This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region LogEntry class definition | |
# Defining your custom categories using enum type | |
enum OperationResultList : byte { | |
Disabled | |
Deleted | |
Detected | |
} | |
# Defining your custom PowerShell class for log entries | |
class LogEntry { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
enum OperationResultList : byte { | |
Disabled | |
Deleted | |
Detected | |
} | |
class LogEntry { | |
[OperationResultList] $OperationResult | |
[ValidateNotNullOrEmpty()] [string] $OperationDetails |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function New-LogEntry { | |
<# | |
.SYNOPSIS | |
Push a new log entry(s) to a Data Collection Endpoint | |
.DESCRIPTION | |
The New-LogEntry cmdlet sends provided JSON payload to the target Data Collection Endpoint | |
to be processed by Data Collection Rule and logged to an underlying Log Analytics workspace | |
.PARAMETER DceEndpoint | |
Data collection endpoint (DCE) to send collected data for processing and ingestion into Azure Monitor | |
.PARAMETER DcrImmutableId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region Creating your log entries | |
$logEntry1 = [PSCustomObject]@{ | |
OperationResult = 'Disabled' | |
OperationDetails = 'Some operation details goes here...' | |
} | |
$logEntry2 = [PSCustomObject]@{ | |
OperationResult = 'Deleted' | |
OperationDetails = 'Some operation details goes here...' | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resourcechanges | |
| where resourceGroup =~ '{ResourceGroup:resourcegroup}' | |
| extend changeTime = todatetime(properties.changeAttributes.timestamp), | |
targetResourceId = tostring(properties.targetResourceId), | |
changeType = tostring(properties.changeType), | |
correlationId = properties.changeAttributes.correlationId, | |
changedProperties = properties.changes, | |
changeCount = properties.changeAttributes.changesCount | |
| where changeTime < todatetime('{fireTime}') | |
| order by changeTime desc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alertsmanagementresources | |
| where properties.essentials.targetResourceGroup =~ '{ResourceGroup:resourcegroup}' | |
| where properties.essentials.startDateTime {TimeRange} | |
| where properties.essentials.monitorCondition in ({AlertCondition}) | |
| extend severity = tostring(properties.essentials.severity), | |
alertCondition = tostring(properties.essentials.monitorCondition), | |
userResponse = tostring(properties.essentials.alertState), | |
targetResource = tostring(properties.essentials.targetResource), | |
fireTime = todatetime(properties.essentials.startDateTime) | |
| order by fireTime desc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alertsmanagementresources | |
| where properties.essentials.targetResourceGroup =~ 'your_resource_group_name' | |
| where properties.essentials.monitorCondition =~ 'Fired' | |
| extend severity = tostring(properties.essentials.severity), | |
alertCondition = tostring(properties.essentials.monitorCondition), | |
userResponse = tostring(properties.essentials.alertState), | |
targetResource = tostring(properties.essentials.targetResource), | |
fireTime = todatetime(properties.essentials.startDateTime) | |
| order by fireTime desc | |
| project name, severity, alertCondition, userResponse, targetResource, fireTime, properties |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resourcechanges | |
| where resourceGroup =~ 'your_resource_group_name' | |
| extend changeTime = todatetime(properties.changeAttributes.timestamp), | |
targetResourceId = tostring(properties.targetResourceId), | |
changeType = tostring(properties.changeType), | |
correlationId = properties.changeAttributes.correlationId, | |
changedProperties = properties.changes, | |
changeCount = properties.changeAttributes.changesCount | |
| order by changeTime desc | |
| project changeTime, targetResourceId, changeType, correlationId, changeCount, changedProperties |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"parameters": { | |
"tagPattern": { | |
"type": "String", | |
"metadata": { | |
"displayName": "Tag pattern", | |
"description": "An expressions for \"notMatch\" condition" | |
} | |
} | |
// Other policy parameters... | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"parameters": { | |
"tagAllowedValues": { | |
"type": "Array", // You can provide allowed tag values as numerics ["1", "2", "3"]. Just remember that they are still treated as strings | |
"metadata": { | |
"displayName": "Tag allowed values", | |
"description": "List of allowed options" | |
} | |
} | |
// Other policy parameters... | |
}, |
NewerOlder