diff --git a/docs/content/patterns/alz/Alerts-Details.md b/docs/content/patterns/alz/Alerts-Details.md index c343dc9e6..1e6947db0 100644 --- a/docs/content/patterns/alz/Alerts-Details.md +++ b/docs/content/patterns/alz/Alerts-Details.md @@ -4,43 +4,44 @@ geekdocCollapseSection: true weight: 30 --- -The following metric alerts have been defined and can deployed within your landing zones via Azure Policy. +Specific alerts for ALZ can be downloaded by clicking on the Download icon (highlighted in red below)in the top right corner of the AMBA documentation. -The resources, metric alerts and their settings provide you with a starting point to help you address the following monitoring questions: -"What should we monitor in Azure?" and "What alert settings should we use?" While they are opinionated settings and they are meant to cover the most common Azure Landing Zone components, we encourage you to adjust these settings to suit your monitoring needs based on how you're using Azure. +![Alert-Details Download icon](media/AlertDetailsDownloadReference.png) -If you have suggestions for other resources that should be included please open an Issue on this page providing the Azure resource provider and settings you'd like implemented, we can't promise to implement them all but we will look into it. Or if you'd like to contribute directly, follow the steps on how to contribute [here](../../../contributing/patterns). +The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the [Policy-Initiatives](docs/content/patterns/alz/Policy-Initiatives.md) page. +The resources, metric alerts and their settings provide you with a starting point to help you address the following monitoring questions: +"What should we monitor in Azure?" and "What alert settings should we use?" While they are opinionated settings and they are meant to cover the most common Azure Landing Zone components, we encourage you to adjust these settings to suit your monitoring needs based on how you're using Azure. +If you have suggestions for other resources that should be included please open an Issue on this page providing the Azure resource provider and settings you'd like implemented, we can't promise to implement them all but we will look into it. Or if you'd like to contribute directly, follow the steps on how to contribute [here](../../../contributing/). -## Metric Alerts Settings +## Azure Landing Zone Metric Alerts Settings The values shown for Aggregation, Operator, Threshold, WindowSize, Frequency and Severity have been derived from field experience and what customers have implemented themselves; Alerts are based on Microsoft public guidance where available (indicated by a 'Yes' in the Verified column), and on practical application experience where public guidance is not available (indicated by a 'No' in the Verified column). Links to Product Group guidance can be found in the References column and when no guidance is provided we've provided a link to the description of the Metric on learn.microsoft.com. The Scope column details where we scoped the alerts as described in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern). - Only a small number of the resources support metric alert rules scoped at the subscription level and the metric alerts would only apply to resources deployed within the same region. The Support for Multiple Resources column to show which resources support metric alerts being scoped at the subscription level. For a complete list of which resources support metrics alert rules scoped at the subscription level click [here](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#monitor-multiple-resources). -> **NOTE**: There are hidden columns within the table, to scroll across you need to go to the bottom of the table to scroll and this is a limitation within tables in GitHub. If you have any suggestions to improving this expeirence please do get in touch via a PR or raise an issue, thank you. +> **NOTE**: We have tried to make it so that the table doesn't require a lot of side to side scrolling, but it is still a lot of information, we recommended that you click on the specifc alert name which will take you directly to the JSON definition of the alert you're interested in. {{< alzMetricAlerts >}} 1 See "Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?" in the [FAQ](FAQ.md) for more details. -## Activity Log Alerts +## Azure Landing Zone Activity Log Alerts -### Activity Log Resource Health +### Azure Landing Zone Activity Log Resource Health Use the following two sections to quickly know when there's a Service Health issue with an Azure resource, saving you the effort of further troubleshooting and allow you to focus on communicating to your user base and/or use these alerts as part of your business continuity actions (remediations). {{< alzActivityLogResourceHealthAlerts >}} -### Service Health Alerts +### Azure Landing Zone Service Health Alerts {{< alzActivityLogServiceHealthAlerts >}} -### Activity Log Administrative +### Azure Landing Zone Activity Log Administrative The following table lists a number of operational Activity Log alerts to alert your team when certain resources have been deleted. diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 1230aeedb..2d0e1c48e 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -14,44 +14,44 @@ This initiative is intended for assignment of policies relevant to networking co | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsin_alert.json) | deployIfNotExists | -| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsout_alert.json) | deployIfNotExists| -| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bgppeerstatus_alert.json) | deployIfNotExists| -| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutecpuutilization_alert.json) | deployIfNotExists| -| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egress_alert.json) | disabled| -| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingress_alert.json) | disabled | -| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egress_alert.json) | disabled | -| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropcount_alert.json) | deployIfNotExists| -| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropmismatch_alert.json) | deployIfNotExists| -| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingress_alert.json) | disabled | -| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropcount_alert.json) | deployIfNotExists| -| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_capacityutilization_alert.json) | deployIfNotExists| -| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_queryvolume_alert.json) | disabled | -| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_recordsetcapacity_alert.json) | deployIfNotExists | -| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_registrationcapacityutilization_alert.json) | deployIfNotExists| -| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsinpersecond_alert.json) | disabled| -| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsoutpersecond_alert.json) | disabled| -| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_expressroutecpuutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutebitspersecond_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropcount_alert.json) | deployIfNotExists | -| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_bgpavailability_alert.json) | deployIfNotExists | -| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_arpavailability_alert.json) | deployIfNotExists | -| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_snatportutilization_alert.json) | deployIfNotExists | -| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_firewallhealth_alert.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | -| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-AzureFirewall-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | -| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-VPNGate-Del.json) | deployIfNotExists | +| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../blob/main/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../blob/main/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json) | deployIfNotExists| +| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json) | deployIfNotExists| +| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json) | deployIfNotExists| +| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json) | disabled| +| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json) | disabled | +| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json) | disabled | +| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json) | deployIfNotExists| +| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists| +| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json) | disabled | +| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../blob/main/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json) | deployIfNotExists| +| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../blob/main/services/Network/vpnGateways/deploy-vpng_ingresspacketdropmismatch_alert.json) | deployIfNotExists | +| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../blob/main/services/Network/privateDnsZones/Deploy-PDNSZ_CapacityUtilization_Alert.json) | deployIfNotExists| +| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../blob/main/services/Network/privateDnsZones/Deploy-PDNSZ_QueryVolume_Alert.json) | disabled | +| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../blob/main/services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json) | deployIfNotExists | +| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../blob/main/services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json) | deployIfNotExists| +| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../blob/main/services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json) | disabled| +| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../blob/main/services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json) | disabled| +| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../blob/main/services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../blob/main/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../blob/main/services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../blob/main/azure-monitor-baseline-alerts/services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json) | deployIfNotExists | +| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../blob/main/services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json) | deployIfNotExists | +| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../blob/main/services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | +| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | +| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | +| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../blob/main/services/Network/azureFirewalls/Deploy-ActivityLog-AzureFirewall-Del.json) | deployIfNotExists | +| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | +| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | +| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../blob/main/services/Network/vpnGateways/Deploy-ActivityLog-VPNG-Del.json) | deployIfNotExists | ## Management initiative @@ -59,11 +59,11 @@ This initiative is intended for assignment of policies relevant to management co | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_AA_TotalJob_Alert | [deploy-aa_totaljob_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-aa_totaljob_alert.json) | deployIfNotExists | -| Deploy_RecoveryVault_BackupHealth_Alert | [deploy-rv_backuphealth_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-rv_backuphealth_alert.json) | modify | -| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-sa_availability_alert.json) | deployIfNotExists | -| Deploy_activitylog_LAWorkspace_Delete | [deploy-activitylog-LAWorkspace-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-LAWorkspace-Del.json) | deployIfNotExists | -| Deploy_activitylog_LAWorkspace_KeyRegen | [deploy-activitylog-LAWorkspace-ReGen.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-LAWorkspace-ReGen.json) | deployIfNotExists | +| Deploy_AA_TotalJob_Alert | [deploy-aa_totaljob_alert.json](../blob/main/services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json) | deployIfNotExists | +| Deploy_RecoveryVault_BackupHealth_Alert | [deploy-rv_backuphealth_alert.json](../blob/main/services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | +| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../blob/main/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | +| Deploy_activitylog_LAWorkspace_Delete | [deploy-activitylog-LAWorkspace-Del.json](../blob/main/services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-Del.json) | deployIfNotExists | +| Deploy_activitylog_LAWorkspace_KeyRegen | [deploy-activitylog-LAWorkspace-ReGen.json](../blob/main/services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-KeyRegen.json) | deployIfNotExists | ## Identity initiative @@ -71,11 +71,11 @@ This initiative is intended for assignment of policies relevant to identity comp | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_requests_alert.json) | disabled | -| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_availability_alert.json) | disabled | -| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_latency_alert.json) | disabled | -| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_capacity_alert.json) | disabled | -| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-KeyVault-Del.json) | deployIfNotExists | +| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json | disabled | +| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | disabled | +| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | disabled | +| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | disabled | +| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../blob/main/services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | ## Landing Zone initiative @@ -83,31 +83,31 @@ This initiative is intended for assignment of policies relevant to a landing zon | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-sa_availability_alert.json) | deployIfNotExists | -| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_requests_alert.json) | disabled | -| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_availability_alert.json) | deployIfNotExists- | -| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_latency_alert.json) | deployIfNotExists | -| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_capacity_alert.json) | deployIfNotExists | -| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-KeyVault-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | -| Deploy_RecoveryVault_BackupHealthMonitor_Alert | [deploy-rv_backuphealth_monitor.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-rv_backuphealth_monitor.json) | modify | -| Deploy_VM_HeartBeat_Alert | [deploy-vm-HeartBeat_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-HeartBeat_alert.json) | deployIfNotExists | -| Deploy_VM_NetworkIn_Alert | [deploy-vm-NetworkIn_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-NetworkIn_alert.json) | deployIfNotExists | -| Deploy_VM_NetworkOut_Alert | [deploy-vm-NetworkOut_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-NetworkOut_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskreadLatency_Alert | [deploy-vm-OSDiskreadLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskreadLatency_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskwriteLatency_Alert | [deploy-vm-OSDiskwriteLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskwriteLatency_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskSpace_Alert | [deploy-vm-OSDiskSpace_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskSpace_alert.json) | deployIfNotExists | -| Deploy_VM_CPU_Alert | [deploy-vm-PercentCPU_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-PercentCPU_alert.json) | deployIfNotExists | -| Deploy_VM_Memory_Alert | [deploy-vm-PercentMemory_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-PercentMemory_alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskSpace_alert.json) | deployIfNotExists | +| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../blob/main/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | +| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled | +| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | deployIfNotExists- | +| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | deployIfNotExists | +| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../blob/main/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | deployIfNotExists | +| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../blob/main/services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | +| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | +| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.jsonn) | deployIfNotExists | +| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | +| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | +| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | +| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_RecoveryVault_BackupHealthMonitor_Alert | [deploy-rv_backuphealth_monitor.json](../blob/main/services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | +| Deploy_VM_HeartBeat_Alert | [deploy-vm-HeartBeat_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json) | deployIfNotExists | +| Deploy_VM_NetworkIn_Alert | [deploy-vm-NetworkIn_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json) | deployIfNotExists | +| Deploy_VM_NetworkOut_Alert | [deploy-vm-NetworkOut_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskreadLatency_Alert | [deploy-vm-OSDiskreadLatency_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskwriteLatency_Alert | [deploy-vm-OSDiskwriteLatency_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskSpace_Alert | [deploy-vm-OSDiskSpace_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json) | deployIfNotExists | +| Deploy_VM_CPU_Alert | [deploy-vm-PercentCPU_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json) | deployIfNotExists | +| Deploy_VM_Memory_Alert | [deploy-vm-PercentMemory_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json) | deployIfNotExists | +| Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json) | deployIfNotExists | | Deploy_VM_dataDiskReadLatency_Alert | [deploy-vm-dataDiskreadLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskreadLatency_alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskwriteLatency_alert.json) | deployIfNotExists | +| Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../blob/main/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json) | deployIfNotExists | ## Service Health initiative @@ -115,9 +115,9 @@ This initiative is intended for assignment of policies relevant to service healt | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_activitylog_ServiceHealth_SecurityAdvisory | [deploy-activitylog-ServiceHealth-Security.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-ServiceHealth-Security.json) | deployIfNotExists | -| Deploy_activitylog_ResourceHealth_Unhealthy_Alert | [deploy-activitylog-ResourceHealth-UnHealthly-alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-ResourceHealth-UnHealthly-alert.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_HealthAdvisory | [deploy-activitylog-ServiceHealth-Health.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-ServiceHealth-Health.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_Incident | [deploy-activitylog-ServiceHealth-Incident.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-ServiceHealth-Incident.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_Maintenance | [deploy-activitylog-ServiceHealth-Maintenance.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-ServiceHealth-Maintenance.json) | deployIfNotExists | -| Deploy_AlertProcessing_Rule | [deploy-alertprocessingrule-deploy.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-alertprocessingrule-deploy.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_SecurityAdvisory | [deploy-activitylog-ServiceHealth-Security.json](../blob/main/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json) | deployIfNotExists | +| Deploy_activitylog_ResourceHealth_Unhealthy_Alert | [deploy-activitylog-ResourceHealth-UnHealthly-alert.json](../blob/main/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_HealthAdvisory | [deploy-activitylog-ServiceHealth-Health.json](../blob/main/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_Incident | [deploy-activitylog-ServiceHealth-Incident.json](../blob/main/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_Maintenance | [deploy-activitylog-ServiceHealth-Maintenance.json](../blob/main/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json) | deployIfNotExists | +| Deploy_AlertProcessing_Rule | [deploy-alertprocessingrule-deploy.json](../blob/main/services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json) | deployIfNotExists | diff --git a/docs/content/patterns/alz/media/AlertDetailsDownloadReference.png b/docs/content/patterns/alz/media/AlertDetailsDownloadReference.png new file mode 100644 index 000000000..6eb37f7c2 Binary files /dev/null and b/docs/content/patterns/alz/media/AlertDetailsDownloadReference.png differ diff --git a/services/Automation/automationAccounts/alerts.yaml b/services/Automation/automationAccounts/alerts.yaml index d6cd9cb0e..142714c8d 100644 --- a/services/Automation/automationAccounts/alerts.yaml +++ b/services/Automation/automationAccounts/alerts.yaml @@ -17,9 +17,9 @@ criterionType: StaticThresholdCriterion dimensions: - Status: - operator: Exclude - values: - - Completed + operator: Exclude + values: + - Completed autoMitigate: false references: - name: Azure Automation Azure Monitor Metrics @@ -58,8 +58,7 @@ threshold: 0.0 autoMitigate: false - name: TotalUpdateDeploymentMachineRuns - description: Total software update deployment machine runs in a software update - deployment run + description: Total software update deployment machine runs in a software update deployment run type: Metric verified: false visible: false