turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_diagnostic_settingazure_express_route_circuitazure_firewallazure_key_vaultazure_key_vault_keyazure_key_vault_secretazure_kubernetes_clusterazure_locationazure_log_alertazure_log_profileazure_management_lockazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_resource_groupazure_role_assignmentazure_role_definitionazure_route_tableazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_settingazure_security_center_subscription_pricingazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_log_alert

Activity log alerts are the alerts that get activated when a new activity log event occurs that matches the conditions specified in the alert.

Examples

Basic info

select
name,
id,
type,
enabled
from
azure_log_alert;

List log alerts that check for create policy assignment events

select
name,
id,
type
from
azure_log_alert,
jsonb_array_elements(condition -> 'allOf') as l
where
l ->> 'equals' = 'Microsoft.Authorization/policyAssignments/write';

.inspect azure_log_alert

Azure Log Alert

NameTypeDescription
actionstextThe actions that will activate when the condition is met.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
conditionjsonbThe condition that will cause this alert to activate.
descriptiontextA description of this activity log alert.
enabledbooleanIndicates whether this activity log alert is enabled.
idtextThe resource Id.
locationtextThe location of the resource. Since Azure Activity Log Alerts is a global service, the location of the rules should always be 'global'.
nametextThe name of the resource.
regiontextThe Azure region/location in which the resource is located.
resource_grouptextThe resource group which holds this resource.
scopesjsonbA list of resourceIds that will be used as prefixes.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextType of the resource