" + "displayName": "VM Network In Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -337,8 +337,8 @@ }, "VMNetworkInTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Network In Time Aggregation" + "displayName": "VM Network In Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -348,24 +348,24 @@ }, "VMNetworkInEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM Network In Evaluation Periods" + "displayName": "VM Network In Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMNetworkInFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Network In Failing Periods" + "displayName": "VM Network In Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMNetworkInComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Network In Computers To Include" + "displayName": "VM Network In Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -374,8 +374,8 @@ }, "VMNetworkOutAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Network Out", - "displayName": "VM Network Out Alert Severity" + "displayName": "VM Network Out Alert Severity", + "description": "Severity of the alert for VM Network Out" }, "allowedValues": [ "0", @@ -389,8 +389,8 @@ }, "VMNetworkOutWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Network Out Window Size" + "displayName": "VM Network Out Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -407,8 +407,8 @@ }, "VMNetworkOutEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Network Out Evaluation Frequency" + "displayName": "VM Network Out Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -422,32 +422,32 @@ }, "VMNetworkOutAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Network Out Auto Mitigate" + "displayName": "VM Network Out Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkOutAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Network Out Auto Resolve" + "displayName": "VM Network Out Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkOutAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Network Out Auto Resolve Time" + "displayName": "VM Network Out Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMNetworkOutPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Network Out Policy Effect" + "displayName": "VM Network Out Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -458,24 +458,24 @@ }, "VMNetworkOutAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Network Out Alert State" + "displayName": "VM Network Out Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMNetworkOutThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Network Out Threshold" + "displayName": "VM Network Out Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10000000", "type": "string" }, "VMNetworkOutOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Network Out Operator" + "displayName": "VM Network Out Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -485,8 +485,8 @@ }, "VMNetworkOutTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Network Out Time Aggregation" + "displayName": "VM Network Out Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -496,24 +496,24 @@ }, "VMNetworkOutEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM Network Out Evaluation Periods" + "displayName": "VM Network Out Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMNetworkOutFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Network Out Failing Periods" + "displayName": "VM Network Out Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMNetworkOutComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Network Out Computers To Include" + "displayName": "VM Network Out Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -522,8 +522,8 @@ }, "VMOSDiskReadLatencyAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM OS Disk Read Latency", - "displayName": "VM OS Disk Read Latency Alert Severity" + "displayName": "VM OS Disk Read Latency Alert Severity", + "description": "Severity of the alert for VM OS Disk Read Latency" }, "allowedValues": [ "0", @@ -537,8 +537,8 @@ }, "VMOSDiskReadLatencyWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM OS Disk Read Latency Window Size" + "displayName": "VM OS Disk Read Latency Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -555,8 +555,8 @@ }, "VMOSDiskReadLatencyEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM OS Disk Read Latency Evaluation Frequency" + "displayName": "VM OS Disk Read Latency Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -570,24 +570,32 @@ }, "VMOSDiskReadLatencyAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM OS Disk Read Latency Auto Mitigate" + "displayName": "VM OS Disk Read Latency Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "defaultValue": "true", + "type": "string" + }, + "VMOSDiskReadLatencyAutoResolve": { + "metadata": { + "displayName": "VM OS Disk Read Latency Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskReadLatencyAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM OS Disk Read Latency Auto Resolve Time" + "displayName": "VM OS Disk Read Latency Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMOSDiskReadLatencyPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM OS Disk Read Latency Policy Effect" + "displayName": "VM OS Disk Read Latency Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -598,24 +606,24 @@ }, "VMOSDiskReadLatencyAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM OS Disk Read Latency Alert State" + "displayName": "VM OS Disk Read Latency Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskReadLatencyThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM OS Disk Read Latency Threshold" + "displayName": "VM OS Disk Read Latency Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "string" }, "VMOSDiskReadLatencyOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM OS Disk Read Latency Operator" + "displayName": "VM OS Disk Read Latency Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -625,8 +633,8 @@ }, "VMOSDiskReadLatencyTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM OS Disk Read Latency Time Aggregation" + "displayName": "VM OS Disk Read Latency Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -636,24 +644,24 @@ }, "VMOSDiskReadLatencyEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM OS Disk Read Latency Evaluation Periods" + "displayName": "VM OS Disk Read Latency Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskReadLatencyFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM OS Disk Read Latency Failing Periods" + "displayName": "VM OS Disk Read Latency Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskReadLatencyComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM OS Disk Read Latency Computers To Include" + "displayName": "VM OS Disk Read Latency Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -662,8 +670,8 @@ }, "VMOSDiskWriteLatencyAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM OS Disk Write Latency", - "displayName": "VM OS Disk Write Latency Alert Severity" + "displayName": "VM OS Disk Write Latency Alert Severity", + "description": "Severity of the alert for VM OS Disk Write Latency" }, "allowedValues": [ "0", @@ -677,8 +685,8 @@ }, "VMOSDiskWriteLatencyWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM OS Disk Write Latency Window Size" + "displayName": "VM OS Disk Write Latency Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -695,8 +703,8 @@ }, "VMOSDiskWriteLatencyEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM OS Disk Write Latency Evaluation Frequency" + "displayName": "VM OS Disk Write Latency Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -710,32 +718,32 @@ }, "VMOSDiskWriteLatencyAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM OS Disk Write Latency Auto Mitigate" + "displayName": "VM OS Disk Write Latency Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskWriteLatencyAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM OS Disk Write Latency Auto Resolve" + "displayName": "VM OS Disk Write Latency Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskWriteLatencyAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM OS Disk Write Latency Auto Resolve Time" + "displayName": "VM OS Disk Write Latency Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMOSDiskWriteLatencyPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM OS Disk Write Latency Policy Effect" + "displayName": "VM OS Disk Write Latency Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -746,24 +754,24 @@ }, "VMOSDiskWriteLatencyAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM OS Disk Write Latency Alert State" + "displayName": "VM OS Disk Write Latency Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskWriteLatencyThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM OS Disk Write Latency Threshold" + "displayName": "VM OS Disk Write Latency Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "string" }, "VMOSDiskWriteLatencyOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM OS Disk Write Latency Operator" + "displayName": "VM OS Disk Write Latency Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -773,8 +781,8 @@ }, "VMOSDiskWriteLatencyTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM OS Disk Write Latency Time Aggregation" + "displayName": "VM OS Disk Write Latency Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -784,24 +792,24 @@ }, "VMOSDiskWriteLatencyEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM OS Disk Write Latency Evaluation Periods" + "displayName": "VM OS Disk Write Latency Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskWriteLatencyFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM OS Disk Write Latency Failing Periods" + "displayName": "VM OS Disk Write Latency Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskWriteLatencyComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM OS Disk Write Latency Computers To Include" + "displayName": "VM OS Disk Write Latency Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -810,8 +818,8 @@ }, "VMOSDiskSpaceAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM OS Disk Space", - "displayName": "VM OS Disk Space Alert Severity" + "displayName": "VM OS Disk Space Alert Severity", + "description": "Severity of the alert for VM OS Disk Space" }, "allowedValues": [ "0", @@ -825,8 +833,8 @@ }, "VMOSDiskSpaceWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM OS Disk Space Window Size" + "displayName": "VM OS Disk Space Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -843,8 +851,8 @@ }, "VMOSDiskSpaceEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM OS Disk Space Evaluation Frequency" + "displayName": "VM OS Disk Space Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -858,32 +866,32 @@ }, "VMOSDiskSpaceAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM OS Disk Space Auto Mitigate" + "displayName": "VM OS Disk Space Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskSpaceAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM OS Disk Space Auto Resolve" + "displayName": "VM OS Disk Space Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskSpaceAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM OS Disk Space Auto Resolve Time" + "displayName": "VM OS Disk Space Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMOSDiskSpacePolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM OS Disk Space Policy Effect" + "displayName": "VM OS Disk Space Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -894,24 +902,24 @@ }, "VMOSDiskSpaceAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM OS Disk Space Alert State" + "displayName": "VM OS Disk Space Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMOSDiskSpaceThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM OS Disk Space Threshold" + "displayName": "VM OS Disk Space Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "string" }, "VMOSDiskSpaceOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM OS Disk Space Operator" + "displayName": "VM OS Disk Space Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -921,8 +929,8 @@ }, "VMOSDiskSpaceTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM OS Disk Space Time Aggregation" + "displayName": "VM OS Disk Space Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -932,24 +940,24 @@ }, "VMOSDiskSpaceEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM OS Disk Space Evaluation Periods" + "displayName": "VM OS Disk Space Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskSpaceFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM OS Disk Space Failing Periods" + "displayName": "VM OS Disk Space Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMOSDiskSpaceComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM OS Disk Space Computers To Include" + "displayName": "VM OS Disk Space Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -958,8 +966,8 @@ }, "VMPercentCPUAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Percent CPU", - "displayName": "VM Percent CPU Alert Severity" + "displayName": "VM Percent CPU Alert Severity", + "description": "Severity of the alert for VM Percent CPU" }, "allowedValues": [ "0", @@ -973,8 +981,8 @@ }, "VMPercentCPUWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Percent CPU Window Size" + "displayName": "VM Percent CPU Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -991,8 +999,8 @@ }, "VMPercentCPUEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Percent CPU Evaluation Frequency" + "displayName": "VM Percent CPU Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -1006,32 +1014,32 @@ }, "VMPercentCPUAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Percent CPU Auto Mitigate" + "displayName": "VM Percent CPU Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentCPUAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Percent CPU Auto Resolve" + "displayName": "VM Percent CPU Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentCPUAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Percent CPU Auto Resolve Time" + "displayName": "VM Percent CPU Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMPercentCPUPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Percent CPU Policy Effect" + "displayName": "VM Percent CPU Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -1042,24 +1050,24 @@ }, "VMPercentCPUAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Percent CPU Alert State" + "displayName": "VM Percent CPU Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentCPUThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Percent CPU Threshold" + "displayName": "VM Percent CPU Threshold", + "description": "Threshold for the alert" }, "defaultValue": "85", "type": "string" }, "VMPercentCPUOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Percent CPU Operator" + "displayName": "VM Percent CPU Operator", + "description": "Operator for the alert" }, "allowedValues": [ "Equals", @@ -1073,8 +1081,8 @@ }, "VMPercentCPUTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Percent CPU Time Aggregation" + "displayName": "VM Percent CPU Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -1084,16 +1092,16 @@ }, "VMPercentCPUFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Percent CPU Failing Periods" + "displayName": "VM Percent CPU Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMPercentMemoryAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Percent Memory", - "displayName": "VM Percent Memory Alert Severity" + "displayName": "VM Percent Memory Alert Severity", + "description": "Severity of the alert for VM Percent Memory" }, "allowedValues": [ "0", @@ -1107,8 +1115,8 @@ }, "VMPercentMemoryWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Percent Memory Window Size" + "displayName": "VM Percent Memory Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -1125,8 +1133,8 @@ }, "VMPercentMemoryEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Percent Memory Evaluation Frequency" + "displayName": "VM Percent Memory Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -1140,32 +1148,32 @@ }, "VMPercentMemoryAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Percent Memory Auto Mitigate" + "displayName": "VM Percent Memory Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentMemoryAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Percent Memory Auto Resolve" + "displayName": "VM Percent Memory Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentMemoryAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Percent Memory Auto Resolve Time" + "displayName": "VM Percent Memory Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMPercentMemoryPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Percent Memory Policy Effect" + "displayName": "VM Percent Memory Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -1176,24 +1184,24 @@ }, "VMPercentMemoryAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Percent Memory Alert State" + "displayName": "VM Percent Memory Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMPercentMemoryThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Percent Memory Threshold" + "displayName": "VM Percent Memory Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "string" }, "VMPercentMemoryOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Percent Memory Operator" + "displayName": "VM Percent Memory Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -1203,8 +1211,8 @@ }, "VMPercentMemoryTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Percent Memory Time Aggregation" + "displayName": "VM Percent Memory Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -1214,16 +1222,16 @@ }, "VMPercentMemoryFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Percent Memory Failing Periods" + "displayName": "VM Percent Memory Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskSpaceAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Data Disk Space", - "displayName": "VM Data Disk Space Alert Severity" + "displayName": "VM Data Disk Space Alert Severity", + "description": "Severity of the alert for VM Data Disk Space" }, "allowedValues": [ "0", @@ -1237,8 +1245,8 @@ }, "VMDataDiskSpaceWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Data Disk Space Window Size" + "displayName": "VM Data Disk Space Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -1255,8 +1263,8 @@ }, "VMDataDiskSpaceEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Data Disk Space Evaluation Frequency" + "displayName": "VM Data Disk Space Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -1270,32 +1278,32 @@ }, "VMDataDiskSpaceAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Data Disk Space Auto Mitigate" + "displayName": "VM Data Disk Space Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskSpaceAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Data Disk Space Auto Resolve" + "displayName": "VM Data Disk Space Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskSpaceAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Data Disk Space Auto Resolve Time" + "displayName": "VM Data Disk Space Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMDataDiskSpacePolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Data Disk Space Policy Effect" + "displayName": "VM Data Disk Space Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -1306,24 +1314,24 @@ }, "VMDataDiskSpaceAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Data Disk Space Alert State" + "displayName": "VM Data Disk Space Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskSpaceThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Data Disk Space Threshold" + "displayName": "VM Data Disk Space Threshold", + "description": "Threshold for the alert" }, "defaultValue": "10", "type": "string" }, "VMDataDiskSpaceOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Data Disk Space Operator" + "displayName": "VM Data Disk Space Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -1333,8 +1341,8 @@ }, "VMDataDiskSpaceTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Data Disk Space Time Aggregation" + "displayName": "VM Data Disk Space Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -1344,24 +1352,24 @@ }, "VMDataDiskSpaceEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM Data Disk Space Evaluation Periods" + "displayName": "VM Data Disk Space Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskSpaceFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Data Disk Space Failing Periods" + "displayName": "VM Data Disk Space Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskSpaceComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Data Disk Space Computers To Include" + "displayName": "VM Data Disk Space Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -1370,8 +1378,8 @@ }, "VMDataDiskReadLatencyAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Data Disk Read Latency", - "displayName": "VM Data Disk Read Latency Alert Severity" + "displayName": "VM Data Disk Read Latency Alert Severity", + "description": "Severity of the alert for VM Data Disk Read Latency" }, "allowedValues": [ "0", @@ -1385,8 +1393,8 @@ }, "VMDataDiskReadLatencyWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Data Disk Read Latency Window Size" + "displayName": "VM Data Disk Read Latency Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -1403,8 +1411,8 @@ }, "VMDataDiskReadLatencyEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Data Disk Read Latency Evaluation Frequency" + "displayName": "VM Data Disk Read Latency Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -1418,32 +1426,32 @@ }, "VMDataDiskReadLatencyAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Data Disk Read Latency Auto Mitigate" + "displayName": "VM Data Disk Read Latency Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskReadLatencyAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Data Disk Read Latency Auto Resolve" + "displayName": "VM Data Disk Read Latency Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskReadLatencyAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Data Disk Read Latency Auto Resolve Time" + "displayName": "VM Data Disk Read Latency Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMDataDiskReadLatencyPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Data Disk Read Latency Policy Effect" + "displayName": "VM Data Disk Read Latency Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -1454,24 +1462,24 @@ }, "VMDataDiskReadLatencyAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Data Disk Read Latency Alert State" + "displayName": "VM Data Disk Read Latency Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, - "VMOSDiskReadLatencyAutoResolve": { + "VMDataDiskReadLatencyThreshold": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM OS Disk Read Latency Auto Resolve" + "displayName": "VM Data Disk Read Latency Threshold", + "description": "Threshold for the alert" }, - "defaultValue": "true", + "defaultValue": "30", "type": "string" }, "VMDataDiskReadLatencyOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Data Disk Read Latency Operator" + "displayName": "VM Data Disk Read Latency Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -1481,8 +1489,8 @@ }, "VMDataDiskReadLatencyTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Data Disk Read Latency Time Aggregation" + "displayName": "VM Data Disk Read Latency Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -1492,24 +1500,24 @@ }, "VMDataDiskReadLatencyEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM Data Disk Read Latency Evaluation Periods" + "displayName": "VM Data Disk Read Latency Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskReadLatencyFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Data Disk Read Latency Failing Periods" + "displayName": "VM Data Disk Read Latency Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskReadLatencyComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Data Disk Read Latency Computers To Include" + "displayName": "VM Data Disk Read Latency Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" @@ -1518,8 +1526,8 @@ }, "VMDataDiskWriteLatencyAlertSeverity": { "metadata": { - "description": "Severity of the alert for VM Data Disk Write Latency", - "displayName": "VM Data Disk Write Latency Alert Severity" + "displayName": "VM Data Disk Write Latency Alert Severity", + "description": "Severity of the alert for VM Data Disk Write Latency" }, "allowedValues": [ "0", @@ -1533,8 +1541,8 @@ }, "VMDataDiskWriteLatencyWindowSize": { "metadata": { - "description": "Window size for the alert", - "displayName": "VM Data Disk Write Latency Window Size" + "displayName": "VM Data Disk Write Latency Window Size", + "description": "Window size for the alert" }, "allowedValues": [ "PT1M", @@ -1551,8 +1559,8 @@ }, "VMDataDiskWriteLatencyEvaluationFrequency": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "VM Data Disk Write Latency Evaluation Frequency" + "displayName": "VM Data Disk Write Latency Evaluation Frequency", + "description": "Evaluation frequency for the alert" }, "allowedValues": [ "PT1M", @@ -1566,32 +1574,32 @@ }, "VMDataDiskWriteLatencyAutoMitigate": { "metadata": { - "description": "Auto Mitigate for the alert", - "displayName": "VM Data Disk Write Latency Auto Mitigate" + "displayName": "VM Data Disk Write Latency Auto Mitigate", + "description": "Auto Mitigate for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskWriteLatencyAutoResolve": { "metadata": { - "description": "Auto Resolve for the alert", - "displayName": "VM Data Disk Write Latency Auto Resolve" + "displayName": "VM Data Disk Write Latency Auto Resolve", + "description": "Auto Resolve for the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskWriteLatencyAutoResolveTime": { "metadata": { - "description": "Auto Resolve Time for the alert", - "displayName": "VM Data Disk Write Latency Auto Resolve Time" + "displayName": "VM Data Disk Write Latency Auto Resolve Time", + "description": "Auto Resolve Time for the alert" }, "defaultValue": "00:10:00", "type": "string" }, "VMDataDiskWriteLatencyPolicyEffect": { "metadata": { - "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist", - "displayName": "VM Data Disk Write Latency Policy Effect" + "displayName": "VM Data Disk Write Latency Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" }, "allowedValues": [ "deployIfNotExists", @@ -1602,24 +1610,24 @@ }, "VMDataDiskWriteLatencyAlertState": { "metadata": { - "description": "Alert state for the alert, true will enable the alert, false will disable the alert", - "displayName": "VM Data Disk Write Latency Alert State" + "displayName": "VM Data Disk Write Latency Alert State", + "description": "Alert state for the alert, true will enable the alert, false will disable the alert" }, "defaultValue": "true", "type": "string" }, "VMDataDiskWriteLatencyThreshold": { "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Data Disk Write Latency Threshold" + "displayName": "VM Data Disk Write Latency Threshold", + "description": "Threshold for the alert" }, "defaultValue": "30", "type": "string" }, "VMDataDiskWriteLatencyOperator": { "metadata": { - "description": "Operator for the alert", - "displayName": "VM Data Disk Write Latency Operator" + "displayName": "VM Data Disk Write Latency Operator", + "description": "Operator for the alert" }, "allowedValues": [ "GreaterThan" @@ -1629,8 +1637,8 @@ }, "VMDataDiskWriteLatencyTimeAggregation": { "metadata": { - "description": "Time Aggregation for the alert", - "displayName": "VM Data Disk Write Latency Time Aggregation" + "displayName": "VM Data Disk Write Latency Time Aggregation", + "description": "Time Aggregation for the alert" }, "allowedValues": [ "Count" @@ -1640,37 +1648,29 @@ }, "VMDataDiskWriteLatencyEvaluationPeriods": { "metadata": { - "description": "Evaluation Periods for the alert", - "displayName": "VM Data Disk Write Latency Evaluation Periods" + "displayName": "VM Data Disk Write Latency Evaluation Periods", + "description": "Evaluation Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskWriteLatencyFailingPeriods": { "metadata": { - "description": "Failing Periods for the alert", - "displayName": "VM Data Disk Write Latency Failing Periods" + "displayName": "VM Data Disk Write Latency Failing Periods", + "description": "Failing Periods for the alert" }, "defaultValue": "1", "type": "string" }, "VMDataDiskWriteLatencyComputersToInclude": { "metadata": { - "description": "Computers To Include for the alert", - "displayName": "VM Data Disk Write Latency Computers To Include" + "displayName": "VM Data Disk Write Latency Computers To Include", + "description": "Computers To Include for the alert" }, "defaultValue": [ "*" ], "type": "array" - }, - "VMDataDiskReadLatencyThreshold": { - "metadata": { - "description": "Threshold for the alert", - "displayName": "VM Data Disk Read Latency Threshold" - }, - "defaultValue": "30", - "type": "string" } }, "policyDefinitions": [ @@ -1678,62 +1678,62 @@ "policyDefinitionReferenceId": "ALZ_VMHeartBeatRG", "policyDefinitionName": "Deploy_VM_HeartBeat_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMHeartBeatRGEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMHeartBeatRGWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMHeartBeatRGAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMHeartBeatRGAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMHeartBeatRGAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMHeartBeatRGPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMHeartBeatRGAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMHeartBeatRGTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMHeartBeatRGThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMHeartBeatRGFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMHeartBeatRGComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMHeartBeatRGFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMHeartBeatRGAutoResolveTime')]" }, - "operator": { - "value": "[parameters('VMHeartBeatRGOperator')]" + "windowSize": { + "value": "[parameters('VMHeartBeatRGWindowSize')]" + }, + "threshold": { + "value": "[parameters('VMHeartBeatRGThreshold')]" + }, + "severity": { + "value": "[parameters('VMHeartBeatRGAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMHeartBeatRGAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMHeartBeatRGAlertState')]" + }, + "operator": { + "value": "[parameters('VMHeartBeatRGOperator')]" } } }, @@ -1741,65 +1741,65 @@ "policyDefinitionReferenceId": "ALZ_VMNetworkIn", "policyDefinitionName": "Deploy_VM_NetworkIn_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMNetworkInEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMNetworkInWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMNetworkInAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMNetworkInAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMNetworkInAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMNetworkInPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMNetworkInAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMNetworkInTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMNetworkInThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMNetworkInFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMNetworkInComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMNetworkInFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMNetworkInAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMNetworkInWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMNetworkInEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMNetworkInOperator')]" + "threshold": { + "value": "[parameters('VMNetworkInThreshold')]" + }, + "severity": { + "value": "[parameters('VMNetworkInAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMNetworkInAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMNetworkInAlertState')]" + }, + "operator": { + "value": "[parameters('VMNetworkInOperator')]" } } }, @@ -1807,65 +1807,65 @@ "policyDefinitionReferenceId": "ALZ_VMNetworkOut", "policyDefinitionName": "Deploy_VM_NetworkOut_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMNetworkOutEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMNetworkOutWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMNetworkOutAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMNetworkOutAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMNetworkOutAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMNetworkOutPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMNetworkOutAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMNetworkOutTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMNetworkOutThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMNetworkOutFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMNetworkOutComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMNetworkOutFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMNetworkOutAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMNetworkOutWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMNetworkOutEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMNetworkOutOperator')]" + "threshold": { + "value": "[parameters('VMNetworkOutThreshold')]" + }, + "severity": { + "value": "[parameters('VMNetworkOutAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMNetworkOutAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMNetworkOutAlertState')]" + }, + "operator": { + "value": "[parameters('VMNetworkOutOperator')]" } } }, @@ -1873,65 +1873,65 @@ "policyDefinitionReferenceId": "ALZ_VMOSDiskReadLatency", "policyDefinitionName": "Deploy_VM_OSDiskreadLatency_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMOSDiskReadLatencyEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMOSDiskReadLatencyWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMOSDiskReadLatencyAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMOSDiskReadLatencyAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMOSDiskReadLatencyAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMOSDiskReadLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMOSDiskReadLatencyAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMOSDiskReadLatencyTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMOSDiskReadLatencyThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMOSDiskReadLatencyFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMOSDiskReadLatencyComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMOSDiskReadLatencyFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMOSDiskReadLatencyAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMOSDiskReadLatencyWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMOSDiskReadLatencyEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMOSDiskReadLatencyOperator')]" - }, + "threshold": { + "value": "[parameters('VMOSDiskReadLatencyThreshold')]" + }, + "severity": { + "value": "[parameters('VMOSDiskReadLatencyAlertSeverity')]" + }, "autoResolve": { "value": "[parameters('VMOSDiskReadLatencyAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMOSDiskReadLatencyAlertState')]" + }, + "operator": { + "value": "[parameters('VMOSDiskReadLatencyOperator')]" } } }, @@ -1939,65 +1939,65 @@ "policyDefinitionReferenceId": "ALZ_VMOSDiskWriteLatency", "policyDefinitionName": "Deploy_VM_OSDiskwriteLatency_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMOSDiskWriteLatencyEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMOSDiskWriteLatencyWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMOSDiskWriteLatencyAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMOSDiskWriteLatencyAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMOSDiskWriteLatencyAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMOSDiskWriteLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMOSDiskWriteLatencyAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMOSDiskWriteLatencyTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMOSDiskWriteLatencyThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMOSDiskWriteLatencyFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMOSDiskWriteLatencyComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMOSDiskWriteLatencyFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMOSDiskWriteLatencyAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMOSDiskWriteLatencyWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMOSDiskWriteLatencyOperator')]" + "threshold": { + "value": "[parameters('VMOSDiskWriteLatencyThreshold')]" + }, + "severity": { + "value": "[parameters('VMOSDiskWriteLatencyAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMOSDiskWriteLatencyAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMOSDiskWriteLatencyAlertState')]" + }, + "operator": { + "value": "[parameters('VMOSDiskWriteLatencyOperator')]" } } }, @@ -2005,65 +2005,65 @@ "policyDefinitionReferenceId": "ALZ_VMOSDiskSpace", "policyDefinitionName": "Deploy_VM_OSDiskSpace_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMOSDiskSpaceEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMOSDiskSpaceWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMOSDiskSpaceAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMOSDiskSpaceAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMOSDiskSpaceAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMOSDiskSpacePolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMOSDiskSpaceAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMOSDiskSpaceTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMOSDiskSpaceThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMOSDiskSpaceFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMOSDiskSpaceComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMOSDiskSpaceFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMOSDiskSpaceAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMOSDiskSpaceWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMOSDiskSpaceEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMOSDiskSpaceOperator')]" + "threshold": { + "value": "[parameters('VMOSDiskSpaceThreshold')]" + }, + "severity": { + "value": "[parameters('VMOSDiskSpaceAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMOSDiskSpaceAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMOSDiskSpaceAlertState')]" + }, + "operator": { + "value": "[parameters('VMOSDiskSpaceOperator')]" } } }, @@ -2071,59 +2071,59 @@ "policyDefinitionReferenceId": "ALZ_VMPercentCPU", "policyDefinitionName": "Deploy_VM_CPU_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMPercentCPUEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMPercentCPUWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMPercentCPUAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMPercentCPUAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMPercentCPUAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMPercentCPUPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMPercentCPUAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMPercentCPUTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMPercentCPUThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "failingPeriods": { "value": "[parameters('VMPercentCPUFailingPeriods')]" }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" - }, "autoResolveTime": { "value": "[parameters('VMPercentCPUAutoResolveTime')]" }, - "operator": { - "value": "[parameters('VMPercentCPUOperator')]" + "windowSize": { + "value": "[parameters('VMPercentCPUWindowSize')]" + }, + "threshold": { + "value": "[parameters('VMPercentCPUThreshold')]" + }, + "severity": { + "value": "[parameters('VMPercentCPUAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMPercentCPUAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMPercentCPUAlertState')]" + }, + "operator": { + "value": "[parameters('VMPercentCPUOperator')]" } } }, @@ -2131,59 +2131,59 @@ "policyDefinitionReferenceId": "ALZ_VMPercentMemory", "policyDefinitionName": "Deploy_VM_Memory_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMPercentMemoryEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMPercentMemoryWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMPercentMemoryAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMPercentMemoryAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMPercentMemoryAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMPercentMemoryPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMPercentMemoryAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMPercentMemoryTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMPercentMemoryThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" + "UAMIResourceId": { + "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "failingPeriods": { "value": "[parameters('VMPercentMemoryFailingPeriods')]" }, - "UAMIResourceId": { - "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" - }, "autoResolveTime": { "value": "[parameters('VMPercentMemoryAutoResolveTime')]" }, - "operator": { - "value": "[parameters('VMPercentMemoryOperator')]" + "windowSize": { + "value": "[parameters('VMPercentMemoryWindowSize')]" + }, + "threshold": { + "value": "[parameters('VMPercentMemoryThreshold')]" + }, + "severity": { + "value": "[parameters('VMPercentMemoryAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMPercentMemoryAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMPercentMemoryAlertState')]" + }, + "operator": { + "value": "[parameters('VMPercentMemoryOperator')]" } } }, @@ -2191,65 +2191,65 @@ "policyDefinitionReferenceId": "ALZ_VMDataDiskSpace", "policyDefinitionName": "Deploy_VM_dataDiskSpace_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMDataDiskSpaceEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMDataDiskSpaceWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMDataDiskSpaceAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMDataDiskSpaceAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMDataDiskSpaceAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMDataDiskSpacePolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMDataDiskSpaceAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMDataDiskSpaceTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMDataDiskSpaceThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMDataDiskSpaceFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMDataDiskSpaceComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMDataDiskSpaceFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMDataDiskSpaceAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMDataDiskSpaceWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMDataDiskSpaceEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMDataDiskSpaceOperator')]" + "threshold": { + "value": "[parameters('VMDataDiskSpaceThreshold')]" + }, + "severity": { + "value": "[parameters('VMDataDiskSpaceAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMDataDiskSpaceAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMDataDiskSpaceAlertState')]" + }, + "operator": { + "value": "[parameters('VMDataDiskSpaceOperator')]" } } }, @@ -2257,65 +2257,65 @@ "policyDefinitionReferenceId": "ALZ_VMDataDiskReadLatency", "policyDefinitionName": "Deploy_VM_dataDiskReadLatency_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMDataDiskReadLatencyEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMDataDiskReadLatencyWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMDataDiskReadLatencyAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMDataDiskReadLatencyAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMDataDiskReadLatencyAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMDataDiskReadLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMDataDiskReadLatencyAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMDataDiskReadLatencyTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMDataDiskReadLatencyThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMDataDiskReadLatencyFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMDataDiskReadLatencyComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMDataDiskReadLatencyFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMDataDiskReadLatencyAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMDataDiskReadLatencyWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMDataDiskReadLatencyEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMDataDiskReadLatencyOperator')]" + "threshold": { + "value": "[parameters('VMDataDiskReadLatencyThreshold')]" + }, + "severity": { + "value": "[parameters('VMDataDiskReadLatencyAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMDataDiskReadLatencyAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMDataDiskReadLatencyAlertState')]" + }, + "operator": { + "value": "[parameters('VMDataDiskReadLatencyOperator')]" } } }, @@ -2323,65 +2323,65 @@ "policyDefinitionReferenceId": "ALZ_VMDataDiskWriteLatency", "policyDefinitionName": "Deploy_VM_dataDiskWriteLatency_Alert", "parameters": { + "alertResourceGroupLocation": { + "value": "[parameters('ALZMonitorResourceGroupLocation')]" + }, "evaluationFrequency": { "value": "[parameters('VMDataDiskWriteLatencyEvaluationFrequency')]" }, + "alertResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, - "windowSize": { - "value": "[parameters('VMDataDiskWriteLatencyWindowSize')]" - }, - "autoMitigate": { - "value": "[parameters('VMDataDiskWriteLatencyAutoMitigate')]" - }, - "severity": { - "value": "[parameters('VMDataDiskWriteLatencyAlertSeverity')]" - }, - "alertResourceGroupLocation": { - "value": "[parameters('ALZMonitorResourceGroupLocation')]" - }, - "enabled": { - "value": "[parameters('VMDataDiskWriteLatencyAlertState')]" + "alertResourceGroupTags": { + "value": "[parameters('ALZMonitorResourceGroupTags')]" }, "effect": { "value": "[parameters('VMDataDiskWriteLatencyPolicyEffect')]" }, - "alertResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" + "autoMitigate": { + "value": "[parameters('VMDataDiskWriteLatencyAutoMitigate')]" }, "timeAggregation": { "value": "[parameters('VMDataDiskWriteLatencyTimeAggregation')]" }, - "threshold": { - "value": "[parameters('VMDataDiskWriteLatencyThreshold')]" - }, - "alertResourceGroupTags": { - "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "failingPeriods": { - "value": "[parameters('VMDataDiskWriteLatencyFailingPeriods')]" - }, "UAMIResourceId": { "value": "[if(empty(parameters('BYOUserAssignedManagedIdentityResourceId')), concat('/subscriptions/', parameters('ALZManagementSubscriptionId'), '/resourceGroups/', parameters('ALZMonitorResourceGroupName'), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('ALZUserAssignedManagedIdentityName')),parameters('BYOUserAssignedManagedIdentityResourceId'))]" }, "computersToInclude": { "value": "[parameters('VMDataDiskWriteLatencyComputersToInclude')]" }, + "failingPeriods": { + "value": "[parameters('VMDataDiskWriteLatencyFailingPeriods')]" + }, "autoResolveTime": { "value": "[parameters('VMDataDiskWriteLatencyAutoResolveTime')]" }, + "windowSize": { + "value": "[parameters('VMDataDiskWriteLatencyWindowSize')]" + }, "evaluationPeriods": { "value": "[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]" }, - "operator": { - "value": "[parameters('VMDataDiskWriteLatencyOperator')]" + "threshold": { + "value": "[parameters('VMDataDiskWriteLatencyThreshold')]" + }, + "severity": { + "value": "[parameters('VMDataDiskWriteLatencyAlertSeverity')]" }, "autoResolve": { "value": "[parameters('VMDataDiskWriteLatencyAutoResolve')]" + }, + "enabled": { + "value": "[parameters('VMDataDiskWriteLatencyAlertState')]" + }, + "operator": { + "value": "[parameters('VMDataDiskWriteLatencyOperator')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/alerting-web.jsonc b/Definitions/policySetDefinitions/Monitoring/alerting-web.jsonc index 9b4bc2a..5e37138 100644 --- a/Definitions/policySetDefinitions/Monitoring/alerting-web.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/alerting-web.jsonc @@ -10,8 +10,8 @@ "alzCloudEnvironments": [ "AzureCloud" ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", - "category": "Monitoring" + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" }, "parameters": { "ALZMonitorDisableTagValues": { @@ -27,25 +27,18 @@ ], "type": "Array" }, - "WSFCPUPercentageAlertSeverity": { + "ALZMonitorDisableTagName": { "metadata": { - "description": "Severity of the alert", - "displayName": "WSF CPU Percentage Alert Severity" + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", + "displayName": "ALZ Monitoring disabled tag name" }, - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ], - "defaultValue": "2", + "defaultValue": "MonitorDisable", "type": "String" }, - "WSFCPUPercentageWindowSize": { + "WSFHttpQueueLengthWindowSize": { "metadata": { "description": "Window size for the alert", - "displayName": "WSF CPU Percentage Window Size" + "displayName": "WSF HTTP Queue Lenght Window Size" }, "allowedValues": [ "PT1M", @@ -60,10 +53,10 @@ "defaultValue": "PT5M", "type": "string" }, - "WSFCPUPercentageEvaluationFrequency": { + "WSFHttpQueueLengthEvaluationFrequency": { "metadata": { "description": "Evaluation frequency for the alert", - "displayName": "WSF CPU Percentage Evaluation Frequency" + "displayName": "WSF HTTP Queue Lenght Evaluation Frequency" }, "allowedValues": [ "PT1M", @@ -75,10 +68,10 @@ "defaultValue": "PT1M", "type": "string" }, - "WSFCPUPercentagePolicyEffect": { + "WSFHttpQueueLengthPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "WSF CPU Percentage Policy Effect" + "displayName": "WSF HTTP Queue Lenght Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -87,6 +80,47 @@ "defaultValue": "deployIfNotExists", "type": "string" }, + "WSFCPUPercentageWindowSize": { + "metadata": { + "description": "Window size for the alert", + "displayName": "WSF CPU Percentage Window Size" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "PT5M", + "type": "string" + }, + "WSFHttpQueueLengthAlertState": { + "metadata": { + "description": "Alert state for the alert", + "displayName": "WSF HTTP Queue Lenght Alert State" + }, + "defaultValue": "true", + "type": "string" + }, + "WSFCPUPercentageEvaluationFrequency": { + "metadata": { + "description": "Evaluation frequency for the alert", + "displayName": "WSF CPU Percentage Evaluation Frequency" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "PT1M", + "type": "string" + }, "WSFCPUPercentageAlertState": { "metadata": { "description": "Alert state for the alert", @@ -227,18 +261,10 @@ "defaultValue": "PT1M", "type": "string" }, - "WSFHttpQueueLengthAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "WSF HTTP Queue Lenght Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "WSFHttpQueueLengthPolicyEffect": { + "WSFDiskQueueLengthPolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "WSF HTTP Queue Lenght Policy Effect" + "displayName": "WSF Disk Queue Lenght Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -247,46 +273,28 @@ "defaultValue": "deployIfNotExists", "type": "string" }, - "ALZMonitorDisableTagName": { - "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" - }, - "defaultValue": "MonitorDisable", - "type": "String" - }, - "WSFHttpQueueLengthEvaluationFrequency": { + "WSFDiskQueueLengthAlertState": { "metadata": { - "description": "Evaluation frequency for the alert", - "displayName": "WSF HTTP Queue Lenght Evaluation Frequency" + "description": "Alert state for the alert", + "displayName": "WSF Disk Queue Lenght Alert State" }, - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ], - "defaultValue": "PT1M", + "defaultValue": "true", "type": "string" }, - "WSFHttpQueueLengthWindowSize": { + "WSFCPUPercentageAlertSeverity": { "metadata": { - "description": "Window size for the alert", - "displayName": "WSF HTTP Queue Lenght Window Size" + "description": "Severity of the alert", + "displayName": "WSF CPU Percentage Alert Severity" }, "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" + "0", + "1", + "2", + "3", + "4" ], - "defaultValue": "PT5M", - "type": "string" + "defaultValue": "2", + "type": "String" }, "WSFHttpQueueLengthAlertSeverity": { "metadata": { @@ -303,18 +311,10 @@ "defaultValue": "2", "type": "String" }, - "WSFDiskQueueLengthAlertState": { - "metadata": { - "description": "Alert state for the alert", - "displayName": "WSF Disk Queue Lenght Alert State" - }, - "defaultValue": "true", - "type": "string" - }, - "WSFDiskQueueLengthPolicyEffect": { + "WSFCPUPercentagePolicyEffect": { "metadata": { "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert", - "displayName": "WSF Disk Queue Lenght Policy Effect" + "displayName": "WSF CPU Percentage Policy Effect" }, "allowedValues": [ "deployIfNotExists", @@ -329,29 +329,29 @@ "policyDefinitionReferenceId": "ALZ_WSFCPUPercentage", "policyDefinitionName": "Deploy_WSF_CPUPercentage_Alert", "parameters": { - "effect": { - "value": "[parameters('WSFCPUPercentagePolicyEffect')]" - }, "evaluationFrequency": { "value": "[parameters('WSFCPUPercentageEvaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('WSFCPUPercentageWindowSize')]" - }, - "severity": { - "value": "[parameters('WSFCPUPercentageAlertSeverity')]" - }, - "threshold": { - "value": "[parameters('WSFCPUPercentageThreshold')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('WSFCPUPercentagePolicyEffect')]" + }, + "windowSize": { + "value": "[parameters('WSFCPUPercentageWindowSize')]" + }, "enabled": { "value": "[parameters('WSFCPUPercentageAlertState')]" + }, + "severity": { + "value": "[parameters('WSFCPUPercentageAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('WSFCPUPercentageThreshold')]" } } }, @@ -359,29 +359,29 @@ "policyDefinitionReferenceId": "ALZ_WSFMemoryPercentage", "policyDefinitionName": "Deploy_WSF_MemoryPercentage_Alert", "parameters": { - "effect": { - "value": "[parameters('WSFMemoryPercentagePolicyEffect')]" - }, "evaluationFrequency": { "value": "[parameters('WSFMemoryPercentageEvaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('WSFMemoryPercentageWindowSize')]" - }, - "severity": { - "value": "[parameters('WSFMemoryPercentageAlertSeverity')]" - }, - "threshold": { - "value": "[parameters('WSFMemoryPercentageThreshold')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('WSFMemoryPercentagePolicyEffect')]" + }, + "windowSize": { + "value": "[parameters('WSFMemoryPercentageWindowSize')]" + }, "enabled": { "value": "[parameters('WSFMemoryPercentageAlertState')]" + }, + "severity": { + "value": "[parameters('WSFMemoryPercentageAlertSeverity')]" + }, + "threshold": { + "value": "[parameters('WSFMemoryPercentageThreshold')]" } } }, @@ -389,26 +389,26 @@ "policyDefinitionReferenceId": "ALZ_WSFDiskQueueLength", "policyDefinitionName": "Deploy_WSF_DiskQueueLength_Alert", "parameters": { - "effect": { - "value": "[parameters('WSFDiskQueueLengthPolicyEffect')]" - }, "evaluationFrequency": { "value": "[parameters('WSFDiskQueueLengthEvaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('WSFDiskQueueLengthWindowSize')]" - }, - "severity": { - "value": "[parameters('WSFDiskQueueLengthAlertSeverity')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('WSFDiskQueueLengthPolicyEffect')]" + }, + "windowSize": { + "value": "[parameters('WSFDiskQueueLengthWindowSize')]" + }, "enabled": { "value": "[parameters('WSFDiskQueueLengthAlertState')]" + }, + "severity": { + "value": "[parameters('WSFDiskQueueLengthAlertSeverity')]" } } }, @@ -416,26 +416,26 @@ "policyDefinitionReferenceId": "ALZ_WSFHttpQueueLength", "policyDefinitionName": "Deploy_WSF_HttpQueueLength_Alert", "parameters": { - "effect": { - "value": "[parameters('WSFHttpQueueLengthPolicyEffect')]" - }, "evaluationFrequency": { "value": "[parameters('WSFHttpQueueLengthEvaluationFrequency')]" }, - "windowSize": { - "value": "[parameters('WSFHttpQueueLengthWindowSize')]" - }, - "severity": { - "value": "[parameters('WSFHttpQueueLengthAlertSeverity')]" - }, "MonitorDisableTagValues": { "value": "[parameters('ALZMonitorDisableTagValues')]" }, "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "effect": { + "value": "[parameters('WSFHttpQueueLengthPolicyEffect')]" + }, + "windowSize": { + "value": "[parameters('WSFHttpQueueLengthWindowSize')]" + }, "enabled": { "value": "[parameters('WSFHttpQueueLengthAlertState')]" + }, + "severity": { + "value": "[parameters('WSFHttpQueueLengthAlertSeverity')]" } } } diff --git a/Definitions/policySetDefinitions/Monitoring/notification-assets.jsonc b/Definitions/policySetDefinitions/Monitoring/notification-assets.jsonc index 1cc3dfb..fa9bfe8 100644 --- a/Definitions/policySetDefinitions/Monitoring/notification-assets.jsonc +++ b/Definitions/policySetDefinitions/Monitoring/notification-assets.jsonc @@ -6,132 +6,132 @@ "description": "This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications.", "metadata": { "_deployed_by_amba": true, - "category": "Monitoring", "version": "1.3.0", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "category": "Monitoring", "alzCloudEnvironments": [ "AzureCloud" - ], - "source": "https://github.com/Azure/azure-monitor-baseline-alerts/" + ] }, "parameters": { + "ALZMonitorActionGroupEmail": { + "metadata": { + "displayName": "Action Group Email Addresses", + "description": "Email addresses to send alerts to" + }, + "defaultValue": [], + "type": "Array" + }, + "ALZMonitorResourceGroupName": { + "metadata": { + "displayName": "Resource Group Name", + "description": "Name of the resource group to deploy the alerts to" + }, + "defaultValue": "ALZ-Monitoring-RG", + "type": "String" + }, "ALZMonitorResourceGroupLocation": { "metadata": { - "description": "Location of the resource group", - "displayName": "Resource Group Location" + "displayName": "Resource Group Location", + "description": "Location of the resource group" }, "defaultValue": "centralus", "type": "String" }, "ALZMonitorResourceGroupTags": { "metadata": { - "description": "Tags to apply to the resource group", - "displayName": "Resource Group Tags" + "displayName": "Resource Group Tags", + "description": "Tags to apply to the resource group" }, "defaultValue": { "_deployed_by_alz_monitor": true }, "type": "Object" }, - "ALZMonitorResourceGroupName": { + "ALZLogicappCallbackUrl": { "metadata": { - "description": "Name of the resource group to deploy the alerts to", - "displayName": "Resource Group Name" + "displayName": "Logic App Callback URL", + "description": "Callback URL that triggers the Logic App" }, - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "", "type": "String" }, - "ALZMonitorActionGroupEmail": { - "metadata": { - "description": "Email addresses to send alerts to", - "displayName": "Action Group Email Addresses" - }, - "defaultValue": [], - "type": "Array" - }, "BYOAlertProcessingRule": { "metadata": { - "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment", - "displayName": "Customer defined Alert Processing Rule Resource ID" + "displayName": "Customer defined Alert Processing Rule Resource ID", + "description": "The Resource ID of an existing Alert Processing Rule already deployed by the customer in his environment" }, "defaultValue": "", "type": "String" }, - "ALZLogicappCallbackUrl": { + "ALZEventHubResourceId": { "metadata": { - "description": "Callback URL that triggers the Logic App", - "displayName": "Logic App Callback URL" + "displayName": "Event Hub resource Ids", + "description": "Event Hub resource Ids for action group to send alerts to" }, - "defaultValue": "", - "type": "String" + "defaultValue": [], + "type": "array" }, "ALZFunctionTriggerUrl": { "metadata": { - "description": "URL that triggers the Function", - "displayName": "Function Trigger URL" + "displayName": "Function Trigger URL", + "description": "URL that triggers the Function" }, "defaultValue": "", "type": "String" }, "ALZLogicappResourceId": { "metadata": { - "description": "Logic App Resource Id for Action Group to send alerts to", - "displayName": "Logic App Resource Id" + "displayName": "Logic App Resource Id", + "description": "Logic App Resource Id for Action Group to send alerts to" }, "defaultValue": "", "type": "String" }, "ALZFunctionResourceId": { "metadata": { - "description": "Function Resource Id for Action Group to send alerts to", - "displayName": "Function Resource Id" + "displayName": "Function Resource Id", + "description": "Function Resource Id for Action Group to send alerts to" }, "defaultValue": "", "type": "String" }, - "ALZEventHubResourceId": { + "BYOActionGroup": { "metadata": { - "description": "Event Hub resource Ids for action group to send alerts to", - "displayName": "Event Hub resource Ids" + "displayName": "Customer defined Action Group Resource IDs", + "description": "The Resource IDs of existing Action Groups currently deployed in the environment." }, "defaultValue": [], "type": "array" }, "ALZWebhookServiceUri": { "metadata": { - "description": "Indicates the service uri(s) of the webhook to send alerts to", - "displayName": "Webhook Service Uri(s)" + "displayName": "Webhook Service Uri(s)", + "description": "Indicates the service uri(s) of the webhook to send alerts to" }, "defaultValue": [], "type": "Array" }, - "BYOActionGroup": { - "metadata": { - "description": "The Resource IDs of existing Action Groups currently deployed in the environment.", - "displayName": "Customer defined Action Group Resource IDs" - }, - "defaultValue": [], - "type": "array" - }, "ALZArmRoleId": { "metadata": { - "description": "Arm Built-in Role Ids for action group to send alerts to", - "displayName": "Arm Role Ids" + "displayName": "Arm Role Ids", + "description": "Arm Built-in Role Ids for action group to send alerts to" }, "defaultValue": [], "type": "array" }, "ALZMonitorDisableTagName": { "metadata": { - "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag name" + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": "MonitorDisable", "type": "String" }, "ALZMonitorDisableTagValues": { "metadata": { - "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.", - "displayName": "ALZ Monitoring disabled tag values(s)" + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." }, "defaultValue": [ "true", @@ -153,23 +153,26 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "ALZMonitorActionGroupEmail": { + "value": "[parameters('ALZMonitorActionGroupEmail')]" + }, + "ALZMonitorResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "ALZMonitorResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" }, - "ALZMonitorResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" - }, - "ALZMonitorActionGroupEmail": { - "value": "[parameters('ALZMonitorActionGroupEmail')]" + "ALZLogicappCallbackUrl": { + "value": "[parameters('ALZLogicappCallbackUrl')]" }, "BYOAlertProcessingRule": { "value": "[parameters('BYOAlertProcessingRule')]" }, - "ALZLogicappCallbackUrl": { - "value": "[parameters('ALZLogicappCallbackUrl')]" + "ALZEventHubResourceId": { + "value": "[parameters('ALZEventHubResourceId')]" }, "ALZFunctionTriggerUrl": { "value": "[parameters('ALZFunctionTriggerUrl')]" @@ -180,15 +183,12 @@ "ALZFunctionResourceId": { "value": "[parameters('ALZFunctionResourceId')]" }, - "ALZEventHubResourceId": { - "value": "[parameters('ALZEventHubResourceId')]" + "BYOActionGroup": { + "value": "[parameters('BYOActionGroup')]" }, "ALZWebhookServiceUri": { "value": "[parameters('ALZWebhookServiceUri')]" }, - "BYOActionGroup": { - "value": "[parameters('BYOActionGroup')]" - }, "ALZArmRoleId": { "value": "[parameters('ALZArmRoleId')]" } @@ -204,14 +204,14 @@ "MonitorDisableTagName": { "value": "[parameters('ALZMonitorDisableTagName')]" }, + "ALZMonitorResourceGroupName": { + "value": "[parameters('ALZMonitorResourceGroupName')]" + }, "ALZMonitorResourceGroupLocation": { "value": "[parameters('ALZMonitorResourceGroupLocation')]" }, "ALZMonitorResourceGroupTags": { "value": "[parameters('ALZMonitorResourceGroupTags')]" - }, - "ALZMonitorResourceGroupName": { - "value": "[parameters('ALZMonitorResourceGroupName')]" } } }