More Info:
Monitoring for Delete policy assignment events gives insight into changes done in ‘azure policy - assignments’ and may reduce the time it takes to detect unsolicited changes.Risk Level
LowAddress
Security, Operational MaturityCompliance Standards
CISAZURE, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Policy Assignment” in Azure using the Azure console, please follow the below steps:
- Log in to the Azure portal using your credentials.
- Navigate to the “Activity Log Alerts” page.
- Click on the “Add” button to create a new activity log alert.
- In the “Basics” tab, provide a name and description for the alert.
- In the “Condition” tab, select the “Delete Policy Assignment” option from the “Event name” dropdown list.
- In the “Actions” tab, select the action that you want to perform when the alert is triggered. For example, you can send an email notification to the concerned team.
- In the “Review + create” tab, review the alert configuration and click on the “Create” button to create the alert.
Using CLI
Using CLI
To remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Policy Assignment” in Azure using Azure CLI, you can follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command:Step 2: Check if there is any existing activity log alert for Delete Policy Assignment using the command:If the output of the above command is empty, it means there is no activity log alert for Delete Policy Assignment.Step 3: Create an activity log alert for Delete Policy Assignment using the command:Replace The output of the above command should show the newly created activity log alert.By following the above steps, you can remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Policy Assignment” in Azure using Azure CLI.
<AlertName>
with a name for the alert, <Description>
with a description for the alert, and <ActionGroupResourceId>
with the resource ID of the action group to which the alert should send notifications.Step 4: Verify that the activity log alert for Delete Policy Assignment has been created using the command:Using Python
Using Python
To remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Policy Assignment” in Azure using Python, you can follow the below steps:Step 1: Login to Azure using Python SDK.Step 2: Check if an Activity Log Alert exists for Delete Policy Assignment.Step 3: Create an Activity Log Alert for Delete Policy Assignment if it does not exist.By following these steps, you can remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Policy Assignment” in Azure using Python.