Anthony Watherston anwather

## gist:3317fedf3703f3e4048e423c2faad7d7
#Requires -PSEdition Core

[CmdletBinding()]
param (
    [Parameter(Mandatory = $false, HelpMessage = "Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER or './Definitions'.")]
    [string]$definitionsRootFolder,

    [Parameter(Mandatory = $false, HelpMessage = "Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER or './Outputs'.")]
    [string] $outputFolder,

## gist:fe51681a45703dde523f46f95f9f7638
# Microsoft Cloud Security Benchmark

Auto-generated Policy effect documentation across environments 'Production' sorted by Policy category and Policy display name.

## Table of contents

- [Environments](#environments)
- [Policy effects across environments](#policy-effects-across-environment)

## <a id="environments"></a>Environments

## Confirm-ObjectValueEqualityDeep.ps1
#Requires -PSEdition Core

function Confirm-ObjectValueEqualityDeep {
    [CmdletBinding()]
    param(
        $existingObj,
        $definedObj
    )

    if ($definedObj -eq $existingObj) {

## Build-DefinitionsFolders.ps1
#Requires -PSEdition Core

[CmdletBinding()]
param (
    [parameter(Mandatory = $false, HelpMessage = "Defines which Policy as Code (PAC) environment we are using, if omitted, the script prompts for a value. The values are read from `$DefinitionsRootFolder/global-settings.jsonc.", Position = 0)]
    [string] $PacEnvironmentSelector,

    [Parameter(Mandatory = $false, HelpMessage = "Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER or './Definitions'.")]
    [string]$definitionsRootFolder,

## gist:f2c1a39d7943f3a80f745e192587307f
securityresources
| where type == "microsoft.security/assessments"
| where * contains "Machines should have vulnerability findings resolved"
| summarize by assessmentKey=name //the ID of the assessment
| join kind=inner (
    securityresources
    | where type == "microsoft.security/assessments/subassessments"
    | extend assessmentKey = extract(".*assessments/(.+?)/.*",1,  id)
) on assessmentKey
| project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId

## WAF Cost Workbook
{
  "version": "Notebook/1.0",
  "items": [
    {
      "type": 1,
      "content": {
        "json": "## Azure WAF Cost Assessment Workbook\r\n### Change Log\r\n\r\n|Version|Date|Description|\r\n|---|---|---|\r\n|v1.1.1| 20/09/2021 | Initial Release\r\n|v1.1.2| 25/09/2021 | Sort resource groups and tags filter alphabetically\r\n|v1.1.3| 03/10/2021 |-Added export button to applicable queries<br>-Remove developer and express from SQL VMs query<br>-Fixed typo in overview tab notes<br>-Linux AHUB-filter RedHat and Suse only<br>-Added changelog\r\n|v1.1.4| 20/10/2021 | -Fixed bug in performance tab NIC drop down <br>-Added subscription filter to performance tab<br>-Added TimeRange parameter<br>-Added search filter field for the Resources tagged tile in the ResourceDetails group under Performance tab<br>-Fixed issue in VMs performance query<br>Simplified WebApps and AKS queries to avoid throttling\r\n|v1.1.5| 01/11/2021 | -Fixed Tag filter parameters to avoid empty tags in queries <br> -Fixed tag queries for perfo

## t.ps1
$subject = "/subscriptions//resourceGroups/ea-arc/providers/Microsoft.Network/networkSecurityGroups/tst_nsg/securityRules/AllowAnyCustom8080Inbound"
function Test-IPRange {
    Param($IPRange, $AllowedIP)
    $passCount = 0
    foreach ($range in $IPRange) {
        if ($range -match "/") {

        }
        elseif ($range -eq $AllowedIP) {
            $passCount ++

## nsg-eventgrid.json
{
    "name": "2d9de0b5-8e26-40ae-92e5-c06f41f8167a",
    "properties": {
        "displayName": "Deploy NSG Event Grid",
        "policyType": "Custom",
        "mode": "All",
        "metadata": {
            "category": "Monitoring"
        },
        "parameters": {

## Event grid policy
{
    "properties": {
        "name": "AE-EnforceEventGrid",
        "displayName": "AE - Enforce Event Grid",
        "description": "Enforces an Event Grid Topic & Subscription on the AE storage accounts where NSG Logs are pushed with the Azure function as the subscription's endpoint.",
        "policyType": "Custom",
        "mode": "All",
        "parameters": {
            "functionId": {
                "type": "String"

## Resize.kusto
advisorresources
| where type == "microsoft.advisor/recommendations"
| where tostring (properties.category) has "Cost"
| where properties.impactedField has "Compute" or properties.impactedField has "Container" or properties.impactedField has "Web"
| project AffectedResource=tostring(properties.resourceMetadata.resourceId),Impact=properties.impact,resourceGroup,AdditionaInfo=properties.extendedProperties,subscriptionId,Recommendation=tostring(properties.shortDescription.problem)
| extend annualSavingsAmount = AdditionaInfo.annualSavingsAmount
| extend currentSku = AdditionaInfo.currentSku
| extend targetSku = AdditionaInfo.targetSku
| extend vmName = split(AffectedResource,"/")[-1]
| project-away Recommendation, AdditionaInfo, subscriptionId,AffectedResource
	#Requires -PSEdition Core

	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $false, HelpMessage = "Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER or './Definitions'.")]
	[string]$definitionsRootFolder,

	[Parameter(Mandatory = $false, HelpMessage = "Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER or './Outputs'.")]
	[string] $outputFolder,
	# Microsoft Cloud Security Benchmark

	Auto-generated Policy effect documentation across environments 'Production' sorted by Policy category and Policy display name.

	## Table of contents

	- [Environments](#environments)
	- [Policy effects across environments](#policy-effects-across-environment)

	## <a id="environments"></a>Environments
	#Requires -PSEdition Core

	function Confirm-ObjectValueEqualityDeep {
	[CmdletBinding()]
	param(
	$existingObj,
	$definedObj
	)

	if ($definedObj -eq $existingObj) {
	securityresources
	\| where type == "microsoft.security/assessments"
	\| where * contains "Machines should have vulnerability findings resolved"
	\| summarize by assessmentKey=name //the ID of the assessment
	\| join kind=inner (
	securityresources
	\| where type == "microsoft.security/assessments/subassessments"
	\| extend assessmentKey = extract(".assessments/(.+?)/.",1, id)
	) on assessmentKey
	\| project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId
	{
	"version": "Notebook/1.0",
	"items": [
	{
	"type": 1,
	"content": {
	"json": "## Azure WAF Cost Assessment Workbook\r\n### Change Log\r\n\r\n\|Version\|Date\|Description\|\r\n\|---\|---\|---\|\r\n\|v1.1.1\| 20/09/2021 \| Initial Release\r\n\|v1.1.2\| 25/09/2021 \| Sort resource groups and tags filter alphabetically\r\n\|v1.1.3\| 03/10/2021 \|-Added export button to applicable queries<br>-Remove developer and express from SQL VMs query<br>-Fixed typo in overview tab notes<br>-Linux AHUB-filter RedHat and Suse only<br>-Added changelog\r\n\|v1.1.4\| 20/10/2021 \| -Fixed bug in performance tab NIC drop down <br>-Added subscription filter to performance tab<br>-Added TimeRange parameter<br>-Added search filter field for the Resources tagged tile in the ResourceDetails group under Performance tab<br>-Fixed issue in VMs performance query<br>Simplified WebApps and AKS queries to avoid throttling\r\n\|v1.1.5\| 01/11/2021 \| -Fixed Tag filter parameters to avoid empty tags in queries <br> -Fixed tag queries for perfo
	$subject = "/subscriptions//resourceGroups/ea-arc/providers/Microsoft.Network/networkSecurityGroups/tst_nsg/securityRules/AllowAnyCustom8080Inbound"
	function Test-IPRange {
	Param($IPRange, $AllowedIP)
	$passCount = 0
	foreach ($range in $IPRange) {
	if ($range -match "/") {

	}
	elseif ($range -eq $AllowedIP) {
	$passCount ++
	{
	"name": "2d9de0b5-8e26-40ae-92e5-c06f41f8167a",
	"properties": {
	"displayName": "Deploy NSG Event Grid",
	"policyType": "Custom",
	"mode": "All",
	"metadata": {
	"category": "Monitoring"
	},
	"parameters": {
	{
	"properties": {
	"name": "AE-EnforceEventGrid",
	"displayName": "AE - Enforce Event Grid",
	"description": "Enforces an Event Grid Topic & Subscription on the AE storage accounts where NSG Logs are pushed with the Azure function as the subscription's endpoint.",
	"policyType": "Custom",
	"mode": "All",
	"parameters": {
	"functionId": {
	"type": "String"
	advisorresources
	\| where type == "microsoft.advisor/recommendations"
	\| where tostring (properties.category) has "Cost"
	\| where properties.impactedField has "Compute" or properties.impactedField has "Container" or properties.impactedField has "Web"
	\| project AffectedResource=tostring(properties.resourceMetadata.resourceId),Impact=properties.impact,resourceGroup,AdditionaInfo=properties.extendedProperties,subscriptionId,Recommendation=tostring(properties.shortDescription.problem)
	\| extend annualSavingsAmount = AdditionaInfo.annualSavingsAmount
	\| extend currentSku = AdditionaInfo.currentSku
	\| extend targetSku = AdditionaInfo.targetSku
	\| extend vmName = split(AffectedResource,"/")[-1]
	\| project-away Recommendation, AdditionaInfo, subscriptionId,AffectedResource