From 91d9436df7042007e4223a3ba1ff11f1885db272 Mon Sep 17 00:00:00 2001 From: Buckingham Date: Wed, 31 Jan 2024 14:27:06 +0000 Subject: [PATCH] Update_310124_3 --- .../environments/ppud/cloudwatch_windows.tf | 115 +----------------- 1 file changed, 6 insertions(+), 109 deletions(-) diff --git a/terraform/environments/ppud/cloudwatch_windows.tf b/terraform/environments/ppud/cloudwatch_windows.tf index 040647e96ff..74ee582b59b 100644 --- a/terraform/environments/ppud/cloudwatch_windows.tf +++ b/terraform/environments/ppud/cloudwatch_windows.tf @@ -307,13 +307,14 @@ resource "aws_cloudwatch_log_metric_filter" "MalwareScan-Started" { count = local.is-production == true ? 1 : 0 name = "MalwareScan-Started" log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus scan has started." + pattern = "[date, time, Instance, MalwareScan-Started, status=1000]" metric_transformation { name = "MalwareScan-Started" namespace = "WindowsDefender" value = "1" - dimensions = { + dimensions = { Instance = "$Instance" + MalwareScan-Started = "$MalwareScan-Started" } } } @@ -322,118 +323,14 @@ resource "aws_cloudwatch_log_metric_filter" "MalwareScan-Finished" { count = local.is-production == true ? 1 : 0 name = "MalwareScan-Finished" log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus scan has finished." + pattern = "[date, time, Instance, MalwareScan-Finished, status=1001]" metric_transformation { name = "MalwareScan-Finished" namespace = "WindowsDefender" value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareScan-Stopped" { - count = local.is-production == true ? 1 : 0 - name = "MalwareScan-Stopped" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus scan has been stopped before completion." - metric_transformation { - name = "MalwareScan-Stopped" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareScan-Failed" { - count = local.is-production == true ? 1 : 0 - name = "MalwareScan-Failed" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus scan has failed." - metric_transformation { - name = "MalwareScan-Failed" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareBehavior-Detected" { - count = local.is-production == true ? 1 : 0 - name = "MalwareBehavior-Detected" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus detected a suspicious behavior." - metric_transformation { - name = "MalwareBehavior-Detected" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareState-Detected" { - count = local.is-production == true ? 1 : 0 - name = "MalwareState-Detected" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus has detected malware or other potentially unwanted software." - metric_transformation { - name = "MalwareState-Detected" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareSignatureUpdate-Failed" { - count = local.is-production == true ? 1 : 0 - name = "MalwareSignatureUpdate-Failed" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus has encountered an error trying to update security intelligence." - metric_transformation { - name = "MalwareSignatureUpdate-Failed" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareEngineUpdate-Failed" { - count = local.is-production == true ? 1 : 0 - name = "MalwareEngineUpdate-Failed" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus has encountered an error trying to update the engine." - metric_transformation { - name = "MalwareEngineUpdate-Failed" - namespace = "WindowsDefender" - value = "1" - dimensions = { - Instance = "$Instance" - } - } -} - -resource "aws_cloudwatch_log_metric_filter" "MalwareEngineUpdate-OutofDate" { - count = local.is-production == true ? 1 : 0 - name = "MalwareEngineUpdate-OutofDate" - log_group_name = aws_cloudwatch_log_group.Windows-Defender-Logs[count.index].name - pattern = "Microsoft Defender Antivirus could not load antimalware engine because current platform version is not supported." - metric_transformation { - name = "MalwareEngineUpdate-OutofDate" - namespace = "WindowsDefender" - value = "1" - dimensions = { + dimensions = { Instance = "$Instance" + MalwareScan-Finished = "$MalwareScan-Finished" } } } \ No newline at end of file