Azure 中所有警报的安全自动化

问题描述 投票:0回答:1

我正在尝试通过 git-hub 模板为所有警报部署创建安全自动化。

https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.security/securitycenter-create-automation-for-all-alerts/README.md

我无法提供警报设置值:

enter image description here

enter image description here

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "automationName": {
      "type": "string",
      "minLength": 3,
      "maxLength": 24
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for the automation"
      }
    },
    "logicAppName": {
      "type": "string",
      "minLength": 3
    },
    "logicAppResourceGroupName": {
      "type": "string",
      "minLength": 3
    },
    "subscriptionId": {
      "type": "string",
      "defaultValue": "[subscription().subscriptionId]",
      "metadata": {
        "description": "The Azure resource GUID id of the subscription"
      }
    },
    "alertSettings": {
      "type": "object",
      "metadata": {
        "description": "The alert settings object used for deploying the automation"
      }
    }
  },
  "variables": {
    "automationDescription": "automation description for subscription {0}",
    "scopeDescription": "automation scope for subscription {0}"
  },
  "resources": [
    {
      "apiVersion": "2019-01-01-preview",
      "location": "[parameters('location')]",
      "name": "[parameters('automationName')]",
      "type": "Microsoft.Security/automations",
      "properties": {
        "description": "[format(variables('automationDescription'),'{0}', parameters('subscriptionId'))]",
        "isEnabled": true,
        "actions": [
          {
            "actionType": "LogicApp",
            "logicAppResourceId": "[resourceId('Microsoft.Logic/workflows', parameters('logicAppName'))]",
            "uri": "[listCallbackURL(resourceId(parameters('subscriptionId'), parameters('logicAppResourceGroupName'), 'Microsoft.Logic/workflows/triggers', parameters('logicAppName'), 'manual'), '2019-05-01').value]"
          }
        ],
        "scopes": [
          {
            "description": "[format(variables('scopeDescription'),'{0}', parameters('subscriptionId'))]",
            "scopePath": "[subscription().id]"
          }
        ],
        "sources": [
          {
            "eventSource": "Alerts",
            "eventVersionType": "Api",
            "copy": [
              {
                "name": "ruleSets",
                "count": "[length(parameters('alertSettings').alertSeverityMapping)]",
                "input": {
                  "rules": [
                    {
                      "propertyJPath": "[parameters('alertSettings').alertSeverityMapping[copyIndex('ruleSets')].jpath]",
                      "propertyType": "string",
                      "expectedValue": "[parameters('alertSettings').alertSeverityMapping[copyIndex('ruleSets')].expectedValue]",
                      "operator": "[parameters('alertSettings').alertSeverityMapping[copyIndex('ruleSets')].operator]"
                    },
                    {
                      "propertyJPath": "Severity",
                      "propertyType": "string",
                      "expectedValue": "[parameters('alertSettings').alertSeverityMapping[copyIndex('ruleSets')].severity]",
                      "operator": "Equals"
                    }
                  ]
                }
              }
            ]
          }
        ]
      }
    }
  ]
}`

我应该在这里给出什么价值? 我尝试过以下值

高、中 “高”、“中” {警报设置:“空”} 警报设置

需要通过管道部署此策略部署

azure azure-policy azure-security azure-defender azure-security-center
1个回答
0
投票

查看模板定义,alertSettings 字段应如下所示:

{
    "alertSeverityMapping": [
        {
            "jpath": "<YOUR INPUT>",
            "expectedValue": "<YOUR INPUT>",
            "operator": "<YOUR INPUT>",
            "severity": "<YOUR INPUT>",
        }
    ]
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.