standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers with security alerts to owner disabled

Detect Security Centers with security alerts to owner disabled.

Query

with contact_info as (
select
count(*) filter (
where
alerts_to_admins = 'On'
) as admin_alert_count,
subscription_id
from
azure_security_center_contact
group by
subscription_id
limit
1
)
select
sub.subscription_id as title,
sub._ctx ->> 'connection_name' as conn
from
azure_subscription sub
left join contact_info ci on sub.subscription_id = ci.subscription_id
where
not admin_alert_count > 0
or admin_alert_count is null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter