standard
turbot/azure_compliance

Trigger: Detect & correct Security Centers without notify alerts configured

Detect Security Centers without notify alerts configured.

Query

with contact_info as (
select
count(*) filter (
where
alert_notifications = 'On'
) as notification_alert_count,
subscription_id
from
azure_security_center_contact
group by
subscription_id
limit
1
)
select
sub.subscription_id as title,
sub._ctx ->> 'connection_name' as conn
from
azure_subscription sub
left join contact_info ci on sub.subscription_id = ci.subscription_id
where
not notification_alert_count > 0
or notification_alert_count is null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/SecurityCenter