| Name | Deploy Linux Diagnostic Agent to Collect Security Related Events Community-Policy GitHub |
||||||||||||||||||||||||||||||
| Id | monitoring_deploy-linux-diagnostic-agent-to-collect-security-related-events | ||||||||||||||||||||||||||||||
| Version | n/a details on versioning |
||||||||||||||||||||||||||||||
| Category | undefined Microsoft docs |
||||||||||||||||||||||||||||||
| Description | This Policy will Deploy the Linux Diagnostic Agent and collect the following Logs: Syslog, Auth, AuthPriv; All logs are configured to collect informational detail. Additionaly, to account for VMs provisioned from custom images where the image SKU is blank this Policy is keyed to look for the storageProfile.osDisk.osType property of a VM. This property does not exist at provisioning time, but is populated by the VM agent after provisioining, and so will not trigger an automatic remediation task to be created. You will need to create a remediation task manually or build automation (using Event Grid and a Logic App as an example) to create the remediation tasks on your behalf. | ||||||||||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||||||||||
| Type | Custom Community | ||||||||||||||||||||||||||||||
| Effect | Fixed deployIfNotExists |
||||||||||||||||||||||||||||||
| Used RBAC Role |
|
||||||||||||||||||||||||||||||
| Rule Aliases | IF (1)
|
||||||||||||||||||||||||||||||
| Rule ResourceTypes | IF (1) Microsoft.Compute/virtualMachines THEN-Deployment (1) Microsoft.Compute/virtualMachines/extensions |
||||||||||||||||||||||||||||||
| JSON |
|