Open Crazyabout opened 5 years ago
You may need to update the org policy to include the "-StorageAccountName" and "-AppInsightName".
Update-AzSKOrganizationPolicy -SubscriptionId <SubscriptionId> `
-OrgName "Contoso-IT" `
-ResourceGroupName "Contoso-IT-RG" `
-StorageAccountName "contosoitsa" `
-AppInsightName "ContosoITAppInsight" `
-PolicyFolderPath "D:\ContosoPolicies"
Check Option 1 -> Step 3 here.
I keep getting this warning when i deploy the update command
Warning: The current subscription has been configured with DevOps kit policy for the 'security' Org, However the DevOps kit command is running with a different ('Security_scan_Azure_Environment') Org policy.
Even when i executed the IWR command and restarted my Powershell session. like this
Could it be that this is the problem ?
That should not be a problem.
If you are running the scans locally, please check whether the AzSK toolkit is configured to send data to the given Applications Insights account from your machine here.
I run the scan in my CI / CD pipeline. Do i need to provide the instumental key in my variable ?
Could you please check if the AzSKServerURL in the pipeline has the url of your new Custom org policy.
- Run the command Get-AzSKInfo -InfoType HostInfo
- The value of OnlinePolicyStoreURL and EnableAADAuthForOnlinePolicyStore should be used for the variable AzSKServerURL and EnableServerAuth in the ARMTemplateChecker task.
For detailed steps you can refer this.
yeah it has the right url The custom organization is rightly setup But the log analytics nor the dashboard have any data. So I guess there is some setting where i didn't setup the log anlytics right
I have the same issue. The log analytics is being filled. But the App insights stays empty. (and so does the dashboard).
the Get-AzSKInfo -InfoType HostInfo
does show the correct info.
I did use custom names for the resources group / workspace / automation account etc.
I am gonna try and redo the install with the default resource group names etc and set aside my OCD for a minute.
I am very new to Azure resources. When i deploy a custom organization i see that next to the storage account a Dashboard and a Insights resource are getting deployed. My understanding is that I can see logs like failed controls are being monitored. But when I check these resources both are empty when are there being logs written to these resources ? Can i check if these logs are even being saved in Azure ?
*Probably you guys already noted this somewhere but I somehow can't see it. sorry for the dumb question in that case.