Skip to main content

πŸ”Œ Azure Subscription - object.extracts.yaml

  • Contextual name: πŸ”Œ object.extracts.yaml
  • ID: /types/CA10__CaAzureAccount__c/object.extracts.yaml
  • Located in: πŸ“• Azure Subscription

Used In​

LogicPolicyFlags
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Subscription Log Analytics Agent is not auto provisioned 🟒🟒 x3
🧠 prod.logic.yaml πŸ”΄πŸŸ’πŸ“ Azure Subscription Network Watcher is not enabled in every available region πŸŸ’πŸ”΄ x1, 🟒 x2
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Subscription Security Alert Notifications additional email address is not configured 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Subscription Security Alert Notifications for alerts with High severity are not configured 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Subscription Security Alert Notifications to subscription owners are not configured 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Microsoft Defender For Cloud Integration With Microsoft Defender For Cloud Apps is not enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Microsoft Defender For Cloud Integration With Microsoft Defender For Endpoint is not enabled 🟒🟒 x3

Content​

Open File

---
extracts:
# Not Nullable.
  - name: "CA10__availableLocationNames__c"
    value: 
      FIELD:
        path: "CA10__availableLocationNames__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__availableLocationNames__c"
            currentStateMessage: "Unable to determine Subscription Available Locations. Possible permission issue withMicrosoft.Resources/subscriptions/locations/read"
  - name: "caJsonFrom_availableLocationNames__c"
    value:
      JSON_FROM:
        arg:
          EXTRACT: "CA10__availableLocationNames__c"
        undeterminedIf:
          isInvalid: "Subscription Available Locations JSON is invalid."
  - name: "CA10__subscriptionId__c"
    value: 
      FIELD:
        path: "CA10__subscriptionId__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Subscription ID cannot be empty."
# Not Nullable
  - name: "CA10__securityCenterAutoProvisioning__c"
    value: 
      FIELD:
        path: "CA10__securityCenterAutoProvisioning__c"
        returnType: BYTES
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__securityCenterAutoProvisioning__c"
            currentStateMessage: "Unable to determine Auto Provisioning Settings. Possible permission issue with Microsoft.Security/autoProvisioningSettings" 
# Not Nullable
  - name: "CA10__securityCenterContacts__c"
    value: 
      FIELD:
        path: "CA10__securityCenterContacts__c"
        returnType: BYTES
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__securityCenterContacts__c"
            currentStateMessage: "Unable to determine Security Contacts. Possible permission issue with Microsoft.Security/securityContacts" 
  - name: "caJsonFrom__securityCenterContacts__c"
    value: 
      JSON_FROM:
        arg: 
          EXTRACT: "CA10__securityCenterContacts__c"
        undeterminedIf:
          isInvalid: "Security Center Contacts JSON is invalid."
          isEmpty: "Unable to determine Security Contacts. Possible permission issue with Microsoft.Security/securityContacts"
# Security Center: Contacts properties.notificationsByRole roles for the default contact
# notificationsByRoleRoles is a string that contains roles separated by comma
# Values: AccountAdmin, Contributor, Owner, ServiceAdmin.
  - name: "caJsonQueryBoolean__securityCenterContacts_default_roles__c"
    value: 
      JSON_QUERY_TEXT:
        arg: 
          EXTRACT: "caJsonFrom__securityCenterContacts__c"
        expression: "to_string([? name == 'default'].notificationsByRoleRoles | [0])"
        undeterminedIf: 
          evaluationError: "The JSON query has failed."
          resultTypeMismatch: "The JSON query did not return text type."
# Security Center: Contacts properties.notificationsByRole state for the default contact
# Values: On, Off.
  - name: "caJsonQueryText__securityCenterContacts_default_state__c"
    value: 
      JSON_QUERY_TEXT:
        arg: 
          EXTRACT: "caJsonFrom__securityCenterContacts__c"
        expression: "[? name == 'default'].notificationsByRoleState | [0]"
        undeterminedIf: 
          evaluationError: "The JSON query has failed."
          resultTypeMismatch: "The JSON query did not return text type."
# Security Center: Contacts email for the default contact
# email is a string that contains values separated by comma
  - name: "caJsonQueryText__securityCenterContacts_default_email__c"
    value: 
      JSON_QUERY_TEXT:
        arg: 
          EXTRACT: "caJsonFrom__securityCenterContacts__c"
        expression: "[? name == 'default' && email != ''].email | [0]"
        undeterminedIf: 
          evaluationError: "The JSON query has failed."
          resultTypeMismatch: "The JSON query did not return text type."
# Values: On, Off.
  - name: "caJsonQueryText__securityCenterContacts_default_alert_notifications__c"
    value: 
      JSON_QUERY_TEXT:
        arg: 
          EXTRACT: "caJsonFrom__securityCenterContacts__c"
        expression: "[? name == 'default'].alertNotifications | [0]"
        undeterminedIf: 
          evaluationError: "The JSON query has failed."
          resultTypeMismatch: "The JSON query did not return text type."
# Values: High, Medium, Low.
  - name: "caJsonQueryText__securityCenterContacts_default_alert_notifications_severity__c"
    value: 
      JSON_QUERY_TEXT:
        arg: 
          EXTRACT: "caJsonFrom__securityCenterContacts__c"
        expression: "[? name == 'default'].alertNotificationsMinimalSeverity | [0]"
        undeterminedIf: 
          evaluationError: "The JSON query has failed."
          resultTypeMismatch: "The JSON query did not return text type."
# Not Nullable
  - name: "CA10__defenderForCloudSettingsJson__c"
    value: 
      FIELD:
        path: "CA10__defenderForCloudSettingsJson__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__defenderForCloudSettingsJson__c"
            currentStateMessage: "Unable to determine Microsoft Defender for Cloud Settings. Possible permission issue with Microsoft.Security/settings" 
  - name: "caJsonFrom__defenderForCloudSettings__c"
    value: 
      JSON_FROM:
        arg: 
          EXTRACT: "CA10__defenderForCloudSettingsJson__c"
        undeterminedIf:
          isInvalid: "Security Center Contacts JSON is invalid."
          isEmpty: "Unable to determine Security Contacts. Possible permission issue with Microsoft.Security/settings"