Open SvenAelterman opened 2 months ago
@SvenAelterman - Thanks for the feedback. Are you looking for this functionality within the ALZ pattern or more general?
@JoeyBarnes I think it should be outside of the ALZ pattern, because not everyone (especially globally) would care about HITRUST/HIPAA compliance.
Perhaps a new set of "compliance" patterns can be created that could be extensible to include alerts required by other policy initiatives?
In the meantime, if anyone is looking for this for HITRUST/HIPAA compliance, this repository contains the necessary Bicep templates: https://github.com/SvenAelterman/AzHITRUSTHIPAAActivityLogAlerts
Thanks @SvenAelterman - This would make a good pattern / scenario to add to AMBA and has been tagged as a feature request for future development.
Check for previous/existing GitHub issues
Description
For compliance with the built-in HITRUST/HIPAA initiative, each covered subscription must have a few Activity Log alerts created.
Specifically, these are the Activity Log events for which alerts must exist:
"Microsoft.Sql/servers/firewallRules/write"
"Microsoft.Sql/servers/firewallRules/delete",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.ClassicNetwork/networkSecurityGroups/write",
"Microsoft.ClassicNetwork/networkSecurityGroups/delete",
"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
This is a great use case for AMBA, as there don't appear to be any existing ways to deploy these without having to repeat the same steps.