github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/monitor/capture_all_regions.go (about) 1 package monitor 2 3 import ( 4 "fmt" 5 "strings" 6 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/khulnasoft-lab/defsec/internal/rules" 14 15 "github.com/khulnasoft-lab/defsec/pkg/providers" 16 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/monitor" 17 ) 18 19 var CheckCaptureAllRegions = rules.Register( 20 scan.Rule{ 21 AVDID: "AVD-AZU-0032", 22 Provider: providers.AzureProvider, 23 Service: "monitor", 24 ShortCode: "capture-all-regions", 25 Summary: "Ensure activitys are captured for all locations", 26 Impact: "Activity may be occurring in locations that aren't being monitored", 27 Resolution: "Enable capture for all locations", 28 Explanation: `Log profiles should capture all regions to ensure that all events are logged`, 29 Links: []string{ 30 "https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create-required-parameters", 31 }, 32 Terraform: &scan.EngineMetadata{ 33 GoodExamples: terraformCaptureAllRegionsGoodExamples, 34 BadExamples: terraformCaptureAllRegionsBadExamples, 35 Links: terraformCaptureAllRegionsLinks, 36 RemediationMarkdown: terraformCaptureAllRegionsRemediationMarkdown, 37 }, 38 Severity: severity.Medium, 39 }, 40 func(s *state.State) (results scan.Results) { 41 for _, profile := range s.Azure.Monitor.LogProfiles { 42 if missing := findMissingRegions(profile); len(missing) > 0 { 43 details := fmt.Sprintf("%d regions missing", len(missing)) 44 if len(missing) < 10 { 45 details = fmt.Sprintf("missing: %s", strings.Join(missing, ", ")) 46 } 47 results.Add( 48 fmt.Sprintf("Log profile does not log to all regions (%s).", details), 49 &profile, 50 ) 51 } else { 52 results.AddPassed(&profile) 53 } 54 } 55 return 56 }, 57 ) 58 59 func findMissingRegions(profile monitor.LogProfile) []string { 60 var missing []string 61 for _, location := range locations { 62 var found bool 63 for _, loc := range profile.Locations { 64 if loc.EqualTo(location) { 65 found = true 66 break 67 } 68 } 69 if !found { 70 missing = append(missing, location) 71 } 72 } 73 return missing 74 } 75 76 var locations = []string{ 77 "eastus", 78 "eastus2", 79 "southcentralus", 80 "westus2", 81 "westus3", 82 "australiaeast", 83 "southeastasia", 84 "northeurope", 85 "swedencentral", 86 "uksouth", 87 "westeurope", 88 "centralus", 89 "northcentralus", 90 "westus", 91 "southafricanorth", 92 "centralindia", 93 "eastasia", 94 "japaneast", 95 "jioindiawest", 96 "koreacentral", 97 "canadacentral", 98 "francecentral", 99 "germanywestcentral", 100 "norwayeast", 101 "switzerlandnorth", 102 "uaenorth", 103 "brazilsouth", 104 "centralusstage", 105 "eastusstage", 106 "eastus2stage", 107 "northcentralusstage", 108 "southcentralusstage", 109 "westusstage", 110 "westus2stage", 111 "asia", 112 "asiapacific", 113 "australia", 114 "brazil", 115 "canada", 116 "europe", 117 "global", 118 "india", 119 "japan", 120 "uk", 121 "unitedstates", 122 "eastasiastage", 123 "southeastasiastage", 124 "centraluseuap", 125 "eastus2euap", 126 "westcentralus", 127 "southafricawest", 128 "australiacentral", 129 "australiacentral2", 130 "australiasoutheast", 131 "japanwest", 132 "jioindiacentral", 133 "koreasouth", 134 "southindia", 135 "westindia", 136 "canadaeast", 137 "francesouth", 138 "germanynorth", 139 "norwaywest", 140 "swedensouth", 141 "switzerlandwest", 142 "ukwest", 143 "uaecentral", 144 "brazilsoutheast", 145 }