diff --git a/.apigentools-info b/.apigentools-info index c5789c23b8..ca4f0c2d7e 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-09 11:21:40.525950", - "spec_repo_commit": "21da0df3" + "regenerated": "2024-12-10 13:52:25.561950", + "spec_repo_commit": "4f71be94" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-09 11:21:40.543995", - "spec_repo_commit": "21da0df3" + "regenerated": "2024-12-10 13:52:25.579439", + "spec_repo_commit": "4f71be94" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 55d50bce80..af3105008c 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -22893,6 +22893,10 @@ components: description: User ID of the user who updated the rule. format: int64 type: integer + updatedAt: + description: The date the rule was last updated, in milliseconds. + format: int64 + type: integer version: description: The version of the rule. format: int64 diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_response.py b/src/datadog_api_client/v2/model/security_monitoring_rule_response.py index 85c053adf3..8e4c72c59a 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_response.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_response.py @@ -78,6 +78,9 @@ def __init__(self, **kwargs): :param update_author_id: User ID of the user who updated the rule. :type update_author_id: int, optional + :param updated_at: The date the rule was last updated, in milliseconds. + :type updated_at: int, optional + :param version: The version of the rule. :type version: int, optional """ diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py index fd460c21bf..f140b9f0cd 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py @@ -68,6 +68,7 @@ def openapi_types(_): "third_party_cases": ([SecurityMonitoringThirdPartyRuleCase],), "type": (SecurityMonitoringRuleTypeRead,), "update_author_id": (int,), + "updated_at": (int,), "version": (int,), } @@ -93,6 +94,7 @@ def openapi_types(_): "third_party_cases": "thirdPartyCases", "type": "type", "update_author_id": "updateAuthorId", + "updated_at": "updatedAt", "version": "version", } @@ -119,6 +121,7 @@ def __init__( third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCase], UnsetType] = unset, type: Union[SecurityMonitoringRuleTypeRead, UnsetType] = unset, update_author_id: Union[int, UnsetType] = unset, + updated_at: Union[int, UnsetType] = unset, version: Union[int, UnsetType] = unset, **kwargs, ): @@ -188,6 +191,9 @@ def __init__( :param update_author_id: User ID of the user who updated the rule. :type update_author_id: int, optional + :param updated_at: The date the rule was last updated, in milliseconds. + :type updated_at: int, optional + :param version: The version of the rule. :type version: int, optional """ @@ -233,6 +239,8 @@ def __init__( kwargs["type"] = type if update_author_id is not unset: kwargs["update_author_id"] = update_author_id + if updated_at is not unset: + kwargs["updated_at"] = updated_at if version is not unset: kwargs["version"] = version super().__init__(kwargs) diff --git a/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.frozen index 7ffaef687a..ecb6c1d899 100644 --- a/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.frozen @@ -1 +1 @@ -2024-05-10T16:34:48.233Z \ No newline at end of file +2024-11-22T13:52:05.136Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.yaml index 9991cfcae1..b23945f967 100644 --- a/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_list_rules_returns_ok_response.yaml @@ -8,8 +8,8 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"data":[{"id":"def-000-vc2","version":5,"name":"''Blob public access'' - should be disabled for storage accounts with blob containers","createdAt":1681395797603,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_storage_account","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_storage_account","validationQuery":"","complianceFrameworks":[{"framework":"pci-dss","version":"4.0","requirement":"Apply-Secure-Configurations-to-All-System-Components","control":"2.2.1"},{"framework":"hipaa","version":"1","requirement":"Workforce-Security","control":"164.308-a-3-i"},{"framework":"hipaa","version":"1","requirement":"Security-Management-Process","control":"164.308-a-1-ii-B"},{"framework":"hipaa","version":"1","requirement":"Access-Control","control":"164.312-a-1"},{"framework":"gdpr","version":"1","requirement":"Data-Protection","control":"25.2"},{"framework":"gdpr","version":"1","requirement":"Security-of-Processing","control":"32.1a"},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.2"},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.8"},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3"},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.2.3"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.1"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.3"},{"framework":"nist-800-53","version":"5","requirement":"Configuration-Management","control":"CM-6"},{"framework":"nist-csf","version":"1.1","requirement":"Information-Protection","control":"PR.IP-1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Storage-Accounts","control":"3.7"}],"filter":"","regoRule":{"policy":"package + string: '{"data":[{"id":"def-000-vc2","version":7,"name":"''Blob public access'' + should be disabled for storage accounts with blob containers","createdAt":1681395797603,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014735961,"isDefault":true,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_storage_account","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_storage_account","validationQuery":"","complianceFrameworks":[{"framework":"pci-dss","version":"4.0","requirement":"Apply-Secure-Configurations-to-All-System-Components","control":"2.2.1","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Workforce-Security","control":"164.308-a-3-i","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Security-Management-Process","control":"164.308-a-1-ii-B","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Access-Control","control":"164.312-a-1","message":"","is_default":true},{"framework":"gdpr","version":"1","requirement":"Data-Protection","control":"25.2","message":"","is_default":true},{"framework":"gdpr","version":"1","requirement":"Security-of-Processing","control":"32.1a","message":"","is_default":true},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.2","message":"","is_default":true},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.8","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.2.3","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Configuration-Management","control":"CM-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.3","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Configuration-Management","control":"CM-6","message":"","is_default":true},{"framework":"nist-csf","version":"1.1","requirement":"Information-Protection","control":"PR.IP-1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Storage-Accounts","control":"3.7","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(storage_account) = \"pass\" if {\n\tstorage_account.allow_blob_public_access == false\n} else = \"fail\"\n\n# @@ -48,8 +48,8 @@ interactions: https://docs.microsoft.com/en-us/security/benchmark/azure-security-controls-v3-governance-strategy#gs-2-define-and-implement-enterprise-segmentationseparation-of-duties-strategy\n[4]: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-2-secure-cloud-services-with-network-controls\n[5]: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure\n[6]: - https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access\n","tags":["scored:true","cloud_provider:azure","framework:gdpr","control:164.308-a-3-i","requirement:Compliance","level:1","requirement:Storage-Accounts","control:2.2.1","framework:nist-csf","requirement:Security-Management-Process","framework:dcsb-m","framework:iso-27001","framework:hipaa","requirement:Access-Control","control:164.308-a-1-ii-B","requirement:Information-Protection","scope:azure.storage","control:25.2","requirement:Workforce-Security","security:compliance","requirement:Configuration-Management","control:164.312-a-1","requirement:Azure","requirement:Apply-Secure-Configurations-to-All-System-Components","control:2.8","control:3.7","framework:cis-azure","control:2.2","framework:pci-dss","requirement:Data-Protection","framework:nist-800-53","source:azure.storage","requirement:Security-of-Processing","control:CM-6","control:A.18.1.3","framework:soc-2","control:A.9.2.3","control:PR.IP-1","control:32.1a","requirement:Logical-and-Physical-Access-Control","control:CC6.3","control:CC6.1"],"defaultTags":["framework:dcsb-m","requirement:Azure","requirement:Configuration-Management","control:2.2","control:A.9.2.3","control:CC6.3","control:CC6.1","requirement:Workforce-Security","control:2.8","framework:soc-2","requirement:Security-of-Processing","requirement:Apply-Secure-Configurations-to-All-System-Components","security:compliance","requirement:Data-Protection","framework:nist-csf","framework:pci-dss","control:164.308-a-1-ii-B","control:164.312-a-1","control:32.1a","scored:true","requirement:Storage-Accounts","requirement:Access-Control","control:A.18.1.3","level:1","framework:hipaa","requirement:Logical-and-Physical-Access-Control","scope:azure.storage","control:PR.IP-1","control:2.2.1","control:25.2","control:3.7","requirement:Information-Protection","requirement:Security-Management-Process","framework:gdpr","framework:cis-azure","requirement:Compliance","control:CM-6","source:azure.storage","cloud_provider:azure","control:164.308-a-3-i","framework:iso-27001","framework:nist-800-53"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-qnx","version":2,"name":"''Create - Policy Assignment'' activity log alert should be configured","createdAt":1695335294080,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.1"}],"filter":"","regoRule":{"policy":"package + https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access\n","tags":["scored:true","cloud_provider:azure","framework:gdpr","control:164.308-a-3-i","requirement:Compliance","level:1","requirement:Storage-Accounts","control:2.2.1","framework:nist-csf","requirement:Security-Management-Process","framework:dcsb-m","framework:iso-27001","framework:hipaa","requirement:Access-Control","control:164.308-a-1-ii-B","requirement:Information-Protection","scope:azure.storage","control:25.2","requirement:Workforce-Security","security:compliance","requirement:Configuration-Management","control:164.312-a-1","requirement:Azure","requirement:Apply-Secure-Configurations-to-All-System-Components","control:2.8","control:3.7","framework:cis-azure","control:2.2","framework:pci-dss","requirement:Data-Protection","framework:nist-800-53","source:azure.storage","requirement:Security-of-Processing","control:CM-6","control:A.18.1.3","framework:soc-2","control:A.9.2.3","control:PR.IP-1","control:32.1a","framework:fedramp-high","requirement:Logical-and-Physical-Access-Control","control:CC6.3","control:CC6.1"],"defaultTags":["requirement:Compliance","cloud_provider:azure","control:32.1a","framework:nist-800-53","scope:azure.storage","control:164.312-a-1","scored:true","requirement:Configuration-Management","control:2.2.1","requirement:Access-Control","framework:iso-27001","control:164.308-a-3-i","requirement:Information-Protection","level:1","framework:nist-csf","control:CC6.3","requirement:Security-of-Processing","control:CC6.1","control:A.9.2.3","requirement:Workforce-Security","requirement:Data-Protection","control:25.2","requirement:Logical-and-Physical-Access-Control","framework:hipaa","framework:gdpr","control:PR.IP-1","source:azure.storage","control:3.7","requirement:Storage-Accounts","control:A.18.1.3","control:164.308-a-1-ii-B","control:CM-6","control:2.8","requirement:Security-Management-Process","framework:cis-azure","requirement:Apply-Secure-Configurations-to-All-System-Components","framework:fedramp-high","control:2.2","framework:pci-dss","requirement:Azure","framework:soc-2","framework:dcsb-m","security:compliance"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-qnx","version":4,"name":"''Create + Policy Assignment'' activity log alert should be configured","createdAt":1695335294080,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015330005,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.1","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -80,8 +80,8 @@ interactions: and complete the creation process or select the appropriate action group.\n12. Under **Alert Rule Details**, enter the **Alert Rule Name** and **Description**.\n13. Select the appropriate resource group to save the alert to.\n14. Select the - **Enable alert rule upon creation** checkbox.\n15. Click **Create Alert Rule**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:5.2.1","control:A.12.4.1","requirement:Logging-and-Monitoring","framework:nist-800-53","level:1","framework:nist-800-171","framework:soc-2","control:AU-6","framework:iso-27001","requirement:Audit-and-Accountability","control:CC2.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["framework:nist-800-53","control:3.14.1","control:3.14.2","requirement:Systems-and-Information-Integrity","framework:soc-2","requirement:Audit-and-Accountability","framework:nist-800-171","scored:true","control:5.2.1","control:CC2.1","source:azure.activity_log","level:1","security:compliance","scope:azure.activity_log","framework:cis-azure","cloud_provider:azure","requirement:Communication-and-Information","control:A.12.4.1","control:AU-6","requirement:Operations-Security","framework:iso-27001","requirement:Logging-and-Monitoring"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-9q9","version":2,"name":"''Create - or Update Network Security Group'' activity log alert should be configured","createdAt":1695406412231,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.3"}],"filter":"","regoRule":{"policy":"package + **Enable alert rule upon creation** checkbox.\n15. Click **Create Alert Rule**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:5.2.1","control:A.12.4.1","requirement:Logging-and-Monitoring","framework:nist-800-53","level:1","framework:nist-800-171","framework:soc-2","control:AU-6","framework:fedramp-high","framework:iso-27001","requirement:Audit-and-Accountability","control:CC2.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:AU-6","source:azure.activity_log","requirement:Communication-and-Information","cloud_provider:azure","requirement:Systems-and-Information-Integrity","framework:cis-azure","scope:azure.activity_log","framework:soc-2","control:A.12.4.1","requirement:Operations-Security","control:3.14.2","control:3.14.1","framework:iso-27001","framework:nist-800-53","scored:true","control:5.2.1","security:compliance","control:CC2.1","level:1","framework:nist-800-171","requirement:Logging-and-Monitoring","requirement:Audit-and-Accountability","framework:fedramp-high"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-9q9","version":4,"name":"''Create + or Update Network Security Group'' activity log alert should be configured","createdAt":1695406412231,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015442517,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.3","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -110,8 +110,8 @@ interactions: To create a new action group, click **Create action group**. Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional - **Alert rule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","level:1","framework:nist-800-171","control:5.2.3","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","framework:soc-2","control:AU-6","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["control:AU-6","framework:cis-azure","scored:true","framework:iso-27001","requirement:Logging-and-Monitoring","requirement:Systems-and-Information-Integrity","framework:nist-800-171","control:5.2.3","control:3.14.1","control:3.14.2","framework:nist-800-53","level:1","control:CC2.1","control:CC7.1","control:A.12.4.1","source:azure.activity_log","cloud_provider:azure","requirement:Audit-and-Accountability","framework:soc-2","control:CC7.2","security:compliance","requirement:Operations-Security","requirement:System-Operations","requirement:Communication-and-Information","scope:azure.activity_log"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-bfa","version":2,"name":"''Create - or Update Public Ip Address'' activity log alert should be configured","createdAt":1695406412713,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.9"}],"filter":"","regoRule":{"policy":"package + **Alert rule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","level:1","framework:nist-800-171","control:5.2.3","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","framework:soc-2","control:AU-6","framework:fedramp-high","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Audit-and-Accountability","scope:azure.activity_log","control:CC7.2","framework:iso-27001","cloud_provider:azure","control:3.14.2","control:3.14.1","control:CC7.1","level:1","source:azure.activity_log","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:fedramp-high","control:CC2.1","scored:true","requirement:Communication-and-Information","control:AU-6","framework:nist-800-53","security:compliance","requirement:Operations-Security","control:5.2.3","framework:soc-2","framework:nist-800-171","control:A.12.4.1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-bfa","version":3,"name":"''Create + or Update Public Ip Address'' activity log alert should be configured","createdAt":1695406412713,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014920314,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.9","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -143,8 +143,8 @@ interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.9","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.9","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-w0f","version":2,"name":"''Create - or Update SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406413348,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.7"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.9","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.9","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-w0f","version":3,"name":"''Create + or Update SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406413348,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015217333,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.7","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -176,8 +176,8 @@ interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.7","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.7","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-059","version":2,"name":"''Create - or Update Security Solutions'' activity log alert should be configured","createdAt":1695406412988,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.5"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.7","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.7","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-059","version":3,"name":"''Create + or Update Security Solutions'' activity log alert should be configured","createdAt":1695406412988,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014956116,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.5","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -207,8 +207,8 @@ interactions: out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.5","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.5","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-rhj","version":2,"name":"''Delete - Network Security Group'' activity log alert should be configured","createdAt":1695406412766,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.4"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.5","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.5","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-rhj","version":3,"name":"''Delete + Network Security Group'' activity log alert should be configured","createdAt":1695406412766,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014510456,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.4","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -237,8 +237,8 @@ interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.4","framework:iso-27001","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:3.14.1","control:3.14.2","requirement:Systems-and-Information-Integrity","framework:soc-2","requirement:System-Operations","framework:nist-800-171","scored:true","control:CC2.1","source:azure.activity_log","level:1","control:5.2.4","security:compliance","scope:azure.activity_log","control:CC7.2","framework:cis-azure","cloud_provider:azure","control:CC7.1","requirement:Communication-and-Information","control:A.12.4.1","requirement:Operations-Security","framework:iso-27001","requirement:Logging-and-Monitoring"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-d1v","version":2,"name":"''Delete - Policy Assignment'' activity log alert should be configured","createdAt":1695406412546,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3"},{"framework":"iso-27001","version":"2","requirement":"Communications-Security","control":"A.13.1.1"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.1.2"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.2"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.4","framework:iso-27001","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:A.12.4.1","requirement:Communication-and-Information","control:CC7.1","cloud_provider:azure","framework:cis-azure","control:CC7.2","scope:azure.activity_log","security:compliance","control:5.2.4","level:1","source:azure.activity_log","control:CC2.1","scored:true","framework:nist-800-171","requirement:System-Operations","framework:soc-2","requirement:Systems-and-Information-Integrity","control:3.14.2","control:3.14.1","requirement:Logging-and-Monitoring","framework:iso-27001","requirement:Operations-Security"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-d1v","version":4,"name":"''Delete + Policy Assignment'' activity log alert should be configured","createdAt":1695406412546,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015365872,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Communications-Security","control":"A.13.1.1","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.1.2","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.2","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -267,8 +267,8 @@ interactions: Fill out the appropriate details for the selection.\n11. Select the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","requirement:Compliance","level:1","control:5.2.2","framework:nist-800-171","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Communications-Security","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","control:A.13.1.1","control:A.18.1.3","framework:soc-2","control:AU-6","control:A.9.1.2","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["framework:iso-27001","requirement:Communication-and-Information","framework:soc-2","requirement:Access-Control","control:5.2.2","control:CC7.2","control:CC7.1","control:AU-6","source:azure.activity_log","framework:cis-azure","framework:nist-800-53","framework:nist-800-171","control:A.12.4.1","requirement:Compliance","requirement:Operations-Security","control:A.13.1.1","requirement:Systems-and-Information-Integrity","scope:azure.activity_log","control:A.9.1.2","requirement:System-Operations","control:CC2.1","requirement:Audit-and-Accountability","security:compliance","control:3.14.1","control:3.14.2","requirement:Communications-Security","cloud_provider:azure","level:1","requirement:Logging-and-Monitoring","control:A.18.1.3","scored:true"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-2sc","version":2,"name":"''Delete - Public Ip Address Rule'' activity log alert should be configured","createdAt":1695406411919,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.10"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","requirement:Compliance","level:1","control:5.2.2","framework:nist-800-171","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Communications-Security","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","control:A.13.1.1","control:A.18.1.3","framework:soc-2","control:AU-6","control:A.9.1.2","framework:fedramp-high","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","requirement:Logging-and-Monitoring","control:CC7.1","framework:nist-800-171","control:CC7.2","control:3.14.2","control:3.14.1","control:CC2.1","control:A.18.1.3","level:1","requirement:Communications-Security","scope:azure.activity_log","control:A.9.1.2","requirement:Systems-and-Information-Integrity","scored:true","control:A.12.4.1","control:A.13.1.1","framework:soc-2","framework:nist-800-53","control:5.2.2","requirement:Audit-and-Accountability","control:AU-6","framework:fedramp-high","requirement:System-Operations","security:compliance","framework:cis-azure","source:azure.activity_log","requirement:Compliance","cloud_provider:azure"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-2sc","version":3,"name":"''Delete + Public Ip Address Rule'' activity log alert should be configured","createdAt":1695406411919,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015104777,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.10","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -299,8 +299,8 @@ interactions: To create a new action group, click **Create action group**. Fill out the appropriate details for the selection.\n11. Select the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional - **Alert\nrule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","control:5.2.10","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:5.2.10","control:CC6.8","requirement:Logging-and-Monitoring","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-77s","version":2,"name":"''Delete - SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406412914,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.8"}],"filter":"","regoRule":{"policy":"package + **Alert\nrule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","control:5.2.10","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","requirement:Logging-and-Monitoring","control:CC6.8","control:5.2.10","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-77s","version":3,"name":"''Delete + SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406412914,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014920291,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.8","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -332,7 +332,7 @@ interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.8","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.8","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]}],"meta":{"page":{"total_count":1744,"total_filtered_count":10}}} + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.8","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.8","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]}],"meta":{"page":{"total_count":2017,"total_filtered_count":10}}} ' headers: diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.frozen index e1c9e440e1..50af3bf1c4 100644 --- a/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.frozen @@ -1 +1 @@ -2024-05-10T16:34:48.765Z \ No newline at end of file +2024-11-22T13:52:07.331Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.yaml index cc1ed05c10..0f8150cbb5 100644 --- a/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_update_a_cloud_configuration_rules_details_returns_ok_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"isEnabled":false,"message":"Cloud - configuration rule","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package + configuration rule","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -19,7 +19,7 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"id":"efv-nza-5ev","version":1,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud","createdAt":1715358889053,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package + string: '{"id":"uao-sdg-mt8","version":1,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud","createdAt":1732283527664,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -38,7 +38,7 @@ interactions: code: 200 message: OK - request: - body: '{"cases":[{"notifications":[],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":false,"userGroupByFields":[]},"isEnabled":false,"message":"ddd","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud_updated","options":{"complianceRuleOptions":{"regoRule":{"policy":"package + body: '{"cases":[{"notifications":[],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":false,"userGroupByFields":[]},"isEnabled":false,"message":"ddd","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud_updated","options":{"complianceRuleOptions":{"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -53,10 +53,10 @@ interactions: content-type: - application/json method: PUT - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/efv-nza-5ev + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/uao-sdg-mt8 response: body: - string: '{"id":"efv-nza-5ev","version":2,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud_updated","createdAt":1715358889053,"creationAuthorId":1445416,"updateAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package + string: '{"id":"uao-sdg-mt8","version":2,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud_updated","createdAt":1732283527664,"creationAuthorId":1445416,"updateAuthorId":1445416,"updatedAt":1732283528223,"isDefault":false,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -80,7 +80,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/efv-nza-5ev + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/uao-sdg-mt8 response: body: string: '' diff --git a/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.frozen index 175df7f5ad..1f3eaa6786 100644 --- a/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.frozen @@ -1 +1 @@ -2024-05-10T16:34:54.978Z \ No newline at end of file +2024-11-22T13:52:12.595Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.yaml index 1acfca2628..91f5bc0f64 100644 --- a/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_update_an_existing_rule_returns_ok_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Update_an_existing_rule_returns_OK_response-1715358894","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}' + rule","name":"Test-Update_an_existing_rule_returns_OK_response-1732283532","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}' headers: accept: - application/json @@ -11,7 +11,7 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"id":"fu8-wg9-rsy","version":1,"name":"Test-Update_an_existing_rule_returns_OK_response-1715358894","createdAt":1715358895245,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + string: '{"id":"mza-hwt-ziu","version":1,"name":"Test-Update_an_existing_rule_returns_OK_response-1732283532","createdAt":1732283532973,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} ' @@ -23,17 +23,17 @@ interactions: message: OK - request: body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Update_an_existing_rule_returns_OK_response-1715358894-Updated","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[]}' + rule","name":"Test-Update_an_existing_rule_returns_OK_response-1732283532-Updated","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[]}' headers: accept: - application/json content-type: - application/json method: PUT - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fu8-wg9-rsy + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mza-hwt-ziu response: body: - string: '{"id":"fu8-wg9-rsy","version":2,"name":"Test-Update_an_existing_rule_returns_OK_response-1715358894-Updated","createdAt":1715358895245,"creationAuthorId":1445416,"updateAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + string: '{"id":"mza-hwt-ziu","version":2,"name":"Test-Update_an_existing_rule_returns_OK_response-1732283532-Updated","createdAt":1732283532973,"creationAuthorId":1445416,"updateAuthorId":1445416,"updatedAt":1732283533337,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} ' @@ -49,7 +49,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fu8-wg9-rsy + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mza-hwt-ziu response: body: string: ''