Activity Log Alert Does Not Exist for Create Policy Assignment

Overview

Create an activity log alert for the Create Policy Assignment event.

Monitoring for create policy assignment events gives insight into changes done in "Azure policy - assignments" and can reduce the time it takes to detect unsolicited changes.

Vendor

Azure

Cloud Service

Monitor

CIS Azure v2.0.0 5.2.1

References

https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement, https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log, https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate, https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid, https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-3-enable-logging-for-security-investigation, https://docs.microsoft.com/en-in/rest/api/policy/policy-assignments, https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log

Severity

Item Types

Custom::Microsoft::Subscription

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​