/
WorkspaceSqlAuditingToLA_DINE.json
114 lines (114 loc) · 4.34 KB
/
WorkspaceSqlAuditingToLA_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
{
"properties": {
"displayName": "Configure Synapse workspaces to have auditing enabled to Log Analytics workspace",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "To ensure the operations performed against your SQL assets are captured, Synapse workspaces should have auditing enabled. If auditing is not enabled, this policy will configure auditing events to flow to the specified Log Analytics workspace.",
"metadata": {
"version": "1.0.0",
"category": "Synapse"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"logAnalyticsWorkspaceId": {
"type": "String",
"metadata": {
"displayName": "Log Analytics Workspace ID",
"description": "Auditing will write database events to this Log Analytics Workspace. This should be in the following format '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/{resourcegroup}/providers/Microsoft.OperationalInsights/workspaces/{logAnalyticsWorkspaceName}'",
"strongType": "omsWorkspace",
"assignPermissions": true
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Synapse/workspaces"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Synapse/workspaces/auditingSettings",
"name": "Default",
"existenceCondition": {
"field": "Microsoft.Synapse/workspaces/auditingSettings/state",
"equals": "Enabled"
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logAnalyticsWorkspaceId": {
"type": "string",
"minLength": 90
},
"synapseWorkspaceName": {
"type": "string",
"minLength": 3
}
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/providers/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"name": "[concat(parameters('synapseWorkspaceName'),'/microsoft.insights/SQLSecurityAuditEvents_3d229c42-c7e7-4c97-9a99-ec0d0d8b86c1')]",
"properties": {
"workspaceId": "[parameters('logAnalyticsWorkspaceId')]",
"logs": [
{
"category": "SQLSecurityAuditEvents",
"enabled": true
}
]
}
},
{
"name": "[concat(parameters('synapseWorkspaceName'),'/default')]",
"type": "Microsoft.Synapse/workspaces/auditingSettings",
"apiVersion": "2019-06-01-preview",
"properties": {
"State": "Enabled",
"isAzureMonitorTargetEnabled": true
}
}
]
},
"parameters": {
"synapseWorkspaceName": {
"value": "[field('name')]"
},
"logAnalyticsWorkspaceId": {
"value": "[parameters('logAnalyticsWorkspaceId')]"
}
}
}
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/32ba8d30-07c0-4136-ab18-9a11bf4a67b7",
"name": "32ba8d30-07c0-4136-ab18-9a11bf4a67b7"
}