Account should have a configured activity log alert for load balancer updates このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください 。
Activity log alert exists for the creation or update of a load balancer.
By implementing alerting on significant infrastructure changes in Microsoft Azure, you can detect unauthorized or unwanted activity.
Navigate to Monitor . Select Activity Logs . Search the operation name Create or Update Load Balancer . Click On New Alert Rule . Under Scope , select the Subscription and any Resource Groups that need monitoring. Configure Action groups if needed. In Details , provide a descriptive Alert rule name and description. Go to Tags and enter relevant tags. Click Review + create . az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "AuthorizationBearer $1" -H "Content-Typeapplication/json" https://management.azure.com/subscriptions/$0/resourceGroups/<Resource_Group_To Create_Alert_In>/providers/microsoft.insights/activityLogAlerts/<Unique_Alert_Name>?api-version=2017-04-01 -d@"input.json"'
input.json contains the request body JSON data mentioned below.
{
"location" : "Global" ,
"tags" : {},
"properties" : {
"scopes" : [
"/subscriptions/<Subscription_ID>"
],
"enabled" : true ,
"condition" : {
"allOf" : [
{
"containsAny" : null ,
"equals" : "Administrative" ,
"field" : "category"
},
{
"containsAny" : null ,
"equals" : "Microsoft.Network/loadBalancers/write" ,
"field" : "operationName"
}
]
},
"actions" : {
"actionGroups" : [
{
"actionGroupId" : "/subscriptions/<Subscription_ID>/resourceGroups/<Resource_Group_For_Alert_Group>/providers/microsoft.insights/actionGroups/<Alert_Group>" ,
"webhookProperties" : null
}
]
},
}
}
Copy
Using PowerShell AZ cmdlets :
$ComplianceName = 'Create or Update Load Balancers'
$Signal = 'Microsoft.Network/loadBalancers/write'
$Category = 'Administrative'
$ResourceGroupName = 'MyResourceGroup'
$actiongroup = ( Get-AzActionGroup -Name corenotifications -ResourceGroupName $ResourceGroupName )
$ActionGroupId = ( New-Object Microsoft . Azure . Management . Monitor . Models . ActivityLogAlertActionGroup $ActionGroup . Id )
$Subscription = ( Get-AzContext ). Subscription
$location = 'Global'
$scope = "/subscriptions/ $( $Subscription . Id ) "
$alertName = " $( $Subscription . Name ) - $( $ComplianceName ) "
$conditions = @ (
New-AzActivityLogAlertCondition -Field 'category' -Equal $Category
New-AzActivityLogAlertCondition -Field 'operationName' -Equal $Signal
)
Set-AzActivityLogAlert -Location $location -Name $alertName -ResourceGroupName $ResourceGroupName -Scope $scope -Action $ActionGroupId -Condition $conditions
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources Version 7: 6.3 Enable Detailed Logging . Enable system logging to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.
