| Name | Deploy Windows Diagnostic Agent to Collect Security Related Events Community-Policy GitHub |
||||||||||||||||||||||||||||||
| Id | monitoring_deploy-windows-diagnostic-agent-to-collect-security-related-events | ||||||||||||||||||||||||||||||
| Version | n/a details on versioning |
||||||||||||||||||||||||||||||
| Category | undefined Microsoft docs |
||||||||||||||||||||||||||||||
| Description | This Policy will Deploy the Windows Diagnostic Agent and collect the following Security events: Audit success, Audit failure; and the following System events: Critical, Error, Warning. Additionaly, to account for VMs provisioned from custom images where the image SKU is blank this Policy is keyed to look for the storageProfile.osDisk.osType property of a VM. This property does not exist at provisioning time, but is populated by the VM agent after provisioining, and so will not trigger an automatic remediation task to be created. You will need to create a remediation task manually or build automation (using Event Grid and a Logic App as an example) to create the remediation tasks on your behalf. | ||||||||||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||||||||||
| Type | Custom Community | ||||||||||||||||||||||||||||||
| Effect | Fixed deployIfNotExists |
||||||||||||||||||||||||||||||
| Used RBAC Role |
|
||||||||||||||||||||||||||||||
| Rule Aliases | IF (1)
|
||||||||||||||||||||||||||||||
| Rule ResourceTypes | IF (1) Microsoft.Compute/virtualMachines THEN-Deployment (1) Microsoft.Compute/virtualMachines/extensions |
||||||||||||||||||||||||||||||
| JSON |
|