standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers without additional email configured

Detect Security Centers without additional email configured.

Query

with contact_info as (
select
jsonb_agg(email) filter (
where
name = 'default'
and email != ''
) as default_email,
count(*) filter (
where
name != 'default'
) as non_default_count,
count(*) filter (
where
name = 'default'
) as default_count,
subscription_id
from
azure_security_center_contact
group by
subscription_id
limit
1
)
select
sub.subscription_id as title,
sub._ctx ->> 'connection_name' as conn
from
azure_subscription sub
left join contact_info ci on sub.subscription_id = ci.subscription_id
where
not non_default_count > 0
or non_default_count is null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter