Merge pull request #429 from gumoden/master

shabaz-github · web-flow · commit 2c398de71a31 · 2025-02-28T21:26:47.000+05:30
Azure Policy - Ensure Resource Specific Logs are enabled on Application Gateway WAFs
diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Ensure Resource Specific Logs are Enabled on Application Gateway WAF/Ensure Resource Specific Logs are Enabled on Application Gateway WAF.json b/Azure WAF/Policy - Azure Policy Definitions/Policy - Ensure Resource Specific Logs are Enabled on Application Gateway WAF/Ensure Resource Specific Logs are Enabled on Application Gateway WAF.json
@@ -0,0 +1,55 @@
+{
+    "properties": {
+      "displayName": "Ensure Resource Specific Logs are Enabled on Application Gateway WAF",
+      "policyType": "Custom",
+      "mode": "All",
+      "description": "This Policy ensures that the Resource Specific Logs are enabled while configuring the diagnostic settings for Application Gateway WAF.",
+      "metadata": {
+        "version": "1.0.0",
+        "category": "Network"
+      },
+      "parameters": {
+        "effect": {
+          "type": "String",
+          "metadata": {
+            "displayName": "Effect",
+            "description": "Enable or disable the execution of the policy"
+          },
+          "allowedValues": [
+            "AuditIfNotExists"
+          ],
+          "defaultValue": "AuditIfNotExists"
+        }
+      },
+      "policyRule": {
+        "if": {
+          "field": "type",
+          "equals": "Microsoft.Network/applicationGateways"
+        },
+        "then": {
+          "effect": "[parameters('effect')]",
+          "details": {
+            "type": "Microsoft.Insights/diagnosticSettings",
+            "existenceCondition": {
+              "allOf": [
+                {
+                  "count": {
+                    "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
+                    "where": {
+                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled",
+                      "equals": true
+                    }
+                  },
+                  "greater": 0
+                },
+                {
+                  "field": "Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType",
+                  "equals": "Dedicated"
+                }
+              ]
+            }
+          }
+        }
+      }
+    }
+  }
diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Ensure Resource Specific Logs are Enabled on Application Gateway WAF/README.md b/Azure WAF/Policy - Azure Policy Definitions/Policy - Ensure Resource Specific Logs are Enabled on Application Gateway WAF/README.md
@@ -0,0 +1,17 @@
+# Ensure Resource Specific Logs are Enabled on Application Gateway WAF - JSON
+
+These are the Azure Policy Definition scripts to find all AppGWs (Includes WAF Logs) and flag as non-compliant if logs, metrics and workspace is not configured in diagnostic settings to use the Resource Specific destination table.
+
+## Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
