You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Onboard Azure VM and Arc connected Linux machines to Azure Automation DSC
Description
Deploys the DSC extension to onboard Linux nodes to Azure Automation DSC. Assigns a configuration.
Version
2.0.0
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
DeployIfNotExists Disabled
automationAccountId
Automation Account Id. If this account is outside of the scope of the assignment you must manually grant 'Contributor' permissions (or similar) on the Automation account to the policy assignment's principal ID.
nxNodeConfigurationName
Specifies the node configuration in the Automation account to assign to the node. NOTE: will auto-suffix '.localhost'.
nodeConfigurationMode
Specifies the mode for LCM. Valid options include ApplyOnly, ApplyandMonitor, and ApplyandAutoCorrect. The default value is ApplyAndAutoCorrect.
ApplyAndAutoCorrect
ApplyAndAutoCorrect applyAndMonitor ApplyOnly
listOfImageIdToInclude_linux
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Onboard Azure VM and Arc connected Windows machines to Azure Automation DSC
Description
Deploys the DSC extension to onboard Windows nodes to Azure Automation DSC. Assigns a configuration.
Version
2.0.0
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
DeployIfNotExists Disabled
automationAccountId
Automation Account Id. If this account is outside of the scope of the assignment you must manually grant 'Contributor' permissions (or similar) on the Automation account to the policy assignment's principal ID.
nodeConfigurationName
Specifies the node configuration in the Automation account to assign to the node. NOTE: will auto-suffix '.localhost'.
nodeConfigurationMode
Specifies the mode for LCM. Valid options include ApplyOnly, ApplyandMonitor, and ApplyandAutoCorrect. The default value is ApplyAndAutoCorrect.
ApplyAndAutoCorrect
ApplyAndAutoCorrect applyAndMonitor ApplyOnly
listOfImageIdToInclude_windows
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Specify the Log Analytics Workspace Id the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
listOfImageIdToInclude_linux
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Specify the Log Analytics Workspace Id the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
listOfImageIdToInclude_linux
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Specify the Log Analytics Workspace Id the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
listOfImageIdToInclude_windows
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Specify the Log Analytics Workspace Id the agent should be connected to. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
listOfImageIdToInclude_windows
Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'
Deploy Diagnostic Settings for Load Balancers to a Log Analytics workspace
Description
Deploys the diagnostic settings for Load Balancers to stream to a regional Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated.
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Network Interfaces to a Log Analytics workspace
Description
Deploys the diagnostic settings for Network Interfaces to stream to a regional Log Analytics workspace when any Network Interface which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for Network Security Groups to a Log Analytics workspace
Description
Deploys the diagnostic settings for Network Security Groups to stream to a regional Log Analytics workspace when any Network Security Group which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for Public IPs to a Log Analytics workspace
Description
Deploys the diagnostic settings for Public IPs to stream to a regional Log Analytics workspace when any Public IP which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for Azure Storage, including blobs, files, tables, and queues to a Log Analytics workspace
Description
Deploys the diagnostic settings for Azure Storage, including blobs, files, tables, and queues to stream to a regional Log Analytics workspace when any Azure Storage which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Subscriptions to a Log Analytics workspace
Description
Deploys the diagnostic settings for Subscriptions to stream to a regional Log Analytics workspace when any Subscription which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
DeployIfNotExists AuditIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for Virtual Machines to a Log Analytics workspace
Description
Deploys the diagnostic settings for Virtual Machines to stream to a regional Log Analytics workspace when any Virtual Machine which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Virtual Networks to a Log Analytics workspace
Description
Deploys the diagnostic settings for Virtual Networks to stream to a regional Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Virtual Network Gateways to a Log Analytics workspace
Description
Deploys the diagnostic settings for Virtual Network Gateways to stream to a regional Log Analytics workspace when any Virtual Network Gateway which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for KeyVaults to a Log Analytics workspace
Description
Deploys the diagnostic settings for KeyVaults to stream to a regional Log Analytics workspace when any KeyVault which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Firewalls to a Log Analytics workspace
Description
Deploys the diagnostic settings for Firewalls to stream to a regional Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for ExpressRoute Connections to a Log Analytics workspace
Description
Deploys the diagnostic settings for ExpressRoute Connections to stream to a regional Log Analytics workspace when any ExpressRoute Connection which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for ExpressRoutes to a Log Analytics workspace
Description
Deploys the diagnostic settings for ExpressRoutes to stream to a regional Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
Deploy Diagnostic Settings for Application Gateways to a Log Analytics workspace
Description
Deploys the diagnostic settings for Application Gateways to stream to a regional Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Deploy Diagnostic Settings for Event Hubs to a Log Analytics workspace
Description
Deploys the diagnostic settings for Event Hubs to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated.
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
AuditIfNotExists DeployIfNotExists Disabled
profileName
The diagnostic settings profile name
setbypolicy_Diagnostics
workspaceId
Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.
storageAccountId
The Storage Account Resource Id to send activity logs
eventHubAuthorizationRuleId
The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}
eventHubName
The EventHub name to stream activity logs to
metricsEnabled
Whether to enable metrics stream to the Log Analytics workspace - True or False
False
True False
logsEnabled
Whether to enable logs stream to the Log Analytics workspace - True or False
Enable Export to Event Hub for Azure Security Center alerts and recommendations
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
DeployIfNotExists AuditIfNotExists Disabled
resourceGroupName
The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Event Hub configured.
policy-export-asc-alerts
resourceGroupLocation
The location where the resource group and the export to Event Hub configuration are created.
uksouth
uksouth ukwest
exportedDataTypes
The data types to be exported. Example: Security recommendations;Security alerts;Secure scores;Secure score controls;
Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), choose securityresources and microsoft.security/assessments.
recommendationSeverities
Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;
High Medium Low
High Medium Low
isSecurityFindingsEnabled
Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation.
True
True False
secureScoreControlsNames
Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), choose securityresources and microsoft.security/securescores/securescorecontrols.
alertSeverities
Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;
Export ASC alerts and recommendations to Log Analytics
Description
Enable Export to Log Analytics Workspace for Azure Security Center alerts and recommendations
Version
Effect
[parameters('effect')]
🧮 ~ Parameters
Name
Description
Default Value
Allowed Values
effect
Enable or disable the execution of the policy
DeployIfNotExists
DeployIfNotExists AuditIfNotExists Disabled
resourceGroupName
The resource group name where the export to Log Analytics configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics configured.
policy-export-asc-alerts
resourceGroupLocation
The location where the resource group and the export to Log Analytics configuration are created.
uksouth
uksouth ukwest
exportedDataTypes
The data types to be exported. Example: Security recommendations;Security alerts;Secure scores;Secure score controls;
Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), choose securityresources and microsoft.security/assessments.
recommendationSeverities
Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;
High Medium Low
High Medium Low
isSecurityFindingsEnabled
Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation.
True
True False
secureScoreControlsNames
Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer (https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade), choose securityresources and microsoft.security/securescores/securescorecontrols.
alertSeverities
Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;
High Medium Low
High Medium Low
workspaceId
Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.
Enroll Subscriptions to Azure Security Center Standard Pricing Tier, Note: the new Containers Plan will be replacing Container Registries and Kubernetes