Framework/Configurations/AlertMonitoring/AzSDK.AM.OMSSetup.json
|
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "omsWorkspaceLocation": { "type": "string", "defaultValue": "" }, "omsResourcegroup": { "type": "string", "defaultValue": "" }, "omsSubscriptionId": { "type": "string", "defaultValue": "" }, "omsWorkspaceName": { "type": "string", "defaultValue": "" }, "omsWorkspaceApiVersion": { "type": "string", "defaultValue": "" }, "alertEmailsPointOfContact": { "type": "array", "defaultValue": "" }, "appSubscriptionName": { "type": "string", "defaultValue": "" } }, "variables": { "SolutionVersion": "1.1", "SolutionPublisher": "NotUsed", "SolutionName": "NotUsedomssol99", "ViewName": "[concat('AZSDK-SUBCC-', parameters('appSubscriptionName'))]", "LogAnalyticsApiVersion": "2015-11-01-preview" }, "resources": [ { "apiVersion": "[parameters('omsWorkspaceApiVersion')]", "id": "[Concat('/subscriptions/', parameters('omsSubscriptionId'), '/resourceGroups/', parameters('omsResourcegroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]", "location": "[parameters('omsWorkspaceLocation')]", "name": "[parameters('omsWorkspaceName')]", "resources": [ { "apiVersion": "2015-11-01-preview", "name": "[variables('ViewName')]", "type": "views", "location": "[parameters('omsWorkspaceLocation')]", "id": "[Concat('/subscriptions/', parameters('omsSubscriptionId'), '/resourceGroups/', parameters('omsResourcegroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'),'/views/', variables('ViewName'))]", "dependson": [ "[Concat('/subscriptions/', parameters('omsSubscriptionId'), '/resourceGroups/', parameters('omsResourcegroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" ], "properties": { "DisplayName": "[variables('ViewName')]", "Id": "[variables('ViewName')]", "Name": "[variables('ViewName')]", "Author": "Microsoft", "Source": "Local", "Dashboard": [ { "Id": "NumberTileListBuilderBlade", "Type": "Blade", "Version": 0, "Configuration": { "General": { "title": "Alert/Actions needed", "newGroup": true, "icon": "", "useIcon": false }, "Tile": { "Query": "Type:Alert AlertState!=Closed AlertName=\"AzSDK Sub RBAC\" | measure count() by AlertSeverity", "Legend": "Total Active Alerts count" }, "List": { "Query": "Type:Alert AlertState!=Closed AlertName=\"AzSDK Sub RBAC\" | measure count() by AlertName", "HideGraph": false, "enableSparklines": false, "operation": "Summary", "ColumnsTitle": { "Name": "Alerts Name", "Value": "Active Count" }, "Color": "#0072c6", "thresholds": { "isEnabled": false, "values": [ { "name": "Normal", "threshold": "Default", "color": "#009e49", "isDefault": true }, { "name": "Warning", "threshold": "60", "color": "#fcd116", "isDefault": false }, { "name": "Error", "threshold": "90", "color": "#ba141a", "isDefault": false } ] }, "NameDSVSeparator": "", "NavigationQuery": "{selected item}" } } }, { "Id": "SingleQueryDonutBuilderBladeV1", "Type": "Blade", "Version": 0, "Configuration": { "General": { "title": "Subscription Compliance Status", "newGroup": false, "icon": "", "useIcon": false }, "Header": { "Title": "Control Status by State", "Subtitle": "" }, "Donut": { "Query": "[concat('Type:AzSDK_CL FeatureName_s=\"SubscriptionCore\"', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | Measure count() by ControlStatus_s')]", "CenterLegend": { "Text": "Total", "Operation": "Sum", "ArcsToSelect": [] }, "Options": { "colors": [ "#00188f", "#0072c6", "#00bcf2" ], "valueColorMapping": [] } }, "List": { "Query": "[concat('Type:AzSDK_CL FeatureName_s=\"SubscriptionCore\"', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | Measure count() by ControlId_s')]", "HideGraph": true, "enableSparklines": false, "operation": "Summary", "ColumnsTitle": { "Name": "ControlID", "Value": "Count" }, "Color": "#0072c6", "thresholds": { "isEnabled": false, "values": [ { "name": "Normal", "threshold": "Default", "color": "#009e49", "isDefault": true }, { "name": "Warning", "threshold": "60", "color": "#fcd116", "isDefault": false }, { "name": "Error", "threshold": "90", "color": "#ba141a", "isDefault": false } ] }, "NameDSVSeparator": "", "NavigationQuery": "{selected item}" } } }, { "Id": "TwoNumberTileListBuilderBlade", "Type": "Blade", "Version": 0, "Configuration": { "General": { "title": "Subscription Activity", "newGroup": false, "icon": "", "useIcon": false }, "Tile": { "Legend": "Overall RBAC Acitivity (Admin, RoleAssignments, ARM Policy, etc)", "Query": "[concat('Type=AzureActivity (OperationName = \"Microsoft.Authorization/elevateAccess/action\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/write\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/delete\" OR OperationName = \"Microsoft.Authorization/locks/write\" OR OperationName = \"Microsoft.Authorization/locks/delete\" OR OperationName = \"Microsoft.Authorization/policyAssignments/write\" OR OperationName = \"Microsoft.Authorization/policyAssignments/delete\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/write\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/delete\" OR OperationName = \"Microsoft.Authorization/roleAssignments/write\" OR OperationName = \"Microsoft.Authorization/roleAssignments/delete\") ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | Measure Count() by Type')]" }, "SecondTile": { "Legend": "RoleAssignment Activity", "Query": "[concat('Type=AzureActivity (OperationName = \"Microsoft.Authorization/elevateAccess/action\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/write\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/delete\" OR OperationName = \"Microsoft.Authorization/roleAssignments/write\" OR OperationName = \"Microsoft.Authorization/roleAssignments/delete\") ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | Measure Count() by Type')]" }, "List": { "Query": "[concat('Type=AzureActivity (OperationName = \"Microsoft.Authorization/elevateAccess/action\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/write\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/delete\" OR OperationName = \"Microsoft.Authorization/locks/write\" OR OperationName = \"Microsoft.Authorization/locks/delete\" OR OperationName = \"Microsoft.Authorization/policyAssignments/write\" OR OperationName = \"Microsoft.Authorization/policyAssignments/delete\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/write\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/delete\" OR OperationName = \"Microsoft.Authorization/roleAssignments/write\" OR OperationName = \"Microsoft.Authorization/roleAssignments/delete\") ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | measure count() by OperationName')]", "HideGraph": true, "enableSparklines": false, "operation": "Summary", "ColumnsTitle": { "Name": "Computer", "Value": "Count" }, "Color": "#0072c6", "thresholds": { "isEnabled": false, "values": [ { "name": "Normal", "threshold": "Default", "color": "#009e49", "isDefault": true }, { "name": "Warning", "threshold": "60", "color": "#fcd116", "isDefault": false }, { "name": "Error", "threshold": "90", "color": "#ba141a", "isDefault": false } ] }, "NameDSVSeparator": "", "NavigationQuery": "{selected item}" } } }, { "Id": "LineChartCalloutStackedBuilderBlade", "Type": "Blade", "Version": 0, "Configuration": { "General": { "title": "Subscription Activity Over Time", "newGroup": false }, "charts": [ { "Header": { "Title": "RBAC Activity over time", "Subtitle": "" }, "LineChart": { "Query": "[concat('Type=AzureActivity (OperationName = \"Microsoft.Authorization/elevateAccess/action\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/write\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/delete\" OR OperationName = \"Microsoft.Authorization/roleAssignments/write\" OR OperationName = \"Microsoft.Authorization/roleAssignments/delete\") ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | measure count() by OperationName interval 30minutes')]", "yAxis": { "isLogarithmic": false, "units": { "baseUnitType": "", "baseUnit": "", "displayUnit": "" }, "customLabel": "" } } }, { "Header": { "Title": "Subscription Compliance over time", "Subtitle": "frequency of failed controls" }, "LineChart": { "Query": "[concat('Type:AzSDK_CL FeatureName_s=\"SubscriptionCore\" (ControlStatus_s=Failed) ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | Measure count() by ControlStatus_s interval 30minutes')]", "yAxis": { "isLogarithmic": false, "units": { "baseUnitType": "", "baseUnit": "", "displayUnit": "" }, "customLabel": "" } } }, { "Header": { "Title": "Overall Subcription activity over time", "Subtitle": "" }, "LineChart": { "Query": "[concat('Type=AzureActivity (OperationName = \"Microsoft.Authorization/elevateAccess/action\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/write\" OR OperationName = \"Microsoft.Authorization/classicAdministrators/delete\" OR OperationName = \"Microsoft.Authorization/locks/write\" OR OperationName = \"Microsoft.Authorization/locks/delete\" OR OperationName = \"Microsoft.Authorization/policyAssignments/write\" OR OperationName = \"Microsoft.Authorization/policyAssignments/delete\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/write\" OR OperationName = \"Microsoft.Authorization/policyDefinitions/delete\" OR OperationName = \"Microsoft.Authorization/roleAssignments/write\" OR OperationName = \"Microsoft.Authorization/roleAssignments/delete\") ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | measure count() by OperationName')]", "yAxis": { "isLogarithmic": false, "units": { "baseUnitType": "", "baseUnit": "", "displayUnit": "" }, "customLabel": "" } } } ] } } ], "OverviewTile": { "Id": "SingleQueryDonutBuilderTileV1", "Type": "OverviewTile", "Version": 0, "Configuration": { "Donut": { "Query": "[concat('Type:Alert AlertState!=Closed AlertName=\"AzSDK Sub RBAC\" ', ' SubscriptionName_s=\"',parameters('appSubscriptionName'),'\" | measure count() by AlertSeverity')]", "CenterLegend": { "Text": "Total", "Operation": "Sum", "ArcsToSelect": [] }, "Options": { "colors": [ "#e81123", "#ff8c00", "#6dc2e9" ], "valueColorMapping": [] } }, "Advanced": { "DataFlowVerification": { "Enabled": false, "Query": "*", "Message": "" } } } } } } ], "type": "Microsoft.OperationalInsights/workspaces" } ] } |