diff --git a/config/_default/hugo.toml b/config/_default/hugo.toml index 851ad47b1..9e8a2eed1 100644 --- a/config/_default/hugo.toml +++ b/config/_default/hugo.toml @@ -66,6 +66,8 @@ enableRobotsTXT = true ambaDevMode = false + ambaTelemetryPid = "pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d" + # (Optional, default 6) Set how many table of contents levels to be showed on page. # Use false to hide ToC, note that 0 will default to 6 (https://gohugo.io/functions/default/) # You can also specify this parameter per page in front matter. diff --git a/config/test/hugo.toml b/config/test/hugo.toml index 9e2456e36..99ef8770d 100644 --- a/config/test/hugo.toml +++ b/config/test/hugo.toml @@ -66,6 +66,8 @@ enableRobotsTXT = true ambaDevMode = true + ambaTelemetryPid = "pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d" + # (Optional, default 6) Set how many table of contents levels to be showed on page. # Use false to hide ToC, note that 0 will default to 6 (https://gohugo.io/functions/default/) # You can also specify this parameter per page in front matter. diff --git a/docs/content/contributing/_index.md b/docs/content/contributing/_index.md index cb3f2ba78..b12cd8edc 100644 --- a/docs/content/contributing/_index.md +++ b/docs/content/contributing/_index.md @@ -34,17 +34,17 @@ The example folder structure below highlights all of the key assets that define └── Deploy-VM-DataDiskReadLatency-Alert.json ``` -**patterns:** *This folder contains assets for pattern/scenario specific guidance that leverages the baseline alerts in this repo. This contribute does not cover contributions to the patterns/services section. There will be specific guides within each pattern/service section.* +**patterns:** *This folder contains assets for pattern/scenario specific guidance that leverages the baseline alerts in this repo. This guide does not cover contributions to the patterns/scenarios section. There will be specific guides within each pattern/scenarios section.* -**services:** *This folder contains the baseline alert definitions, guidance, and example deployment scripts. It is grouped by resource category (e.g. Compute), and then by resource type (e.g. virtualMachines).* +**services:** *This folder contains the baseline alert definitions, guidance, and example deployment scripts. It is grouped by resource provider (e.g. Compute), and then by resource type (e.g. virtualMachines).* {{< hint type=note >}} -You may need to add new resource category and/or resource type folders as you define new baseline alerts. These folders are case-sensitive and follow the naming conventions defined by the [Azure Resource Reference](https://learn.microsoft.com/azure/templates/) documentation. For example: Alert guidance for Microsoft.Compute/virtualMachines would go under 'services/Compute/virtualMachines' +You may need to add new resource provider and/or resource type folders as you define new baseline alerts. These folders are case-sensitive and follow the naming conventions defined by the [Azure Resource Reference](https://learn.microsoft.com/azure/templates/) documentation. For example: Alert guidance for Microsoft.Compute/virtualMachines would go under 'services/Compute/virtualMachines' {{< /hint >}} -**_index.md:** *These files control the menu structure and the content layout for GitHub Pages site. There are only two versions of these files, one for the resource categories, which just controls the friendly name in the menu and title. The other version is at the resource type level and it controls the layout of the GitHub Pages site. As you create new folders, just copy the respective versions and change the title in the metadata section at the top of the file.* +**_index.md:** *These files control the menu structure and the content layout for GitHub Pages site. There are only two versions of these files, one for the resource providers, which just controls the friendly name in the menu and title. The other version is at the resource type level and it controls the layout of the GitHub Pages site. As you create new folders, just copy the respective versions and change the title in the metadata section at the top of the file.* -**alerts.yaml:** *This YAML-based file contains the detailed definition and guidance for the baseline alerts within each resource category/type folder. Below is the general structure of the file.* +**alerts.yaml:** *This YAML-based file contains the detailed definition and guidance for the baseline alerts within each resource provider/type folder. Below is the general structure of the file.* ```yaml - name: @@ -96,7 +96,7 @@ Please note the following settings in the alert definition: ## Auto-Generated Alert Rules -A script was run to automatically generate alert rules based on top usage and settings trends. These rules have been added to their respective *alerts.yaml* files and have two tags associated with them: *auto-generated* and *agc-xxxx*. The *agc-xxxx* tag indicates the number of results found for that alert rule in the query used to analyze the top trends. This number should be used to evaluate the importance of including that alert rule as guidance in the repo. Once an auto-generated alert rule has been verified and updated with reference documentation, the *visible* property should be set to *true*. This will make the alert rule visible on the site. Resource categories and types that do not have visible alerts are currently hidden from the table of contents. To make those resource categories and types visible, edit their respective *_index.md* files and remove the *geekdocHidden: true* metadata from the top of the file. +A script was run to automatically generate alert rules based on top usage and settings trends. These rules have been added to their respective *alerts.yaml* files and have two tags associated with them: *auto-generated* and *agc-xxxx*. The *agc-xxxx* tag indicates the number of results found for that alert rule in the query used to analyze the top trends. This number should be used to evaluate the importance of including that alert rule as guidance in the repo. Once an auto-generated alert rule has been verified and updated with reference documentation, the *visible* property should be set to *true*. This will make the alert rule visible on the site. Resource providers and types that do not have visible alerts are currently hidden from the table of contents. To make those resource providers and types visible, edit their respective *_index.md* files and remove the *geekdocHidden: true* metadata from the top of the file. ## Context/Background @@ -196,4 +196,4 @@ Once you have committed changes to your fork of the AMBA repo, you create a pull 1. Sometimes the local version of the website may show some inconsistencies that don't reflect the content you have created. - - If this happens, kill the Hugo local web server by pressing CTRL+C and then restart the Hugo web server by running `hugo server -D` from the root of the repo. +- If this happens, kill the Hugo local web server by pressing CTRL+C and then restart the Hugo web server by running `hugo server -D` from the root of the repo. diff --git a/docs/content/patterns/alz/Alerts-Details.md b/docs/content/patterns/alz/Alerts-Details.md index 1c9d24e30..a154ecdaf 100644 --- a/docs/content/patterns/alz/Alerts-Details.md +++ b/docs/content/patterns/alz/Alerts-Details.md @@ -8,7 +8,7 @@ Specific alerts for ALZ can be downloaded by clicking on the Download icon (high ![Alert-Details Download icon](../media/AlertDetailsDownloadReference.png) -The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the [Policy-Initiatives](docs/content/patterns/alz/Policy-Initiatives.md) page. +The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the [Policy-Initiatives](../Policy-Initiatives) page. The resources, metric alerts and their settings provide you with a starting point to help you address the following monitoring questions: "What should we monitor in Azure?" and "What alert settings should we use?" While they are opinionated settings and they are meant to cover the most common Azure Landing Zone components, we encourage you to adjust these settings to suit your monitoring needs based on how you're using Azure. @@ -29,7 +29,7 @@ We have tried to make it so that the table doesn't require a lot of side to side {{< alzMetricAlerts >}} -1 See "Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?" in the [FAQ](FAQ.md) for more details. +1 See "Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?" in the [FAQ](../FAQ) for more details. ## Azure Landing Zone Activity Log Alerts diff --git a/docs/content/patterns/alz/Disabling-Policies.md b/docs/content/patterns/alz/Disabling-Policies.md index 2590fafd4..0f8730cdb 100644 --- a/docs/content/patterns/alz/Disabling-Policies.md +++ b/docs/content/patterns/alz/Disabling-Policies.md @@ -4,19 +4,23 @@ geekdocCollapseSection: true weight: 60 --- -The policies in AMBA provide multiple methods to enable or disable the effects of the policy. +The policies in AMBA provide multiple methods to enable or disable the effects of the policy. + 1. **Parameter: AlertState** - Determines the state of the alert rule. This either deploys an alert rule in a disabled state, or disables an already deployed alert rule at scale trough policy. -1. **Parameter: PolicyEffect** - Determines the effect of a Policy Definition, allowing a Policy to be deployed in a disabled state. -1. **Tag: MonitorDisable** - A tag that determines whether the resource should be evaluated. Allows you to exclude selected resources from monitoring. +2. **Parameter: PolicyEffect** - Determines the effect of a Policy Definition, allowing a Policy to be deployed in a disabled state. +3. **Tag: MonitorDisable** - A tag that determines whether the resource should be evaluated. Allows you to exclude selected resources from monitoring. ## AlertState parameter -Recognizing that it is not always possible to test alerts in a dev/test environment, we have introduced the AlertState parameter for all metric alerts (in the initiatives and the example parameter file the parameter is named combining {resourceType}, {metricName} and AlertState, for example VnetGwTunnelIngressAlertState). This is to address a scenario where an alert storm occurs and it is necessary to disable one or more alerts deployed via policies through a controlled process. This could be considered for a roll-back process as part of a change request. + +Recognizing that it is not always possible to test alerts in a dev/test environment, we have introduced the AlertState parameter for all metric alerts (in the initiatives and the example parameter file the parameter is named combining {resourceType}, {metricName} and AlertState, for example VnetGwTunnelIngressAlertState). This is to address a scenario where an alert storm occurs and it is necessary to disable one or more alerts deployed via policies through a controlled process. This could be considered for a roll-back process as part of a change request. ### Allowed values + - "true" - Alert rule will be enabled. (Default) - "false" - Alert rule will be disabled. ### How it works + The AlertState parameter is used for both compliance evaluation and configuration of the state of the alert rule. The value of the **AlertState** parameter is passed on to the **enabled** parameter which is part of the existenceCondition of the Policy. ```json @@ -55,14 +59,17 @@ These are the high-level steps that would need to take place: Note that the above approach will not delete the alerts objects in Azure, merely disable them. To delete the alerts you will have to do so manually. Also note that while you can engage the PolicyEffect to avoid deploying new alerts, you should not do so until you have successfully remediated the above. Otherwise the policy will be disabled, and you will not be able to turn alerts off via policy until that is changed back. ## PolicyEffect parameter + In general, we evaluate the alert rules on best practices, field experience, customer feedback, type of alert and possible impact. There are situations where disabling the policy makes sense to prevent receiving unnecessary and/ or duplicate alerts/ notifications. For example we deploy an alert rule for VPN Gateway Bandwidth Utilization, in turn we have disabled the alert rules for VPN Gateway Egress and Ingress. The default is intended to provide a well balanced baseline. However you may want to Enable or Disable the creation of certain Alert rules to meet your needs. ### Allowed values + - "deployIfNotExists" - Policy will deploy the alert rule if the conditions are met. (Default for most Policies) - "disabled" - The policy itself will be created but will not create the corresponding Alert rule. ### How it works + The PolicyEffect parameter is used for the configuration of the effect of the PolicyDefinition (in the initiatives and the example parameter file the parameter is named combining {resourceType}, {metricName} and PolicyEffect, for example ERCIRQoSDropBitsinPerSecPolicyEffect) . The value of the **PolicyEffect** parameter is passed on to the **effect** parameter which configures the effect of the Policy. ```json @@ -84,9 +91,11 @@ The PolicyEffect parameter is used for the configuration of the effect of the Po ``` ## MonitorDisable parameter + It´s also possible to exclude certain resources from being monitored. You may not want to monitor pre-production or dev environments. The MonitorDisable parameter contains the Tag name to determine whether a resource should be included. By default, creating the tag MonitorDisable with value "true" will prevent deployment of alert rules on those resources. This is easily adjusted to use existing tags, for example you could configure the parameter with the tag name "Environment" and tell it to deploy only if the tag value equals "prod", or when the tag isnt equal to "dev". Currently only the tag name is a parameter, other changes require minor changes in the code. ### How it works + The policyRule only continues if "allOff" is true. Meaning, the deployment will continue as long as the MonitorDisable tag doesn't exist or doesn't hold the value "true". When the tag holds "true", the "allOff" will return "false" as "notEquals": "true" is no longer satisfied, causing the deployment to stop ```json @@ -103,4 +112,4 @@ The policyRule only continues if "allOff" is true. Meaning, the deployment will } ] } -``` \ No newline at end of file +``` diff --git a/docs/content/patterns/alz/Known-Issues.md b/docs/content/patterns/alz/Known-Issues.md index 23a6c536b..4b8dfb6ff 100644 --- a/docs/content/patterns/alz/Known-Issues.md +++ b/docs/content/patterns/alz/Known-Issues.md @@ -16,11 +16,11 @@ The underlying data is not present in the Log Analytics table. ### Resolution -For VM Alerts please enable [VM Insights](Monitoring-and-Alerting#log-alerts). +For VM Alerts, enable [VM Insights](../Monitoring-and-Alerting#log-alerts). -## Failed to deploy because of role assignemnt issue +## Failed to deploy because of role assignment issue -Deployment of AMBA fails when there are orphaned role assignements. +Deployment of AMBA fails when there are orphaned role assignments. ### Error includes @@ -31,7 +31,7 @@ Deployment of AMBA fails when there are orphaned role assignements. ### Cause -When a role or a role assignement is removed, some orphaned object can still appear, preventing a successful deployment. +When a role or a role assignment is removed, some orphaned object can still appear, preventing a successful deployment. ### Resolution @@ -48,10 +48,10 @@ When a role or a role assignement is removed, some orphaned object can still app ### Cause -A deployment has been performed using one region, for example "uksouth", and when you try to deploy again to the same scope but to a different region you will receive an error. This happens even when a cleanup has been performed (see [Cleaning up a Deployment](../Cleaning-up-a-Deployment) for more details). This is because deployment entries still exists from the previous operation, so a region conflict is detected blocking you to run another deployment using a different region. +A deployment has been performed using one region, for example "uksouth", and when you try to deploy again to the same scope but to a different region you will receive an error. This happens even when a cleanup has been performed (see [Cleaning up a Deployment](../Cleaning-up-a-Deployment) for more details). This is because deployment entries still exist from the previous operation, so a region conflict is detected blocking you to run another deployment using a different region. ### Resolution -Situation 1: You are trying to deploy to a different region in addition to a previous deployment. Deploying to the same scope in a different region is not necessary. The definitions and assignments are scoped to a management group and are not region specific. No action is required. +Situation 1: You are trying to deploy to a region different from the one used in previous deployment. Deploying to the same scope in a different region is not necessary. The definitions and assignments are scoped to a management group and are not region-specific. No action is required. Situation 2: You cleaned up a previous implementation and want to deploy again to a different region. To resolve this issue, follow the steps below: @@ -61,7 +61,7 @@ Situation 2: You cleaned up a previous implementation and want to deploy again t 4. Select all the deployment instances related to AMBA and click ***Delete***. {{< hint type=Note >}} -To recognize the deployment names belonging to AMBA, select those whose names start with: +To recognize the deployment names belonging to AMBA, select those deployments whose names start with: 1. amba- 2. pid- @@ -76,7 +76,7 @@ If you deployed AMBA just one time, you have 14 deployment instances ### Error includes -*Error: Code=MultipleErrorsOccurred; Message=Multiple error occurred: Conflict,Conflict,Conflict,Conflict,Conflict,Conflict.* +*Error: Code=MultipleErrorsOccurred; Message=Multiple errors occurred: Conflict,Conflict,Conflict,Conflict,Conflict,Conflict.* ### Cause @@ -88,10 +88,10 @@ To resolve this issue, follow the steps below: 1. Navigate to ***Management Groups*** 2. Select the management group (corresponding to the value entered for the *enterpriseScaleCompanyPrefix* during the deployment) were AMBA deployment was targeted to 3. Click ***Deployment*** -4. Select all the deployments that could be deleted (example: instances of previous depoloyment related to AMBA) and click ***Delete***. +4. Select all the deployments that could be deleted (example: instances of previous deployment related to AMBA) and click ***Delete***. {{< hint type=Note >}} -To recognize the deployment names belonging to AMBA, select those whose names start with: +To recognize the deployment names belonging to AMBA, select those deployments whose names start with: 1. amba- 2. pid- diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 88aaf5a0c..30a398ec6 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -122,4 +122,13 @@ This initiative is intended for assignment of policies relevant to service healt | Deploy_activitylog_ServiceHealth_HealthAdvisory | [deploy-activitylog-ServiceHealth-Health.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json) | deployIfNotExists | | Deploy_activitylog_ServiceHealth_Incident | [deploy-activitylog-ServiceHealth-Incident.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json) | deployIfNotExists | | Deploy_activitylog_ServiceHealth_Maintenance | [deploy-activitylog-ServiceHealth-Maintenance.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json) | deployIfNotExists | -| Deploy_AlertProcessing_Rule | [deploy-alertprocessingrule-deploy.json](../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json) | deployIfNotExists | +| Deploy_ServiceHealth_ActionGroups | [deploy-ServiceHealth-ActionGroups.json](../../../services/Resources/subscriptions/Deploy-ServiceHealth-ActionGroups.json) | deployIfNotExists | + +## Notification Assets initiative + +This initiative is intended for assignment of policies relevant to notification in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table. + +| **Policy Display Name** | **Reference ID** | **Path to policy json file** | **Policy default effect** | +|----------|----------|----------|----------| +| Deploy AMBA Notification Assets | ALZ_AlertProcessing_Rule | [deploy-AlertProcessingRule-deploy.json](../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json) | deployIfNotExists | +| Deploy AMBA Notification Suppression Asset | ALZ_Suppression_AlertProcessing_Rule | [deploy-AlertProcessingRule-Suppression.json](../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Suppression.json) | deployIfNotExists | diff --git a/docs/content/patterns/alz/Temporarily-disabling-notifications.md b/docs/content/patterns/alz/Temporarily-disabling-notifications.md new file mode 100644 index 000000000..4b8aa6883 --- /dev/null +++ b/docs/content/patterns/alz/Temporarily-disabling-notifications.md @@ -0,0 +1,52 @@ +--- +title: Temporarily disabling notifications +geekdocCollapseSection: true +weight: 65 +--- + +Azure Monitor alerts targeted to a large scope allow for at scale coverage, but reduce the flexibility to disable them for specific resources. There might be several reason to stop the notification of alerts. For instance, customers could have resources that are stopped or disabled due to maintenance or just want to stop the notification during the night shift. To allow this kind of flexibility, as part of the Notification Assets policy initiative, AMBA provides you with an asset to stop the notification for specific resources. + +This asset is made of an alert processing rule (also known as APR) with the following characteristics: + +- deployed as disabled +- scoped at the subscription level +- suppression rule type +- scheduled to run always + +This APR needs to be configured with the resource ID of the resource(s) for which you want to stop notifications and then enabled every time you need it. + +Once the resource is out of the maintenance period or when you don't need the suppression rule anymore, ***remember*** to remove the resources and disable the rule. + +To know more about how to suppress notifications, see [Suppress notifications during planned maintenance](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#suppress-notifications-during-planned-maintenance) + +To configure the APR, do the following: + +1. In **Monitor --> Alerts**, click on **Alert processing rules** + + ![Monitor/Alerts/Alert processing rule](../media/AlertProcessingRules.png) + +2. Click on the ARP named ***apr-AMBA-subscription display name-002*** with rule type **Suppression** + + ![Suppression aler processing rule](../media/SuppressionAlertProcessingRule.png) + +3. Click on ***Edit*** + + ![Edit alert processing rule](../media/Edit-AlertProcessingRule.png) + +4. In the **Scope** tab, under the filter section, configure the following: + + - Filters: ***Resource*** + - Operator: ***Equals*** + - Value: **Enter the resource Id of resources separated by comma with no spaces before, after or between the strings.** + + ![Configure filter](../media/Filter-AlertProcessingRule.png) + + {{< hint type=Important >}} + Each filter can include up to **five** values. Should you need more than **5** resources, add more lines of filter. + {{< /hint >}} + +5. Click on ***Review + save*** and then ***Save*** + +{{< hint type=Note >}} + It is possible to apply other types of filter. For a complete list of allowed scopes and filters, refer to the official [Scope and filters for alert processing rules](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules?tabs=portal#scope-and-filters-for-alert-processing-rules) documentation. + {{< /hint >}} diff --git a/docs/content/patterns/alz/Whats-New.md b/docs/content/patterns/alz/Whats-New.md index 5023a4fd8..a4e555fa7 100644 --- a/docs/content/patterns/alz/Whats-New.md +++ b/docs/content/patterns/alz/Whats-New.md @@ -6,26 +6,54 @@ weight: 10 For information on what's new please refer to the [Releases](https://github.com/Azure/azure-monitor-baseline-alerts/releases) page. -To update your current deployment with the content from the latest release, please refer to the [Update to new release](../Update-to-new-Release) page. +To update your current deployment with the content from the latest release, please refer to the [Update to new releases](../UpdateToNewReleases) page. + +## 2024-03-01 + +### New features + +- The action group has been enhanced to allow more choices for notifications and actions + - Email Azure Resource Manager Role + - Azure Function + - Event Hubs + - Logic App + - Webhook +- The service health initiative no longer includes the deployment of the Alert Processing Rule policy. Service Health now has its own Action Group. +- Added the [Notification Assets](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json) initiative, which deploys the Alert Processing Rule and the Action Group used by the Connectivity, Identity, Management and Landing zone initiatives. +- New policy for Policy for Storage Account Deletion. [Issue #76](https://github.com/Azure/azure-monitor-baseline-alerts/issues/76) +- Updating the remediation script to allow for a better experience while remediating the new action group for Service Health + +### Bug fixes + +- Fixed: unable to deploy via pipeline using ubuntu-latest. [Issue #64](https://github.com/Azure/azure-monitor-baseline-alerts/issues/64) +- Fixed the PIP VIP alert existence condition to only check for standard SKU. [Issue #80](https://github.com/Azure/azure-monitor-baseline-alerts/issues/80) + +### Documentation updates + +- Updated [Deploy with GitHub Actions](../deploy/Deploy-with-GitHub-Actions) addressing [Issue #102](https://github.com/Azure/azure-monitor-baseline-alerts/issues/102) +- Updated guidance for AMA in [Monitoring and Alerting](../Monitoring-and-Alerting) documentation ## 2023-11-14 + ### New features + - The Service Health Policy Set Definition now includes parameters to set the Policy Effect. With this you can choose which Server Health alert rules are deployed. Note that the default value for the parameters is "deployIfNotExists". The parameter file has been updated. - Added alert rules in the Landing Zone Policy Set Definition. - - Front door (Microsoft.Cdn/profiles) - - Front door classic (Microsoft.Network/frontdoors) - - Traffic Manager (Microsoft.Network/trafficmanagerprofiles) - - App Service (Microsoft.Web/serverfarms) + - Front door (Microsoft.Cdn/profiles) + - Front door classic (Microsoft.Network/frontdoors) + - Traffic Manager (Microsoft.Network/trafficmanagerprofiles) + - App Service (Microsoft.Web/serverfarms) ### Bug fixes + - Update path in sample-workflow [Issue #30](https://github.com/Azure/azure-monitor-baseline-alerts/issues/30) - Update sample commands in Start-AMBARemediation.ps1 [Pull #49](https://github.com/Azure/azure-monitor-baseline-alerts/pull/49) - Fixes to Role Assignment cleanup, cleanup script [Issue #42](https://github.com/Azure/azure-monitor-baseline-alerts/issues/42) - Fixed VSCode template validation error [Issue #43](https://github.com/Azure/azure-monitor-baseline-alerts/issues/43) ### Documentation updates + - How to modify individual policies - [How to modify individual policies](../deploy/Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies) - Added guidance to only Server Health alert rules - [Deploy only Service Health Alerts](../deploy/Deploy-only-Service-Health-Alerts) -- New documentation on updating to a new release - [Update to a new release](../Update-to-new-Release) +- New documentation on updating to a new release - [Update to new releases](../UpdateToNewReleases) - FAQ Updates - [Frequently Asked Questions](../FAQ) - diff --git a/docs/content/patterns/alz/deploy/Remediate-Policies.md b/docs/content/patterns/alz/deploy/Remediate-Policies.md index b67b2a0e6..b48a30a6e 100644 --- a/docs/content/patterns/alz/deploy/Remediate-Policies.md +++ b/docs/content/patterns/alz/deploy/Remediate-Policies.md @@ -55,3 +55,10 @@ $LZManagementGroup="The management group id for Landing Zones" .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Notification-Assets ``` + +Should you need to remediate just one policy definition and not the entire policy initiative, you can run the remediation script targeted at the policy reference id that can be found under [Policy Initiatives](../../Policy-Initiatives). For example, to remediate the ***Deploy AMBA Notification Assets*** policy, run the command below: + +```powershell +#Run the following command to initiate remediation of a single policy definition +.\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName ALZ_AlertProcessing_Rule +``` diff --git a/docs/content/patterns/alz/media/AlertProcessingRules.png b/docs/content/patterns/alz/media/AlertProcessingRules.png new file mode 100644 index 000000000..38d5384ff Binary files /dev/null and b/docs/content/patterns/alz/media/AlertProcessingRules.png differ diff --git a/docs/content/patterns/alz/media/Edit-AlertProcessingRule.png b/docs/content/patterns/alz/media/Edit-AlertProcessingRule.png new file mode 100644 index 000000000..1b9aed2b1 Binary files /dev/null and b/docs/content/patterns/alz/media/Edit-AlertProcessingRule.png differ diff --git a/docs/content/patterns/alz/media/Filter-AlertProcessingRule.png b/docs/content/patterns/alz/media/Filter-AlertProcessingRule.png new file mode 100644 index 000000000..bbe582824 Binary files /dev/null and b/docs/content/patterns/alz/media/Filter-AlertProcessingRule.png differ diff --git a/docs/content/patterns/alz/media/SuppressionAlertProcessingRule.png b/docs/content/patterns/alz/media/SuppressionAlertProcessingRule.png new file mode 100644 index 000000000..2cbaf3ba0 Binary files /dev/null and b/docs/content/patterns/alz/media/SuppressionAlertProcessingRule.png differ diff --git a/docs/content/patterns/specialized/avs/FAQ.md b/docs/content/patterns/specialized/avs/FAQ.md new file mode 100644 index 000000000..1808582ae --- /dev/null +++ b/docs/content/patterns/specialized/avs/FAQ.md @@ -0,0 +1,41 @@ +--- +title: Frequently Asked Questions +geekdocCollapseSection: true +weight: 80 +--- + +> ## Do I need to use the thresholds defined as default values in the metric rule alerts? +> +> It's provided as a starting point, we've based the initial thresholds on what we've seen and what Microsoft's documentation recommends. You will need to adjust the thresholds at some point. +> You will need to observe and if the alert is too chatty, adjust the threshold up; if it's not alerting when there's a problem, adjust the threshold down a bit, (or vice-versa depending on what metric or log error is being used as a monitoring source). Once you have decided upon an appropriate value, if you feel it's fit for more general consumption we would love to hear about it. + +> ## Do I need to use these metrics or can they be replaced with ones more suited to my environment? +> +> The metric rules we've created are based on recommendations from Microsoft documentation and field experience. How you're using Azure resources may also be different so tailor the alerts to suit your needs. The main goal of this project is to help you have a way to do Azure Monitor alerts at scale, create new rules with your own thresholds. We'd love to hear about your new rules too so feel free to share back. + +> ## How much does it cost to run the ALZ Baseline solution? +> +> This depends on numerous factors including how many of the alert rules you choose to deploy into your environment, this combined with how many subscriptions inherit the baseline policies and resources deployed within each subscription that match the policy rules triggering an alert rule and action group deployment influence the cost. +> +> The solution is comprised of alert rules. Each alert rule costs ~0.1$/month1. +> +> - Alert rules are charged based on evaluations. +> - Assuming the alert rule had data to evaluate all throughout the month, it'll cost ~0.1$1. +> - If the rule was only evaluating during parts of the month (e.g. because the monitored resource was down and didn't send telemetry), the customer would pay for the prorated amount of time the rule was performing evaluations. +> - Dynamic Threshold doubles the cost of the alert rule (~0.2$/month in total1) +> - Our solution configures an email address as part of the Action groups deployment (one per subscription) and these are charged at ~2$/month per 1,000 emails1. +> +> **Whilst it is not anticipated that the solution will incur significant costs, it is recommended that you assess costs as part of a deployment to a non-production environment to make sure you are clear on the costs incurred for your deployment** +> +> For costings related to your deployment please visit [Pricing - Azure Monitor](https://azure.microsoft.com/en-us/pricing/details/monitor/) and work with your local Microsoft account team to define a rough order of magnitude (RoM) costings +> +> 1 Depending on the region you deploy to their may be a small difference in the associated cost, the costs provided here are based on prices captured as of April 2023 + +> ## Can I use AMBA without a GitHub repository +> +>

Yes, as long as the ARM templates are publicly accessible. There are several linked templates in this solution which require to be publicly accessible. This is because when the top level ARM template is submitted to Azure Resource Manager, the linked templates are not automatically uploaded and therefore need to pulled in at deploy time from Azure. This means they must be referenced using a URL which can be accessed from Azure (e.g. via a public GitHub repository)

+>

An alternative is to use Template specs. Instead of maintaining your linked templates at an accessible endpoint, you can create a template spec that packages the main template and its linked templates into a single entity you can deploy. The template spec is a resource in your Azure subscription. It makes it easy to securely share the template with users in your organization. You use Azure role-based access control (Azure RBAC) to grant access to the template spec. This feature is currently in preview.

+> +> References: +> - [Template specs](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates?tabs=azure-powershell#template-specs) +> - [ARM Private deployment](https://github.com/Azure/ARM-private-deployment) diff --git a/docs/content/patterns/specialized/avs/Known-Issues.md b/docs/content/patterns/specialized/avs/Known-Issues.md new file mode 100644 index 000000000..f92774493 --- /dev/null +++ b/docs/content/patterns/specialized/avs/Known-Issues.md @@ -0,0 +1,7 @@ +--- +title: Known Issues +geekdocCollapseSection: true +weight: 100 +--- + +## None at this time diff --git a/docs/content/patterns/specialized/avs/_index.md b/docs/content/patterns/specialized/avs/_index.md new file mode 100644 index 000000000..a8cdfb6a5 --- /dev/null +++ b/docs/content/patterns/specialized/avs/_index.md @@ -0,0 +1,77 @@ +--- +title: Azure VMware Solution +geekdocCollapseSection: true +--- + +## Overview + +It is crucial to monitor the resource utilization in order to take timely action. This solution helps in setting up Azure Monitor alerts for Azure VMware Solution Private Cloud. Action owners will receive email notifications if utilization metrics exceeds set threshold. + +**Current Version:** +v1.0.0 (Mar 4, 2024) + +## Alerts Table + +Table below shows the Alerts configured after the deployment. + +| Name | Threshold(s) (Severity) | Signal Type | Frequency | # Alert Rules | +|-----------------------------------|-------------------------|--------------------|-----------------|---------------| +| CPU Usage per Cluster | 80 (2) | EffectiveCpuAverage| Every 5 minutes | 1 | +| CPU Usage per Cluster (Critical) | 95 (0) | EffectiveCpuAverage| Every 5 minutes | 1 | +| Memory Usage per Cluster | 80 (2) | UsageAverage | Every 5 minutes | 1 | +| Memory Usage per Cluster (Critical) | 95 (0) | UsageAverage | Every 5 minutes | 1 | +| Storage Usage per Datastore | 70 (2) | DiskUsedPercentage | Every 5 minutes | 1 | +| Storage Usage per Datastore (Critical) | 75 (0) | DiskUsedPercentage | Every 5 minutes | 1 | +| Service Health Alerts | N/A | ServiceHealth | N/A | 1 | + +## 📣Feedback 📣 + +Once you've had an opportunity to deploy the solution we'd love to hear from you! Click [here](https://aka.ms/alz/monitor/feedback) to leave your feedback. + +If you have encountered a problem please file an issue in our GitHub repo [GitHub Issue](https://github.com/Azure/azure-monitor-baseline-alerts/issues). + +## Deployment Guide + +We have a [Deployment Guide](./deploy/deploy.md) available for guidance on how to consume the contents of this repo. + +## Known Issues + +Please see the [Known Issues](Known-Issues). + +## Frequently Asked Questions + +Please see the [Frequently Asked Questions](../avs/FAQ.md). + +## Contributing + +This project welcomes contributions and suggestions. +Most contributions require you to agree to a Contributor License Agreement (CLA) +declaring that you have the right to, and actually do, grant us the rights to use your contribution. +For details, visit [https://cla.opensource.microsoft.com](https://cla.opensource.microsoft.com). + +When you submit a pull request, a CLA bot will automatically determine whether you need to provide +a CLA and decorate the PR appropriately (e.g., status check, comment). +Simply follow the instructions provided by the bot. +You will only need to do this once across all repos using our CLA. + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or +contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. + +{{< hint type=note >}} +Details on contributing to this repo can be found [here](../../../contributing) +{{< /hint >}} + +## Telemetry + +When you deploy the IP located in this repo, Microsoft can identify the installation of said IP with the deployed Azure resources. Microsoft can correlate these resources used to support the software. Microsoft collects this information to provide the best experiences with their products and to operate their business. The telemetry is collected through customer usage attribution. The data is collected and governed by [Microsoft's privacy policies](https://www.microsoft.com/trustcenter). + +If you don't wish to send usage data to Microsoft, or need to understand more about its' use details can be found [here](./Telemetry). + +## Trademarks + +This project may contain trademarks or logos for projects, products, or services. +Authorized use of Microsoft trademarks or logos is subject to and must follow +[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/legal/intellectualproperty/trademarks/usage/general). +Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. +Any use of third-party trademarks or logos are subject to those third-party's policies. diff --git a/docs/content/patterns/specialized/avs/deploy/deploy.md b/docs/content/patterns/specialized/avs/deploy/deploy.md new file mode 100644 index 000000000..50ad874ff --- /dev/null +++ b/docs/content/patterns/specialized/avs/deploy/deploy.md @@ -0,0 +1,11 @@ +--- +title: Deploying Azure VMware Solution Alerts +geekdocCollapseSection: true +weight: 50 +--- + +## Deployment Guide + +Follow the deployment guide available below. + +[Configure AVS Utilization Alerts](https://github.com/Azure/Enterprise-Scale-for-AVS/tree/well-architected/BrownField/Monitoring/AVS-Utilization-Alerts) diff --git a/docs/content/visualizations/Azure Workbooks/_index.md b/docs/content/visualizations/Azure Workbooks/_index.md index 7c9b9b0dc..0fc444e37 100644 --- a/docs/content/visualizations/Azure Workbooks/_index.md +++ b/docs/content/visualizations/Azure Workbooks/_index.md @@ -4,6 +4,50 @@ geekdocCollapseSection: true --- ## Overview + [Azure Workbooks](https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-overview) provide a flexible canvas for data analysis and the creation of rich visual reports. You can use workbooks to tap into multiple data sources from across Azure and combine them into unified interactive experiences. -## Under Construction +Listed below are some examples of workbooks that you can use to visualize alerts and key metrics from Azure resources. These workbooks templates can be saved to your workbook gallery in Azure. + +You can also find information below on [how to save workbook templates](#import-workbook-templates-quick-start-guide) + +## Azure Monitor Community + +The Azure Monitor Team utilizes [this](https://github.com/microsoft/AzureMonitorCommunity/tree/master/Azure%20Services) github repo to share workbooks for various azure services. Below are some workbooks to highlight alert management and ExpressRoute/network monitoring. + +## [Alert Management Workbook](https://github.com/microsoft/AzureMonitorCommunity/blob/master/Azure%20Services/Azure%20Monitor/Workbooks/Alerts%20Management.workbook) + +A summary of alerts by your filtered subscription. This workbook contains visualizations of alerts triggered by type, serverity and top 5 noisiest objects.![alert management](../../img/alert-management-wb.png) + +## [ExpressRoute Monitoring Workbook](https://github.com/microsoft/AzureMonitorCommunity/blob/master/Azure%20Services/Azure%20Monitor/Workbooks/Azure%20Network%20Monitoring.workbook) + +This workbook addresses a common challenge to effectively visualize the health and availability of ExpressRoute components. This is an interactive workbook that provides comprehensive monitoring and troubleshooting for ExpressRoute, including the monitoring of key metrics such as: ExpressRoute Circuit Status, BGP availablity, total throughput, and more. + +For full details see: + [Monitoring ExpressRoute: A Workbook Solution](https://techcommunity.microsoft.com/t5/azure-observability-blog/monitoring-expressroute-a-workbook-solution/ba-p/4038130). + + ![image3](https://techcommunity.microsoft.com/t5/image/serverpage/image-id/545394i89157D8B217AA777/image-dimensions/2000?v=v2&px=-1) + ![image4](https://techcommunity.microsoft.com/t5/image/serverpage/image-id/545405i13A8ECBF9B370BB4/image-dimensions/2000?v=v2&px=-1) + ![image5](https://techcommunity.microsoft.com/t5/image/serverpage/image-id/545407i490AE5C9D99AECEE/image-dimensions/2000?v=v2&px=-1) + +## Import Workbook Templates: quick start guide + +Want to see these workbooks live in your Azure environment? Follow these steps to add gallery templates to your saved workbooks. + +1. Copy the raw file: + - In the examples above, the titles of the workbooks are hyperlinks to the raw files. From there you can explore other workbooks in the github repo. + ![image6](../../img/copy-raw-file.png) + +2. Open Azure Monitor, and navigate to Workbooks: + - Once here, click "new". + + ![image7](../../img/new-workbook.png) + +3. Open the advanced editor (): + - Paste the raw code, which was copied in step one, in the gallery template. + - Once finished, click apply. + ![image10](../../img/gallery-template.png) + +4. View your workbook and save it to your gallery: + + ![image11](../../img/save-workbook.png) diff --git a/docs/content/welcome/_index.md b/docs/content/welcome/_index.md index 7c7217bab..970a5314c 100644 --- a/docs/content/welcome/_index.md +++ b/docs/content/welcome/_index.md @@ -7,7 +7,7 @@ weight: 0 Welcome to the Azure Monitor Baseline Alerts (AMBA) site! The purpose of this site is to provide best practice guidance around key alerts metrics and their thresholds. This sites is broken down into two main sections: -1. **Services:** This section provides guidance for individual Azure services. For each service, there is a list of key alert metrics and the recommended thresholds. +1. **Azure Resources:** This section provides guidance for individual Azure resources. For each service, there is a list of key alert metrics and the recommended thresholds. 2. **Patterns / Scenarios:** This section provides guidance for common patterns / scenarios (like Azure Landing Zones), as well as policy definition and initiatives for deploying the alerts in your environment. diff --git a/docs/layouts/partials/templates/arm/activity-administrative.html b/docs/layouts/partials/templates/arm/activity-administrative.html index 74b3e2e7e..0d2ebe3a7 100644 --- a/docs/layouts/partials/templates/arm/activity-administrative.html +++ b/docs/layouts/partials/templates/arm/activity-administrative.html @@ -22,13 +22,28 @@ "description": "Indicates whether or not the alert is enabled." } }, - "actionGroupResourceId": { + "currentDateTimeUtcNow": { "type": "string", + "defaultValue": "[utcNow()]", "metadata": { - "description": "Resource Id for the Action group." + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/activityLogAlerts", @@ -59,16 +74,22 @@ "containsAny": [{{ range $idx1, $value1 := .properties.status }}{{ if ne $idx1 0}},{{ end }}"{{ $value1 }}"{{ end }}] } ] - }, - "actions": { - "actionGroups": - [ - { - "actionGroupId": "[parameters('actionGroupResourceId')]" - } - ] } } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } } ] } diff --git a/docs/layouts/partials/templates/arm/activity-resourcehealth.html b/docs/layouts/partials/templates/arm/activity-resourcehealth.html index fb6992528..33a75bb17 100644 --- a/docs/layouts/partials/templates/arm/activity-resourcehealth.html +++ b/docs/layouts/partials/templates/arm/activity-resourcehealth.html @@ -22,13 +22,28 @@ "description": "Indicates whether or not the alert is enabled." } }, - "actionGroupResourceId": { + "currentDateTimeUtcNow": { "type": "string", + "defaultValue": "[utcNow()]", "metadata": { - "description": "Resource Id for the Action group." + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/activityLogAlerts", @@ -67,16 +82,22 @@ ] } ] - }, - "actions": { - "actionGroups": - [ - { - "actionGroupId": "[parameters('actionGroupResourceId')]" - } - ] } } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } } ] } diff --git a/docs/layouts/partials/templates/arm/activity-servicehealth.html b/docs/layouts/partials/templates/arm/activity-servicehealth.html index ce3e000c3..943f6c0ba 100644 --- a/docs/layouts/partials/templates/arm/activity-servicehealth.html +++ b/docs/layouts/partials/templates/arm/activity-servicehealth.html @@ -22,13 +22,28 @@ "description": "Indicates whether or not the alert is enabled." } }, - "actionGroupResourceId": { + "currentDateTimeUtcNow": { "type": "string", + "defaultValue": "[utcNow()]", "metadata": { - "description": "Resource Id for the Action group." + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/activityLogAlerts", @@ -55,16 +70,22 @@ "equals": "{{ .properties.incidentType }}" } ] - }, - "actions": { - "actionGroups": - [ - { - "actionGroupId": "[parameters('actionGroupResourceId')]" - } - ] } } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } } ] } diff --git a/docs/layouts/partials/templates/arm/log.html b/docs/layouts/partials/templates/arm/log.html index 24e509028..4ce9a94fd 100644 --- a/docs/layouts/partials/templates/arm/log.html +++ b/docs/layouts/partials/templates/arm/log.html @@ -60,13 +60,6 @@ "description": "Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired." } }, - "actionGroupId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The ID of the action group that is triggered when the alert is activated or deactivated" - } - }, "alertSeverity": { "type": "int", "defaultValue": {{ .properties.severity }}, @@ -171,6 +164,7 @@ "PT6H", "PT12H", "PT24H" + "PT1D" ], "metadata": { "description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format." @@ -188,8 +182,29 @@ "metadata": { "description": "how often the metric alert is evaluated represented in ISO 8601 duration format" } + }, + "currentDateTimeUtcNow": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." + } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/scheduledQueryRules", @@ -233,14 +248,21 @@ }, "muteActionsDuration": "[parameters('muteActionsDuration')]", "autoMitigate": "[parameters('autoMitigate')]", - "checkWorkspaceAlertsStorageConfigured": "[parameters('checkWorkspaceAlertsStorageConfigured')]", - "actions": { - "actionGroups": [ - "[parameters('actionGroupId')]" - ], - "customProperties": { + "checkWorkspaceAlertsStorageConfigured": "[parameters('checkWorkspaceAlertsStorageConfigured')]" + } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } - } } } ] diff --git a/docs/layouts/partials/templates/arm/metric-dynamic.html b/docs/layouts/partials/templates/arm/metric-dynamic.html index deba29665..ffe4e4f76 100644 --- a/docs/layouts/partials/templates/arm/metric-dynamic.html +++ b/docs/layouts/partials/templates/arm/metric-dynamic.html @@ -36,13 +36,6 @@ "description": "Resource type of target resources to be monitored." } }, - "actionGroupId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The ID of the action group that is triggered when the alert is activated or deactivated" - } - }, "isEnabled": { "type": "bool", "defaultValue": true, @@ -120,10 +113,15 @@ "type": "string", "defaultValue": "{{ .properties.windowSize }}", "allowedValues": [ + "PT1M", "PT5M", "PT15M", "PT30M", - "PT1H" + "PT1H", + "PT6H", + "PT12H", + "PT24H" + "PT1D" ], "metadata": { "description": "Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format." @@ -141,8 +139,29 @@ "metadata": { "description": "how often the metric alert is evaluated represented in ISO 8601 duration format" } + }, + "currentDateTimeUtcNow": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." + } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -184,12 +203,21 @@ "timeAggregation": "[parameters('timeAggregation')]" } ] - }, - "actions": [ - { - "actionGroupId": "[parameters('actionGroupId')]" + } + } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } - ] } } ] diff --git a/docs/layouts/partials/templates/arm/metric-static.html b/docs/layouts/partials/templates/arm/metric-static.html index 155f50839..2c0f80dc2 100644 --- a/docs/layouts/partials/templates/arm/metric-static.html +++ b/docs/layouts/partials/templates/arm/metric-static.html @@ -36,13 +36,6 @@ "description": "Resource type of target resources to be monitored." } }, - "actionGroupId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The ID of the action group that is triggered when the alert is activated or deactivated" - } - }, "isEnabled": { "type": "bool", "defaultValue": true, @@ -111,6 +104,7 @@ "PT6H", "PT12H", "PT24H" + "PT1D" ], "metadata": { "description": "Period of time used to monitor alert activity based on the threshold. Must be between one minute and one day. ISO 8601 duration format." @@ -129,8 +123,29 @@ "metadata": { "description": "how often the metric alert is evaluated represented in ISO 8601 duration format" } + }, + "currentDateTimeUtcNow": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The current date and time using the utcNow function. Used for deployment name uniqueness" + } + }, + "telemetryOptOut": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "metadata": { + "description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry." + } } }, + "variables": { + "pidDeploymentName": "[take(concat('{{ site.Params.ambaTelemetryPid }}-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]" + }, "resources": [ { "type": "Microsoft.Insights/metricAlerts", @@ -168,12 +183,21 @@ "criterionType": "StaticThresholdCriterion" } ] - }, - "actions": [ - { - "actionGroupId": "[parameters('actionGroupId')]" + } + } + }, + { + "condition": "[equals(parameters('telemetryOptOut'), 'No')]", + "apiVersion": "2020-06-01", + "name": "[variables('pidDeploymentName')]", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } - ] } } ] diff --git a/docs/layouts/partials/templates/bicep/activity-administrative.html b/docs/layouts/partials/templates/bicep/activity-administrative.html index c128173b7..5a4002215 100644 --- a/docs/layouts/partials/templates/bicep/activity-administrative.html +++ b/docs/layouts/partials/templates/bicep/activity-administrative.html @@ -8,14 +8,21 @@ @description('Indicates whether or not the alert is enabled.') param activityLogAlertEnabled bool = true -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = { name: activityLogAlertName location: 'Global' tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -41,12 +48,21 @@ } ] } - actions: { - actionGroups: [ - { - actionGroupId: actionGroupId - } - ] + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] } } } diff --git a/docs/layouts/partials/templates/bicep/activity-resourcehealth.html b/docs/layouts/partials/templates/bicep/activity-resourcehealth.html index 6ae16a826..af998e31f 100644 --- a/docs/layouts/partials/templates/bicep/activity-resourcehealth.html +++ b/docs/layouts/partials/templates/bicep/activity-resourcehealth.html @@ -8,14 +8,21 @@ @description('Indicates whether or not the alert is enabled.') param activityLogAlertEnabled bool = true -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = { name: activityLogAlertName location: 'Global' tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -51,12 +58,21 @@ } ] } - actions: { - actionGroups: [ - { - actionGroupId: actionGroupId - } - ] + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] } } } diff --git a/docs/layouts/partials/templates/bicep/activity-servicehealth.html b/docs/layouts/partials/templates/bicep/activity-servicehealth.html index 50b5e81a2..70b9953f8 100644 --- a/docs/layouts/partials/templates/bicep/activity-servicehealth.html +++ b/docs/layouts/partials/templates/bicep/activity-servicehealth.html @@ -8,14 +8,21 @@ @description('Indicates whether or not the alert is enabled.') param activityLogAlertEnabled bool = true -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = { name: activityLogAlertName location: 'Global' tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -37,12 +44,21 @@ } ] } - actions: { - actionGroups: [ - { - actionGroupId: actionGroupId - } - ] + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] } } } diff --git a/docs/layouts/partials/templates/bicep/log.html b/docs/layouts/partials/templates/bicep/log.html index bdaa21f15..b008b098e 100644 --- a/docs/layouts/partials/templates/bicep/log.html +++ b/docs/layouts/partials/templates/bicep/log.html @@ -32,9 +32,6 @@ ]) param muteActionsDuration string -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' - @description('Severity of alert {0,1,2,3,4}') @allowed([ 0 @@ -69,7 +66,7 @@ param operator string = '{{ .properties.operator }}' @description('The threshold value at which the alert is activated.') -param threshold string = '{{ .properties.threshold }}' +param threshold int = {{ int .properties.threshold }} @description('The number of periods to check in the alert evaluation.') param numberOfEvaluationPeriods int = {{ .properties.failingPeriods.numberOfEvaluationPeriods }} @@ -97,6 +94,7 @@ 'PT6H' 'PT12H' 'PT24H' + 'P1D' ]) param windowSize string = '{{ .properties.windowSize }}' @@ -109,12 +107,21 @@ ]) param evaluationFrequency string = '{{ .properties.evaluationFrequency }}' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' resource alert 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = { name: alertName location: location tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -131,17 +138,13 @@ query: query metricMeasureColumn: metricMeasureColumn resourceIdColumn: resourceIdColumn - if eq (len .properties.dimensions) 0 { - dimensions: [] - } else { - dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} - { - name: '{{ $value1.name }}' - operator: '{{ $value1.operator }}' - values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] - }{{ end }} - ] - } + dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} + { + name: '{{ $idx1 }}' + operator: '{{ $value1.operator }}' + values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] + }{{ end }} + ] operator: operator threshold: threshold timeAggregation: timeAggregation @@ -155,12 +158,21 @@ muteActionsDuration: muteActionsDuration autoMitigate: autoMitigate checkWorkspaceAlertsStorageConfigured: checkWorkspaceAlertsStorageConfigured - actions: { - actionGroups: [ - actionGroupId - ] - customProperties: { - } + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] } } } diff --git a/docs/layouts/partials/templates/bicep/metric-dynamic.html b/docs/layouts/partials/templates/bicep/metric-dynamic.html index d06cb8dc4..005124ce3 100644 --- a/docs/layouts/partials/templates/bicep/metric-dynamic.html +++ b/docs/layouts/partials/templates/bicep/metric-dynamic.html @@ -16,9 +16,6 @@ @minLength(1) param targetResourceType string -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' - @description('Specifies whether the alert is enabled') param isEnabled bool = true @@ -66,10 +63,15 @@ @description('Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one hour. ISO 8601 duration format.') @allowed([ + 'PT1M' 'PT5M' 'PT15M' 'PT30M' 'PT1H' + 'PT6H' + 'PT12H' + 'PT24H' + 'P1D' ]) param windowSize string = '{{ .properties.windowSize }}' @@ -82,11 +84,21 @@ ]) param evaluationFrequency string = '{{ .properties.evaluationFrequency }}' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' + resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = { name: alertName location: 'global' tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -104,17 +116,13 @@ criterionType: 'DynamicThresholdCriterion' name: '1st criterion' metricName: '{{ .properties.metricName }}' - if eq (len .properties.dimensions) 0 { - dimensions: [] - } else { - dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} - { - name: '{{ $value1.name }}' - operator: '{{ $value1.operator }}' - values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] - }{{ end }} - ] - } + dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} + { + name: '{{ $idx1 }}' + operator: '{{ $value1.operator }}' + values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] + }{{ end }} + ] operator: operator alertSensitivity: alertSensitivity failingPeriods: { @@ -125,10 +133,21 @@ } ] } - actions: [ - { - actionGroupId: actionGroupId - } - ] + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } } } diff --git a/docs/layouts/partials/templates/bicep/metric-static.html b/docs/layouts/partials/templates/bicep/metric-static.html index bde0ce300..6e9fa4de9 100644 --- a/docs/layouts/partials/templates/bicep/metric-static.html +++ b/docs/layouts/partials/templates/bicep/metric-static.html @@ -16,9 +16,6 @@ @minLength(1) param targetResourceType string -@description('The ID of the action group that is triggered when the alert is activated or deactivated') -param actionGroupId string = '' - @description('Specifies whether the alert is enabled') param isEnabled bool = true @@ -43,7 +40,7 @@ param operator string = '{{ .properties.operator }}' @description('The threshold value at which the alert is activated.') -param threshold string = '{{ .properties.threshold }}' +param threshold int = {{ int .properties.threshold }} @description('How the data that is collected should be combined over time.') @allowed([ @@ -65,6 +62,7 @@ 'PT6H' 'PT12H' 'PT24H' + 'P1D' ]) param windowSize string = '{{ .properties.windowSize }}' @@ -78,11 +76,21 @@ ]) param evaluationFrequency string = '{{ .properties.evaluationFrequency }}' +@description('"The current date and time using the utcNow function. Used for deployment name uniqueness') +param currentDateTimeUtcNow string = utcNow() + +@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.') +@allowed([ + 'Yes' + 'No' +]) +param telemetryOptOut string = 'No' + resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = { name: alertName location: 'global' tags: { - '_deployed_by_amba': true + _deployed_by_amba: 'true' } properties: { description: alertDescription @@ -99,17 +107,13 @@ { name: '1st criterion' metricName: '{{ .properties.metricName }}' - if eq (len .properties.dimensions) 0 { - dimensions: [] - } else { - dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} - { - name: '{{ $value1.name }}' - operator: '{{ $value1.operator }}' - values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] - }{{ end }} - ] - } + dimensions: [{{ range $idx1, $value1 := .properties.dimensions }} + { + name: '{{ $idx1 }}' + operator: '{{ $value1.operator }}' + values: [{{ range $idx2, $value2 := $value1.values }}'{{ $value2 }}'{{ end }}] + }{{ end }} + ] operator: operator threshold: threshold timeAggregation: timeAggregation @@ -117,10 +121,21 @@ } ] } - actions: [ - { - actionGroupId: actionGroupId - } - ] + } +} + +var ambaTelemetryPidName = '{{ site.Params.ambaTelemetryPid }}-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}' +resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') { + name: ambaTelemetryPidName + tags: { + _deployed_by_amba: 'true' + } + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } } } diff --git a/docs/layouts/shortcodes/alertList.html b/docs/layouts/shortcodes/alertList.html index 26a86ab7e..07a86260d 100644 --- a/docs/layouts/shortcodes/alertList.html +++ b/docs/layouts/shortcodes/alertList.html @@ -66,7 +66,6 @@

References:

{{ range .references }} {{ .name }} - {{ $url := path.Join $.Page.File.Dir .template }} {{ end }} diff --git a/docs/layouts/shortcodes/metricTemplate.html b/docs/layouts/shortcodes/metricTemplate.html deleted file mode 100644 index f14b27578..000000000 --- a/docs/layouts/shortcodes/metricTemplate.html +++ /dev/null @@ -1,6 +0,0 @@ - -{{ $category := "Compute" }} -{{ $type := "virtualMachines" }} - -{{ partial "templates/template-tabs" . }} - diff --git a/docs/static/img/alert-management-wb.png b/docs/static/img/alert-management-wb.png new file mode 100644 index 000000000..42a66a156 Binary files /dev/null and b/docs/static/img/alert-management-wb.png differ diff --git a/docs/static/img/copy-raw-file.png b/docs/static/img/copy-raw-file.png new file mode 100644 index 000000000..a77e1e8f4 Binary files /dev/null and b/docs/static/img/copy-raw-file.png differ diff --git a/docs/static/img/gallery-template.png b/docs/static/img/gallery-template.png new file mode 100644 index 000000000..6227fa98c Binary files /dev/null and b/docs/static/img/gallery-template.png differ diff --git a/docs/static/img/new-workbook.png b/docs/static/img/new-workbook.png new file mode 100644 index 000000000..cee581e3d Binary files /dev/null and b/docs/static/img/new-workbook.png differ diff --git a/docs/static/img/save-workbook.png b/docs/static/img/save-workbook.png new file mode 100644 index 000000000..41196c37a Binary files /dev/null and b/docs/static/img/save-workbook.png differ diff --git a/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json b/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json index f9248348e..96b526548 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json +++ b/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts - Notification Assets", "description": "Initiative to deploy AMBA Notification Assets", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -109,7 +109,7 @@ "policyDefinitions": [ { "policyDefinitionReferenceId": "ALZ_AlertProcessing_Rule", - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/contoso', '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule", "parameters": { "ALZMonitorResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" @@ -145,6 +145,21 @@ "value": "[[parameters('ALZFunctionTriggerUrl')]" } } + }, + { + "policyDefinitionReferenceId": "ALZ_Suppression_AlertProcessing_Rule", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_Suppression_AlertProcessing_Rule", + "parameters": { + "ALZMonitorResourceGroupName": { + "value": "[[parameters('ALZMonitorResourceGroupName')]" + }, + "ALZMonitorResourceGroupTags": { + "value": "[[parameters('ALZMonitorResourceGroupTags')]" + }, + "ALZMonitorResourceGroupLocation": { + "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + } + } } ], "policyType": "Custom", diff --git a/patterns/alz/scripts/Start-AMBARemediation.ps1 b/patterns/alz/scripts/Start-AMBARemediation.ps1 index c4ed47e62..44ce207a1 100644 --- a/patterns/alz/scripts/Start-AMBARemediation.ps1 +++ b/patterns/alz/scripts/Start-AMBARemediation.ps1 @@ -95,7 +95,6 @@ function Get-PolicyType { # Invoking policy remediation $assignmentFound = $true Start-PolicyRemediation -managementGroupName $managementGroupName -policyAssignmentName $PSItem.name -polassignId $PSItem.id -policyDefinitionReferenceId $policyName - Write-Host " Waiting for 5 minutes while remediating the 'Deploy Service Health Action Group' policy before continuing." -ForegroundColor Cyan } } } @@ -154,6 +153,7 @@ function Enumerate-Policy { # wait for 5 minutes and then remediate the entire Alerting-ServiceHealth initiative. If($policyName -eq 'Alerting-ServiceHealth') { Get-PolicyType -managementGroupName $managementGroupName -policyName 'ALZ_ServiceHealth_ActionGroups' + Write-Host " Waiting for 5 minutes while remediating the 'Deploy Service Health Action Group' policy before continuing." -ForegroundColor Cyan Start-Sleep -Seconds 360 Get-PolicyType -managementGroupName $managementGroupName -policyName $policyName } diff --git a/patterns/alz/templates/policies.bicep b/patterns/alz/templates/policies.bicep index 01fec287a..cc6cb7e52 100644 --- a/patterns/alz/templates/policies.bicep +++ b/patterns/alz/templates/policies.bicep @@ -84,6 +84,7 @@ var loadPolicyDefinitions = { loadTextContent('../../../services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json') loadTextContent('../../../services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json') loadTextContent('../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json') + loadTextContent('../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Suppression.json') loadTextContent('../../../services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json') loadTextContent('../../../services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json') loadTextContent('../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json') diff --git a/patterns/avs/avsArm.json b/patterns/avs/avsArm.json new file mode 100644 index 000000000..f2884346a --- /dev/null +++ b/patterns/avs/avsArm.json @@ -0,0 +1,219 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.14.46.61228", + "templateHash": "11509858991434574809" + } + }, + "parameters": { + "ActionGroupName": { + "type": "string", + "defaultValue": "AVSAlerts", + "metadata": { + "description": "Name of the action group to be created" + } + }, + "AlertPrefix": { + "type": "string", + "defaultValue": "AVSAlert", + "metadata": { + "description": "Prefix to use for alert creation" + } + }, + "ActionGroupEmails": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Email addresses to be added to the action group. Use the format [\"name1@domain.com\",\"name2@domain.com\"]." + } + }, + "PrivateCloudResourceId": { + "type": "string", + "metadata": { + "description": "The existing Private Cloud full resource id" + } + } + }, + "variables": { + "varCuaid": "6f7b68e9-1179-4853-9dfe-1a4f793b9893", + "Alerts": [ + { + "Name": "CPU", + "Description": "CPU Usage per Cluster", + "Metric": "EffectiveCpuAverage", + "SplitDimension": "clustername", + "Threshold": 80, + "Severity": 2 + }, + { + "Name": "Memory", + "Description": "Memory Usage per Cluster", + "Metric": "UsageAverage", + "SplitDimension": "clustername", + "Threshold": 80, + "Severity": 2 + }, + { + "Name": "Storage", + "Description": "Storage Usage per Datastore", + "Metric": "DiskUsedPercentage", + "SplitDimension": "dsname", + "Threshold": 70, + "Severity": 2 + }, + { + "Name": "StorageCritical", + "Description": "Storage Usage per Datastore", + "Metric": "DiskUsedPercentage", + "SplitDimension": "dsname", + "Threshold": 75, + "Severity": 0 + } + ] + }, + "resources": [ + { + "type": "microsoft.insights/actionGroups", + "apiVersion": "2019-06-01", + "name": "[parameters('ActionGroupName')]", + "location": "Global", + "properties": { + "copy": [ + { + "name": "emailReceivers", + "count": "[length(parameters('ActionGroupEmails'))]", + "input": { + "emailAddress": "[parameters('ActionGroupEmails')[copyIndex('emailReceivers')]]", + "name": "[split(parameters('ActionGroupEmails')[copyIndex('emailReceivers')], '@')[0]]", + "useCommonAlertSchema": false + } + } + ], + "enabled": true, + "groupShortName": "[substring(format('avs{0}', uniqueString(parameters('ActionGroupName'))), 0, 12)]" + } + }, + { + "type": "Microsoft.Insights/activityLogAlerts", + "apiVersion": "2020-10-01", + "name": "[format('{0}-ServiceHealth', parameters('AlertPrefix'))]", + "location": "Global", + "properties": { + "description": "Service Health Alerts", + "condition": { + "allOf": [ + { + "field": "category", + "equals": "ServiceHealth" + }, + { + "field": "properties.impactedServices[*].ServiceName", + "containsAny": [ + "Azure VMware Solution" + ] + }, + { + "field": "properties.impactedServices[*].ImpactedRegions[*].RegionName", + "containsAny": [ + "[reference(parameters('PrivateCloudResourceId'), '2021-06-01', 'Full').location]", + "Global" + ] + } + ] + }, + "scopes": [ + "[subscription().id]" + ], + "enabled": true, + "actions": { + "actionGroups": [ + { + "actionGroupId": "[resourceId('microsoft.insights/actionGroups', parameters('ActionGroupName'))]" + } + ] + } + }, + "dependsOn": [ + "[resourceId('microsoft.insights/actionGroups', parameters('ActionGroupName'))]" + ] + }, + { + "copy": { + "name": "MetricAlert", + "count": "[length(variables('Alerts'))]" + }, + "type": "Microsoft.Insights/metricAlerts", + "apiVersion": "2018-03-01", + "name": "[format('{0}-{1}', parameters('AlertPrefix'), variables('Alerts')[copyIndex()].Name)]", + "location": "Global", + "properties": { + "description": "[variables('Alerts')[copyIndex()].Description]", + "criteria": { + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria", + "allOf": [ + { + "name": "Metric1", + "operator": "GreaterThan", + "threshold": "[variables('Alerts')[copyIndex()].Threshold]", + "timeAggregation": "Average", + "criterionType": "StaticThresholdCriterion", + "metricName": "[variables('Alerts')[copyIndex()].Metric]", + "dimensions": [ + { + "name": "[variables('Alerts')[copyIndex()].SplitDimension]", + "operator": "Include", + "values": [ + "*" + ] + } + ] + } + ] + }, + "scopes": [ + "[parameters('PrivateCloudResourceId')]" + ], + "severity": "[variables('Alerts')[copyIndex()].Severity]", + "evaluationFrequency": "PT5M", + "windowSize": "PT30M", + "autoMitigate": true, + "enabled": true, + "actions": [ + { + "actionGroupId": "[resourceId('microsoft.insights/actionGroups', parameters('ActionGroupName'))]" + } + ] + }, + "dependsOn": [ + "[resourceId('microsoft.insights/actionGroups', parameters('ActionGroupName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[format('pid-{0}-{1}', variables('varCuaid'), uniqueString(resourceGroup().location))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": {}, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.14.46.61228", + "templateHash": "8359988288953583068" + } + }, + "resources": [] + } + } + } + ] + } \ No newline at end of file diff --git a/patterns/avs/avsArm.param.json b/patterns/avs/avsArm.param.json new file mode 100644 index 000000000..005502644 --- /dev/null +++ b/patterns/avs/avsArm.param.json @@ -0,0 +1,14 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "ActionGroupEmails": { + "value": [ + "example@microsoft.com" + ] + }, + "PrivateCloudResourceId": { + "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ExampleRG/providers/Microsoft.AVS/privateClouds/ExamplePrivateCloud" + } + } +} \ No newline at end of file diff --git a/services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Suppression.json b/services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Suppression.json new file mode 100644 index 000000000..742a09309 --- /dev/null +++ b/services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Suppression.json @@ -0,0 +1,185 @@ +{ + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "Deploy_Suppression_AlertProcessing_Rule", + "properties": { + "policyType": "Custom", + "mode": "All", + "displayName": "Deploy AMBA Notification Suppression Asset", + "description": "Policy to deploy empty and disabled suppression Alert Processing Rule for all AMBA alerts", + "metadata": { + "version": "1.0.0", + "category": "Monitoring", + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "_deployed_by_amba": "True" + }, + "parameters": { + "ALZMonitorResourceGroupName": { + "type": "String", + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001" + }, + "ALZMonitorResourceGroupTags": { + "type": "Object", + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "_deployed_by_amba": true + } + }, + "ALZMonitorResourceGroupLocation": { + "type": "String", + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus" + }, + "MonitorDisable": { + "type": "String", + "metadata": { + "displayName": "Monitoring disabled", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Resources/subscriptions" + }, + { + "field": "[[concat('tags[', parameters('MonitorDisable'), ']')]", + "notEquals": "true" + } + ] + }, + "then": { + "effect": "deployIfNotExists", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.AlertsManagement/actionRules", + "existenceScope": "resourceGroup", + "resourceGroupName": "[[parameters('ALZMonitorResourceGroupName')]", + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.AlertsManagement/actionRules/description", + "equals": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription" + } + ] + }, + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "ALZMonitorResourceGroupName": { + "type": "string" + }, + "ALZMonitorResourceGroupTags": { + "type": "object" + }, + "ALZMonitorResourceGroupLocation": { + "type": "string" + } + }, + "variables": { + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", + "name": "[[parameters('ALZMonitorResourceGroupName')]", + "location": "[[parameters('ALZMonitorResourceGroupLocation')]", + "tags": "[[parameters('ALZMonitorResourceGroupTags')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "SuppressionRuleDeployment", + "resourceGroup": "[[parameters('ALZMonitorResourceGroupName')]", + "dependsOn": [ + "[[concat('Microsoft.Resources/resourceGroups/', parameters('ALZMonitorResourceGroupName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "ALZMonitorResourceGroupName": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.AlertsManagement/actionRules", + "apiVersion": "2021-08-08", + "name": "[[concat('apr-AMBA-',subscription().displayName, '-002')]", + "location": "Global", + "dependsOn": [ + ], + "tags": { + "_deployed_by_amba": true + }, + "properties": { + "scopes": [ + "[[subscription().Id]" + ], + "description": "AMBA Notification Assets - Suppression Alert Processing Rule for maintenance period for Subscription", + "enabled": false, + "actions": [ + { + "actionType": "RemoveAllActionGroups" + } + ] + } + } + ] + }, + "parameters": { + "ALZMonitorResourceGroupName": { + "value": "[[parameters('ALZMonitorResourceGroupName')]" + } + } + } + } + ] + }, + "parameters": { + "ALZMonitorResourceGroupName": { + "value": "[[parameters('ALZMonitorResourceGroupName')]" + }, + "ALZMonitorResourceGroupTags": { + "value": "[[parameters('ALZMonitorResourceGroupTags')]" + }, + "ALZMonitorResourceGroupLocation": { + "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + } + } + } + } + } + } + } + } +} diff --git a/services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json b/services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json index e35780e0f..482106042 100644 --- a/services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json +++ b/services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Automation Account TotalJob Alert", "description": "Policy to audit/deploy Automation Account TotalJob Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Automation", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Cdn/profiles/Deploy-CDNP-OriginHealthPercentage-Alert.json b/services/Cdn/profiles/Deploy-CDNP-OriginHealthPercentage-Alert.json index 7c4820b51..0a93ef521 100644 --- a/services/Cdn/profiles/Deploy-CDNP-OriginHealthPercentage-Alert.json +++ b/services/Cdn/profiles/Deploy-CDNP-OriginHealthPercentage-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor CDN Profile Origin Health Percentage Alert", "description": "Policy to audit/deploy FrontDoor Origin Health Percentage Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Cdn/profiles/Deploy-CDNP-OriginLatency-Alert.json b/services/Cdn/profiles/Deploy-CDNP-OriginLatency-Alert.json index 0586091a7..55efdc96b 100644 --- a/services/Cdn/profiles/Deploy-CDNP-OriginLatency-Alert.json +++ b/services/Cdn/profiles/Deploy-CDNP-OriginLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor CDN Profile Origin Latency Alert", "description": "Policy to audit/deploy Frontdoor CDN Profile Origin Latency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Cdn/profiles/Deploy-CDNP-Percentage4XX-Alert.json b/services/Cdn/profiles/Deploy-CDNP-Percentage4XX-Alert.json index 856897330..18eff7671 100644 --- a/services/Cdn/profiles/Deploy-CDNP-Percentage4XX-Alert.json +++ b/services/Cdn/profiles/Deploy-CDNP-Percentage4XX-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor CDN Profile Percentage4XX Alert", "description": "Policy to audit/deploy Frontdoor CDN Profile Percentage4XX Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Cdn/profiles/Deploy-CDNP-Percentage5XX-Alert.json b/services/Cdn/profiles/Deploy-CDNP-Percentage5XX-Alert.json index 8eda78734..5341f8474 100644 --- a/services/Cdn/profiles/Deploy-CDNP-Percentage5XX-Alert.json +++ b/services/Cdn/profiles/Deploy-CDNP-Percentage5XX-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor CDN Profile Percentage5XX Alert", "description": "Policy to audit/deploy Frontdoor CDN Profile Percentage5XX Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-AvailableMemory-Alert.json b/services/Compute/virtualMachines/Deploy-VM-AvailableMemory-Alert.json index 38531c391..7daf79a92 100644 --- a/services/Compute/virtualMachines/Deploy-VM-AvailableMemory-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-AvailableMemory-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Available Memory Alert", "description": "Policy to audit/deploy VM Available Memory Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json index 7e07eb7d1..51cd3119b 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Data Disk Read Latency Alert", "description": "Policy to audit/deploy VM dataDiskReadLatency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -250,6 +250,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])|where Disk !in ('C:','/')| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json index 3dde68637..c1b60edd8 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Data Disk Space Alert", "description": "Policy to audit/deploy VM data Disk Space Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -240,6 +240,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])|where Disk !in ('C:','/')| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json index 418e91397..4ac4bc84f 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Data Disk Write Latency Alert", "description": "Policy to audit/deploy VM dataDiskWriteLatency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -250,6 +250,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])|where Disk !in ('C:','/')| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json b/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json index 35e36c6e9..270d4f3bf 100644 --- a/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM HeartBeat Alert", "description": "Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -230,6 +230,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "Heartbeat| summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId| extend Duration = datetime_diff('minute',now(),TimeGenerated)| summarize AggregatedValue = min(Duration) by Computer, bin(TimeGenerated,5m), _ResourceId" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-HeartBeatAlertRG.json b/services/Compute/virtualMachines/Deploy-VM-HeartBeatAlertRG.json index 042e7524d..35286cadf 100644 --- a/services/Compute/virtualMachines/Deploy-VM-HeartBeatAlertRG.json +++ b/services/Compute/virtualMachines/Deploy-VM-HeartBeatAlertRG.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM HeartBeat Alert", "description": "Policy to audit/deploy VM HeartBeat Alert for VMs in the resource group", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -197,6 +197,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "1" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "1" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "Heartbeat| summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId| extend Duration = datetime_diff('minute',now(),TimeGenerated)| summarize AggregatedValue = min(Duration) by Computer, bin(TimeGenerated,5m), _ResourceId" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json b/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json index e7d4d2938..3a0b1a807 100644 --- a/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Network Read Alert", "description": "Policy to audit/deploy VM Nework Read Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -250,6 +250,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"Network\" and Name == \"ReadBytesPerSecond\"| extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"])|summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json b/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json index 67cc0299b..48685b18f 100644 --- a/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Network Write Alert", "description": "Policy to audit/deploy VM Network Out Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -250,6 +250,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"Network\" and Name == \"WriteBytesPerSecond\"| extend NetworkInterface=tostring(todynamic(Tags)[\"vm.azm.ms/networkDeviceId\"])|summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json index 9c48a0533..8011ce319 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM OS Disk Read Latency Alert", "description": "Policy to audit/deploy VM OSDiskreadLatency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -251,6 +251,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"ReadLatencyMs\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json index 3bac9b4ce..30dcb98bd 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM OS Disk Space Alert", "description": "Policy to audit/deploy VM OSDiskSpace Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -251,6 +251,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json index 44efff461..7e57c2c31 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM OS Disk Write Latency Alert", "description": "Policy to audit/deploy VM OSDiskwriteLatency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -251,6 +251,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"LogicalDisk\" and Name == \"WriteLatencyMs\"| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json b/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json index c1b6aa34d..c6afe9e93 100644 --- a/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM CPU Alert", "description": "Policy to audit/deploy VM CPU Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -222,6 +222,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "1" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"| where Namespace == \"Processor\" and Name == \"UtilizationPercentage\"| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId" } ] }, diff --git a/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json b/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json index 28c9ba154..64601d55b 100644 --- a/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VM Memory Alert", "description": "Policy to audit/deploy VM Memory Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -230,6 +230,46 @@ { "field": "Microsoft.Insights/scheduledqueryrules/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledqueryrules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "InsightsMetrics| where Origin == \"vm.azm.ms\"|where Namespace == \"Memory\" and Name == \"AvailableMB\"| extend TotalMemory = toreal(todynamic(Tags)[\"vm.azm.ms/memorySizeMB\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0| summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId" } ] }, diff --git a/services/Compute/virtualMachines/alerts.yaml b/services/Compute/virtualMachines/alerts.yaml index 3ff78f80f..c25928646 100644 --- a/services/Compute/virtualMachines/alerts.yaml +++ b/services/Compute/virtualMachines/alerts.yaml @@ -203,6 +203,8 @@ - name: Heartbeat description: Log Alert for Virtual Machine Heartbeat type: Log + verified: false + visible: true properties: severity: 1 operator: GreaterThan diff --git a/services/DesktopVirtualization/_index.md b/services/DesktopVirtualization/_index.md new file mode 100644 index 000000000..f1fb714ba --- /dev/null +++ b/services/DesktopVirtualization/_index.md @@ -0,0 +1,6 @@ +--- +title: DesktopVirtualization +geekdocCollapseSection: true +geekdocHidden: true +--- + diff --git a/services/DesktopVirtualization/hostPools/_index.md b/services/DesktopVirtualization/hostPools/_index.md new file mode 100644 index 000000000..33654b7a6 --- /dev/null +++ b/services/DesktopVirtualization/hostPools/_index.md @@ -0,0 +1,7 @@ +--- +title: HostPools +geekdocCollapseSection: true +geekdocHidden: true +--- + +{{< alertList name="alertList" >}} diff --git a/services/DesktopVirtualization/hostPools/alerts.yaml b/services/DesktopVirtualization/hostPools/alerts.yaml new file mode 100644 index 000000000..2496614a7 --- /dev/null +++ b/services/DesktopVirtualization/hostPools/alerts.yaml @@ -0,0 +1,1388 @@ +- name: Capacity 85 Percent (xHostPoolNamex) + description: This alert is based on the Action Account and Runbook that populates the Log Analytics specificed with the AVD Metrics Deployment Solution for xHostPoolNamex. + -->Last Number in the string is the Percentage Remaining for the Host Pool. + Output is - + HostPoolName|ResourceGroup|Type|MaxSessionLimit|NumberHosts|TotalUsers|DisconnectedUser|ActiveUsers|SessionsAvailable|HostPoolPercentageLoad' + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT30M + evaluationFrequency: PT5M + threshold: 1 + resouceIdColumn: ResourceId + dimensions: + - name: HostPoolName + operator: Include + values: + - '*' + - name: UserSessionsTotal + operator: Include + values: + - '*' + - name: UserSessionsDisconnected + operator: Include + values: + - '*' + - name: UserSessionsActive + operator: Include + values: + - '*' + - name: UserSessionsAvailable + operator: Include + values: + - '*' + - name: HostPoolPercentLoad + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'AzureDiagnostics + + | where Category has "JobStreams" and StreamType_s == "Output" and RunbookName_s == "AvdHostPoolLogData" + + | sort by TimeGenerated + + | where TimeGenerated > now() - 5m + + | extend HostPoolName=tostring(split(ResultDescription, ''|'')[0]) + + | extend ResourceGroup=tostring(split(ResultDescription, ''|'')[1]) + + | extend Type=tostring(split(ResultDescription, ''|'')[2]) + + | extend MaxSessionLimit=toint(split(ResultDescription, ''|'')[3]) + + | extend NumberSessionHosts=toint(split(ResultDescription, ''|'')[4]) + + | extend UserSessionsTotal=toint(split(ResultDescription, ''|'')[5]) + + | extend UserSessionsDisconnected=toint(split(ResultDescription, ''|'')[6]) + + | extend UserSessionsActive=toint(split(ResultDescription, ''|'')[7]) + + | extend UserSessionsAvailable=toint(split(ResultDescription, ''|'')[8]) + + | extend HostPoolPercentLoad=toint(split(ResultDescription, ''|'')[9]) + + | extend HPResourceId=tostring(split(ResultDescription, ''|'')[13]) + + | extend ResourceId=tostring(HPResourceId) + + | where HostPoolPercentLoad >= 85 and HostPoolPercentLoad < 95 + + | where HostPoolName =~ ''xHostPoolNamex''' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: Capacity 95 Percent (xHostPoolNamex) + description: This alert is based on the Action Account and Runbook that populates the Log Analytics specificed with the AVD Metrics Deployment Solution for xHostPoolNamex. + -->Last Number in the string is the Percentage Remaining for the Host Pool. + Output is - + HostPoolName|ResourceGroup|Type|MaxSessionLimit|NumberHosts|TotalUsers|DisconnectedUser|ActiveUsers|SessionsAvailable|HostPoolPercentageLoad' + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT30M + evaluationFrequency: PT5M + threshold: 1 + resouceIdColumn: ResourceId + dimensions: + - name: HostPoolName + operator: Include + values: + - '*' + - name: UserSessionsTotal + operator: Include + values: + - '*' + - name: UserSessionsDisconnected + operator: Include + values: + - '*' + - name: UserSessionsActive + operator: Include + values: + - '*' + - name: UserSessionsAvailable + operator: Include + values: + - '*' + - name: HostPoolPercentLoad + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'AzureDiagnostics + + | where Category has "JobStreams" and StreamType_s == "Output" and RunbookName_s == "AvdHostPoolLogData" + + | sort by TimeGenerated + + | where TimeGenerated > now() - 5m + + | extend HostPoolName=tostring(split(ResultDescription, ''|'')[0]) + + | extend ResourceGroup=tostring(split(ResultDescription, ''|'')[1]) + + | extend Type=tostring(split(ResultDescription, ''|'')[2]) + + | extend MaxSessionLimit=toint(split(ResultDescription, ''|'')[3]) + + | extend NumberSessionHosts=toint(split(ResultDescription, ''|'')[4]) + + | extend UserSessionsTotal=toint(split(ResultDescription, ''|'')[5]) + + | extend UserSessionsDisconnected=toint(split(ResultDescription, ''|'')[6]) + + | extend UserSessionsActive=toint(split(ResultDescription, ''|'')[7]) + + | extend UserSessionsAvailable=toint(split(ResultDescription, ''|'')[8]) + + | extend HostPoolPercentLoad=toint(split(ResultDescription, ''|'')[9]) + + | extend HPResourceId=tostring(split(ResultDescription, ''|'')[13]) + + | extend ResourceId=tostring(HPResourceId) + + | where HostPoolPercentLoad >= 95 + + | where HostPoolName =~ ''xHostPoolNamex''' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: No Resources Available (xHostPoolNamex) + description: Catastrophic Event! Indicates potential problems with dependencies, diagnose and resolve for xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT15M + evaluationFrequency: PT15M + threshold: 1 + resouceIdColumn: _ResourceId + dimensions: + - name: UserName + operator: Include + values: + - '*' + - name: SessionHostName + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'WVDConnections + + | where TimeGenerated > ago (15m) + + | where _ResourceId contains "xHostPoolNamex" + + | project-away TenantId,SourceSystem + + | summarize arg_max(TimeGenerated, *), StartTime = min(iff(State== \''Started\'', TimeGenerated , datetime(null) )), ConnectTime = min(iff(State== \''Connected\'', TimeGenerated , datetime(null) )) by CorrelationId + + | join kind=leftouter (WVDErrors + + |summarize Errors=makelist(pack(\''Code\'', Code, \''CodeSymbolic\'', CodeSymbolic, \''Time\'', TimeGenerated, \''Message\'', Message ,\''ServiceError\'', ServiceError, \''Source\'', Source)) by CorrelationId + + ) on CorrelationId + + | join kind=leftouter (WVDCheckpoints + + | summarize Checkpoints=makelist(pack(\''Time\'', TimeGenerated, \''Name\'', Name, \''Parameters\'', Parameters, \''Source\'', Source)) by CorrelationId + + | mv-apply Checkpoints on ( + + order by todatetime(Checkpoints[\''Time\'']) asc + + | summarize Checkpoints=makelist(Checkpoints)) + + ) on CorrelationId + + | project-away CorrelationId1, CorrelationId2 + + | order by TimeGenerated desc + + | where Errors[0].CodeSymbolic == "ConnectionFailedNoHealthyRdshAvailable"' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: User Disconnected over 24h (xHostPoolNamex) + description: Verify Remote Desktop Policies are applied relating to Session Limits for xHostPoolNamex. This could impact your scaling plan as well. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1H + evaluationFrequency: PT1H + threshold: 1 + resouceIdColumn: _ResourceId + dimensions: + - name: UserName + operator: Include + values: + - '*' + - name: SessionHostName + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'WVDConnections + + | where TimeGenerated > ago(24h) + + | where State == "Connected" + + | where _ResourceId contains "xHostPoolNamex" + + | project CorrelationId , UserName, ConnectionType, StartTime=TimeGenerated, SessionHostName + + | join (WVDConnections + + | where State == "Completed" + + | project EndTime=TimeGenerated, CorrelationId) + + on CorrelationId + + | project Duration = EndTime - StartTime, ConnectionType, UserName, SessionHostName + + | where Duration >= timespan(24:00:00) + + | sort by Duration desc' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: User Disconnected over 72h (xHostPoolNamex) + description: Verify Remote Desktop Policies are applied relating to Session Limits for xHostPoolNamex. This could impact your scaling plan as well. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1H + evaluationFrequency: PT1H + threshold: 1 + resouceIdColumn: _ResourceId + dimensions: + - name: UserName + operator: Include + values: + - '*' + - name: SessionHostName + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'WVDConnections + + | where TimeGenerated > ago(24h) + + | where State == "Connected" + + | where _ResourceId contains "xHostPoolNamex" + + | project CorrelationId , UserName, ConnectionType, StartTime=TimeGenerated, SessionHostName + + | join (WVDConnections + + | where State == "Completed" + + | project EndTime=TimeGenerated, CorrelationId) + + on CorrelationId + + | project Duration = EndTime - StartTime, ConnectionType, UserName, SessionHostName + + | where Duration >= timespan(72:00:00) + + | sort by Duration desc' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: Local Disk Space less than 10% (xHostPoolNamex) + description: Disk space Moderately Low. \nConsider review of the VM local C drive and determine what is consuming disk space for the VM in xHostPoolNamex. This could be local profiles or temp files that need to be cleaned up or removed. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT15M + evaluationFrequency: PT15M + threshold: 1 + resouceIdColumn: _ResourceId + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Perf + + | where TimeGenerated > ago(15m) + + | where ObjectName == "LogicalDisk" and CounterName == "% Free Space" + + | where InstanceName !contains "D:" + + | where InstanceName !contains "_Total" | where CounterValue <= 10.00 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, CounterValue, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where TimeGenerated > ago(15m) + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool, _ResourceId + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: Local Disk Space less than 5% (xHostPoolNamex) + description: Disk space Moderately Low. \nConsider review of the VM local C drive and determine what is consuming disk space for the VM in xHostPoolNamex. This could be local profiles or temp files that need to be cleaned up or removed. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT15M + evaluationFrequency: PT15M + threshold: 1 + resouceIdColumn: _ResourceId + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Perf + + | where TimeGenerated > ago(15m) + + | where ObjectName == "LogicalDisk" and CounterName == "% Free Space" + + | where InstanceName !contains "D:" + + | where InstanceName !contains "_Total" + + | where CounterValue <= 5.00 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, CounterValue, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + ( + + WVDAgentHealthStatus + + | where TimeGenerated > ago(15m) + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool, _ResourceId + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Profile less than 5% (xHostPoolNamex) + description: User Profiles Service logged Event ID 33. Expand User's Virtual Profile Disk and/or clean up user profile data on the VM in xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT5M + evaluationFrequency: PT5M + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Warning" + + | where EventID == 34 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Profile less than 2% (xHostPoolNamex) + description: User Profiles Service logged Event ID 34. Expand User's Virtual Profile Disk and/or clean up user profile data on the VM in xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT5M + evaluationFrequency: PT5M + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Error" + + | where EventID == 33 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Network Issue (xHostPoolNamex) + description: User Profiles Service logged Event ID 43. Verify network communications between the storage and AVD VM related to xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1D + evaluationFrequency: PT5M + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Error" + + | where EventID == 43 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Profile Disk Failed to Attach (xHostPoolNamex) + description: User Profiles Service logged an Event ID 52 or 40. Investigate error details for reason regarding xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1D + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Error" + + | where EventID == 42 or EventID == 40 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Service Disabled (xHostPoolNamex) + description: User Profile Service Disabled. Determine why service was disabled and re-enable / start the FSLogix service. Regarding xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1D + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Warning" + + | where EventID == 60 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Disk Compact Failure (xHostPoolNamex) + description: User Profile Service logged Event ID 62 or 63. The profile Disk was marked for compaction due to additional white space but failed. See error details for additional information regarding xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1D + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Admin" + + | where EventLevelName == "Error" + + | where EventID == 62 or EventID == 63 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: FSLogix Disk Already In Use (xHostPoolNamex) + description: User Profile Service logged an Event ID 51. This indicates that a user attempted to load their profile disk but it was in use or possibly mapped to another VM. Ensure the user is not connected to another host pool or remote app with the same profile. Regarding xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT1D + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: ComputerName + operator: Include + values: + - '*' + - name: RenderedDescription + operator: Include + values: + - '*' + - name: VMresourceGroup + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'Event + + | where EventLog == "Microsoft-FSLogix-Apps/Operational" + + | where EventLevelName == "Warning" + + | where EventID == 51 + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.compute/virtualmachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | project ComputerName, RenderedDescription, subscription, ResourceGroup, TimeGenerated + + | join kind = leftouter + + (WVDAgentHealthStatus + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscriptionAgentHealth "/resourcegroups/" ResourceGroupAgentHealth "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" VMsubscription "/resourceGroups/" VMresourceGroup "/providers/Microsoft.Compute/virtualMachines/" ComputerName + + | extend ComputerName=tolower(ComputerName) + + | summarize arg_max(TimeGenerated,*) by ComputerName + + | project VMresourceGroup, ComputerName, HostPool + + ) on ComputerName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: Session Host Healthcheck Failure (xHostPoolNamex) + description: VM is available for use but one of the dependent resources is in a failed state for hostpool xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 2 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT15M + evaluationFrequency: PT15M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: SessionHostName + operator: Include + values: + - '*' + - name: HealthCheckDesc + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + - name: SessionHostRG + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'let MapToDesc = (idx: long) { + + case(idx == 0, "DomainJoin", + + idx == 1, "DomainTrust", + + idx == 2, "FSLogix", + + idx == 3, "SxSStack", + + idx == 4, "URLCheck", + + idx == 5, "GenevaAgent", + + idx == 6, "DomainReachable", + + idx == 7, "WebRTCRedirector", + + idx == 8, "SxSStackEncryption", + + idx == 9, "IMDSReachable", + + idx == 10, "MSIXPackageStaging", + + "InvalidIndex")}; + + WVDAgentHealthStatus + + | where TimeGenerated > ago(10m) + + | where Status != \''Available\'' + + | where AllowNewSessions = True + + | extend CheckFailed = parse_json(SessionHostHealthCheckResult) + + | mv-expand CheckFailed + + | where CheckFailed.AdditionalFailureDetails.ErrorCode != 0 + + | extend HealthCheckName = tolong(CheckFailed.HealthCheckName) + + | extend HealthCheckResult = tolong(CheckFailed.HealthCheckResult) + + | extend HealthCheckDesc = MapToDesc(HealthCheckName) + + | where HealthCheckDesc != \''InvalidIndex\'' + + | where _ResourceId contains "xHostPoolNamex" + + | parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" HostPoolResourceGroup "/providers/microsoft.desktopvirtualization/hostpools/" HostPool + + | parse SessionHostResourceId with "/subscriptions/" HostSubscription "/resourceGroups/" SessionHostRG " /providers/Microsoft.Compute/virtualMachines/" SessionHostName' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: Personal Desktop Assigned Healthcheck Failure (xHostPoolNamex) + description: VM is assigned to a user but one of the dependent resources is in a failed state for hostpool xHostPoolNamex. This alert relies on the runbook AvdHostPoolLogData. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 1 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT5M + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: SessionHostName + operator: Include + values: + - '*' + - name: HealthCheckDesc + operator: Include + values: + - '*' + - name: HostPool + operator: Include + values: + - '*' + - name: SessionHostRG + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'AzureDiagnostics + + | where Category has "JobStreams" and StreamType_s == "Output" and RunbookName_s == "AvdHostPoolLogData" + + | sort by TimeGenerated + + | where TimeGenerated > ago(15m) + + | extend HostPoolName=tostring(split(ResultDescription, ''|'')[0]) + + | extend ResourceGroup=tostring(split(ResultDescription, ''|'')[1]) + + | extend Type=tostring(split(ResultDescription, ''|'')[2]) + + | extend NumberSessionHosts=toint(split(ResultDescription, ''|'')[4]) + + | extend UserSessionsActive=toint(split(ResultDescription, ''|'')[7]) + + | extend NumPersonalUnhealthy=toint(split(ResultDescription, ''|'')[10]) + + | extend PersonalSessionHost=extract_json("$.SessionHost", tostring(split(ResultDescription, ''|'')[11]), typeof(string)) + + | extend PersonalAssignedUser=extract_json("$.AssignedUser", tostring(split(ResultDescription, ''|'')[11]), typeof(string)) + + | where HostPoolName =~ ''xHostPoolNamex'' + + | where Type == ''Personal'' + + | where NumPersonalUnhealthy > 0 ' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false +- name: User Connection to Session Host Failure (xHostPoolNamex) + description: While trying to connect to xHostPoolNamex a user had an error and failed to connect to a VM. There are lots of variables between the end uers and AVD VMs. If this is frequent for the user, determine if their Internet connection is slow or latency is over 150 ms. Regarding xHostPoolNamex. + type: Log + verified: false + visible: true + tags: + - avd + properties: + severity: 3 + operator: GreaterThanOrEqual + timeAggregation: Count + windowSize: PT5M + evaluationFrequency: PT5M + resourceIdColumn: _ResourceId + threshold: 1 + dimensions: + - name: HostPool + operator: Include + values: + - '*' + - name: ResourceGroup + operator: Include + values: + - '*' + - name: UserName + operator: Include + values: + - '*' + - name: ClientOS + operator: Include + values: + - '*' + - name: ClientVersion + operator: Include + values: + - '*' + - name: ClientSideIPAddress + operator: Include + values: + - '*' + - name: ConnectionType + operator: Include + values: + - '*' + - name: ErrorShort + operator: Include + values: + - '*' + - name: ErrorMessage + operator: Include + values: + - '*' + failingPeriods: + numberOfEvaluationPeriods: 1 + minFailingPeriodsToAlert: 1 + query: 'WVDConnections + + // | where UserName == "upn.here@contoso.com" + + | project-away TenantId,SourceSystem + + | summarize arg_max(TimeGenerated, *), StartTime = min(iff(State==''Started'', TimeGenerated , datetime(null) )), ConnectTime = min(iff(State==''Connected'', TimeGenerated , datetime(null) )) by CorrelationId + + | join kind=leftouter (WVDErrors + + |summarize Errors=make_list(pack(''Code'', Code, ''CodeSymbolic'', CodeSymbolic, ''Time'', TimeGenerated, ''Message'', Message ,''ServiceError'', ServiceError, ''Source'', Source)) by CorrelationId + + ) on CorrelationId + + | join kind=leftouter (WVDCheckpoints + + | summarize Checkpoints=make_list(pack(''Time'', TimeGenerated, ''Name'', Name, ''Parameters'', Parameters, ''Source'', Source)) by CorrelationId + + | mv-apply Checkpoints on ( + + order by todatetime(Checkpoints[''Time'']) asc + + | summarize Checkpoints=make_list(Checkpoints)) + + ) on CorrelationId + + | project-away CorrelationId1, CorrelationId2 + + | order by TimeGenerated desc + + | where TimeGenerated > ago(15m) + + | extend ResourceGroup=tostring(split(_ResourceId, ''/'')[4]) + + | extend HostPool=tostring(split(_ResourceId, ''/'')[8]) + + | where HostPool =~ ''xHostPoolNamex'' + + | extend ErrorShort=tostring(Errors[0].CodeSymbolic) + + | extend ErrorMessage=tostring(Errors[0].Message) + + | project TimeGenerated, HostPool, ResourceGroup, UserName, ClientOS, ClientVersion, ClientSideIPAddress, ConnectionType, ErrorShort, ErrorMessage' + autoMitigate: true + autoResolve: true + autoResolveTime: '0:30:00' + references: + deployments: + - name: AVD-HostPool + template: Deploy-AVD-HostPool-Alert.json + type: Policy + tags: + - alz + properties: + scope: Subscription + multiResource: false diff --git a/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json b/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json index b8e3d7171..f3878819c 100644 --- a/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json +++ b/services/KeyVault/vaults/Deploy-KV-Availability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy KeyVault Availability Alert", "description": "Policy to audit/deploy KeyVault Availability Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Key Vault", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json b/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json index 140ec928c..fc96986a0 100644 --- a/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json +++ b/services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy KeyVault Capacity Alert", "description": "Policy to audit/deploy KeyVault Capacity Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Key Vault", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json b/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json index d12294c78..c55b2814e 100644 --- a/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json +++ b/services/KeyVault/vaults/Deploy-KV-Latency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy KeyVault Latency Alert", "description": "Policy to audit/deploy KeyVault Latency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Key Vault", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json b/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json index 581de5a27..b74c2cb09 100644 --- a/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json +++ b/services/KeyVault/vaults/Deploy-KV-Requests-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy KeyVault Requests Alert", "description": "Policy to audit/deploy KeyVault Requests Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Key Vault", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json b/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json index f813e4476..682fd0b65 100644 --- a/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW ApplicationGatewayTotalTime Alert", "description": "Policy to audit/deploy Azure Application Gateway ApplicationGatewayTotalTime Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -136,6 +136,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json b/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json index 01a3ae3c0..64a264473 100644 --- a/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW BackendLastByteResponseTime Alert", "description": "Policy to audit/deploy Azure Application Gateway BackendLastByteResponseTime Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -136,6 +136,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json b/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json index e9f4bea00..9c7aa0b79 100644 --- a/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW CPU Utilization Alert", "description": "Policy to audit/deploy Azure Application Gateway CPU Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json b/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json index e8c68021f..8d414affb 100644 --- a/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW Capacity Units Alert", "description": "Policy to audit/deploy Azure Application Gateway CapacityUnits Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json b/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json index 43b4deefc..44c947f41 100644 --- a/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW Compute Units Alert", "description": "Policy to audit/deploy Azure Application Gateway ComputeUnits Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json b/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json index 41b07f40f..f4dd6d22b 100644 --- a/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW FailedRequests Alert", "description": "Policy to audit/deploy Azure Application Gateway FailedRequests Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -123,6 +123,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json b/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json index b443e2005..ebb21f531 100644 --- a/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW ResponseStatus Alert", "description": "Policy to audit/deploy Azure Application Gateway ResponseStatus Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -132,6 +132,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json b/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json index 0610a57e6..ff5aa99b8 100644 --- a/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json +++ b/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AGW Unhealthy Host Count Alert", "description": "Policy to audit/deploy Azure Application Gateway Unhealthy Host Count Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json b/services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json index c914d16b0..335f92f66 100644 --- a/services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json +++ b/services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AFW FirewallHealth Alert", "description": "Policy to audit/deploy Azure Firewall FirewallHealth Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json b/services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json index b3384e16d..cfedc6b91 100644 --- a/services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json +++ b/services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy AFW SNATPortUtilization Alert", "description": "Policy to audit/deploy Azure Firewall SNATPortUtilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/azureFirewalls/alerts.yaml b/services/Network/azureFirewalls/alerts.yaml index ee26291a0..55623814c 100644 --- a/services/Network/azureFirewalls/alerts.yaml +++ b/services/Network/azureFirewalls/alerts.yaml @@ -70,7 +70,7 @@ windowSize: PT5M evaluationFrequency: PT1M timeAggregation: Average - operator: LessThan + operator: GreaterThan threshold: 80 criterionType: StaticThresholdCriterion autoMitigate: false diff --git a/services/Network/bastionHosts/alerts.yaml b/services/Network/bastionHosts/alerts.yaml index 496c42f8d..c077b5e38 100644 --- a/services/Network/bastionHosts/alerts.yaml +++ b/services/Network/bastionHosts/alerts.yaml @@ -15,7 +15,7 @@ criterionType: StaticThresholdCriterion references: - name: Supported metrics for microsoft.network/bastionHosts - urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics - name: CPU Usage description: CPU Usage stats. type: Metric @@ -33,7 +33,7 @@ criterionType: StaticThresholdCriterion references: - name: Supported metrics for microsoft.network/bastionHosts - urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics - name: Memory Usage description: Memory Usage stats. type: Metric @@ -51,4 +51,4 @@ criterionType: StaticThresholdCriterion references: - name: Supported metrics for microsoft.network/bastionHosts - urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics diff --git a/services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json b/services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json index eb943d18d..1c91070a4 100644 --- a/services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json +++ b/services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ExpressRoute Circuits Arp Availability Alert", "description": "Policy to audit/deploy ExpressRoute Circuits Arp Availability Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json b/services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json index 42a99d008..5af9833d7 100644 --- a/services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json +++ b/services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ExpressRoute Circuits Bgp Availability Alert", "description": "Policy to audit/deploy ExpressRoute Circuits Bgp Availability Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json b/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json index 1b1ba940f..7236416d6 100644 --- a/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json +++ b/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert", "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json b/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json index 5a169ba5d..4ab54e895 100644 --- a/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json +++ b/services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert", "description": "Policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json b/services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json index b84c1fd37..b42e1471d 100644 --- a/services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json +++ b/services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ERG ExpressRoute Bits In Alert", "description": "Policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json b/services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json index 860143dc8..57467b2a6 100644 --- a/services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json +++ b/services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ERG ExpressRoute Bits Out Alert", "description": "Policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json b/services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json index ca17d34c1..37d2eb679 100644 --- a/services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json +++ b/services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ERG ExpressRoute CPU Utilization Alert", "description": "Policy to audit/deploy ER Gateway Express Route CPU Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-BitsInPerSecond-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-BitsInPerSecond-Alert.json index 25b9548c2..eee484fe5 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-BitsInPerSecond-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-BitsInPerSecond-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute Bits In Alert", "description": "Policy to audit/deploy ER Direct Connection BitsInPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-BitsOutPerSecond-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-BitsOutPerSecond-Alert.json index de6e4c914..50b7a4301 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-BitsOutPerSecond-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-BitsOutPerSecond-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute Bits Out Alert", "description": "Policy to audit/deploy ER Direct Connection BitsOutPerSecond Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-LineProtocol-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-LineProtocol-Alert.json index f3ca4c0e8..f3916de85 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-LineProtocol-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-LineProtocol-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute LineProtocol Alert", "description": "Policy to audit/deploy ER Direct LineProtocol Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelHigh-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelHigh-Alert.json index aadfd0ffd..6381e849b 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelHigh-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelHigh-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute RxLightLevel High Alert", "description": "Policy to audit/deploy ER Direct RxLightLevel High Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelLow-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelLow-Alert.json index 4e82b77c5..de3a8ade0 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelLow-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-RxLightLevelLow-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute RxLightLevel Low Alert", "description": "Policy to audit/deploy ER Direct RxLightLevel Low Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelHigh-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelHigh-Alert.json index 76d70491a..184bafc47 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelHigh-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelHigh-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute TxLightLevel High Alert", "description": "Policy to audit/deploy ER Direct TxLightLevel High Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelLow-Alert.json b/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelLow-Alert.json index 0bacbc56c..d0ec275b7 100644 --- a/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelLow-Alert.json +++ b/services/Network/expressRoutePorts/Deploy-ERP-TxLightLevelLow-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ER Direct ExpressRoute TxLightLevel Low Alert", "description": "Policy to audit/deploy ER Direct TxLightLevel Low Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/frontdoors/Deploy-FD-BackendHealth-Alert.json b/services/Network/frontdoors/Deploy-FD-BackendHealth-Alert.json index 07dc091e6..3318488c8 100644 --- a/services/Network/frontdoors/Deploy-FD-BackendHealth-Alert.json +++ b/services/Network/frontdoors/Deploy-FD-BackendHealth-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor Backend Health Percentage Alert", "description": "Policy to audit/deploy FrontDoor Backend Health Percentage Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/frontdoors/Deploy-FD-BackendRequestLatency-Alert.json b/services/Network/frontdoors/Deploy-FD-BackendRequestLatency-Alert.json index 91f8d35b5..a88f349f7 100644 --- a/services/Network/frontdoors/Deploy-FD-BackendRequestLatency-Alert.json +++ b/services/Network/frontdoors/Deploy-FD-BackendRequestLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Frontdoor Backend Request Latency Alert", "description": "Policy to audit/deploy Frontdoor Backend Request Latency Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json b/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json index 5e4411099..781c59307 100644 --- a/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json +++ b/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ALB Data Path Availability Alert", "description": "Policy to audit/deploy Azure Load Balancer Data Path Availability Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json b/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json index 430d726ce..5bf254ff0 100644 --- a/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json +++ b/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ALB Global Backend Availability Alert", "description": "Policy to audit/deploy Azure Load Balancer Global Backend Availability Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -135,6 +135,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json b/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json index 92caa818e..2f271824c 100644 --- a/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json +++ b/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ALB Health Probe Status Alert", "description": "Policy to audit/deploy Azure Load Balancer Health Probe Status Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -139,6 +139,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json b/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json index 7a7b5a814..2b32d62f8 100644 --- a/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json +++ b/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy ALB Used SNAT Ports Alert", "description": "Policy to audit/deploy Azure Load Balancer Used SNAT Ports Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json b/services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json index 67af85797..ee6c91666 100644 --- a/services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json +++ b/services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PDNSZ Capacity Utilization Alert", "description": "Policy to audit/deploy Private DNS Zone Capacity Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThanOrEqual" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json b/services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json index 2314996b1..e1c74ce8f 100644 --- a/services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json +++ b/services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PDNSZ Query Volume Alert", "description": "Policy to audit/deploy Private DNS Zone Query Volume Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThanOrEqual" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json b/services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json index 57886bdf1..1082e2f07 100644 --- a/services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json +++ b/services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PDNSZ Record Set Capacity Alert", "description": "Policy to audit/deploy Private DNS Zone Record Set Capacity Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThanOrEqual" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json b/services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json index 7f13f8d22..aa7c884d7 100644 --- a/services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json +++ b/services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PDNSZ Registration Capacity Utilization Alert", "description": "Policy to audit/deploy Private DNS Zone Registration Capacity Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThanOrEqual" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json b/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json index 227d339be..763ec7be5 100644 --- a/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json +++ b/services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PIP Bytes in DDoS Attack Alert", "description": "Policy to audit/deploy PIP Bytes in DDoS Attack Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json b/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json index 7e2ce5c14..cda28bcfd 100644 --- a/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json +++ b/services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PIP DDoS Attack Alert", "description": "Policy to audit/deploy PIP DDoS Attack Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json b/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json index 4a9d491bb..fe9563e0d 100644 --- a/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json +++ b/services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PIP Packets in DDoS Attack Alert", "description": "Policy to audit/deploy PIP Packets in DDoS Attack Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "GreaterThanOrEqual" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json b/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json index a415131df..006e75b61 100644 --- a/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json +++ b/services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy PIP VIP Availability Alert", "description": "Policy to audit/deploy PIP VIP Availability Alert", "metadata": { - "version": "1.0.2", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/trafficmanagerprofiles/Deploy-TM-EndpointHealth-Alert.json b/services/Network/trafficmanagerprofiles/Deploy-TM-EndpointHealth-Alert.json index e9c2303e9..33b2ceae7 100644 --- a/services/Network/trafficmanagerprofiles/Deploy-TM-EndpointHealth-Alert.json +++ b/services/Network/trafficmanagerprofiles/Deploy-TM-EndpointHealth-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Traffic Manager Endpoint Health Alert", "description": "Policy to audit/deploy FTraffic Manager Endpoint Health Health Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Networking", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json index 4740f0e9e..554b9087c 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Tunnel Bandwidth Alert", "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json index 5a421a4fb..60ad1c9e1 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG ExpressRoute Bits Per Second Alert", "description": "Policy to audit/deploy Virtual Network Gateway Express Route Bits Per Second Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json index 7e0f9c54e..b115e8703 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG ExpressRoute CPU Utilization Alert", "description": "Policy to audit/deploy Virtual Network Gateway Express Route CPU Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json index 12306147a..739fa0cb4 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Tunnel Egress Alert", "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropCount-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropCount-Alert.json index a95315603..49a92f9ac 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropCount-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropCount-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Egress Packet Drop Count Alert", "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -151,6 +151,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json index c6c05f610..5bdd9f8a7 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Egress Packet Drop Mismatch Alert", "description": "Policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -151,6 +151,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json index 7b2df5707..976c4150b 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Tunnel Ingress Alert", "description": "Policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -159,6 +159,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json index 9dd5cabbf..460c9b30c 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Ingress Packet Drop Count Alert", "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -151,6 +151,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json b/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json index 1065a3e92..b2097323f 100644 --- a/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json +++ b/services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNetG Ingress Packet Drop Mismatch Alert", "description": "Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -151,6 +151,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json b/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json index 84b96392b..ab3b661f5 100644 --- a/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json +++ b/services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VNet DDoS Attack Alert", "description": "Policy to audit/deploy Virtual Network DDoS Attack Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Maximum" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json index a22d7e81b..050211129 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG BGP Peer Status Alert", "description": "Policy to audit/deploy VPN Gateway BGP Peer Status Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Total" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json index 6d536fbe9..0f14de858 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Bandwidth Utilization Alert", "description": "Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json index 94676ec3b..a97980ef9 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Egress Alert", "description": "Policy to audit/deploy VPN Gateway Egress Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json index 0779147b2..193896d4e 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Egress Packet Drop Count Alert", "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json index 8d7638781..8bac1c5ce 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Egress Packet Drop Mismatch Alert", "description": "Policy to audit/deploy VPN Gateway Egress Packet Drop Mismatch Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json index dfab5ba01..f7ad8c88e 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Ingress Alert", "description": "Policy to audit/deploy VPN Gateway Ingress Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json index a5ec83b1a..7630eb103 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Ingress Packet Drop Count Alert", "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Count Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json b/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json index a52ff8772..0866f9bc3 100644 --- a/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json +++ b/services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy VPNG Ingress Packet Drop Mismatch Alert", "description": "Policy to audit/deploy VPN Gateway Ingress Packet Drop Mismatch Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Network", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json b/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json index 90ee8ad6f..f6048f9d7 100644 --- a/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json +++ b/services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy SA Availability Alert", "description": "Policy to audit/deploy SA Availability Alert", "metadata": { - "version": "1.0.2", + "version": "1.1.0", "category": "Storage", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -155,6 +155,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "LessThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Storage/storageAccounts/alerts.yaml b/services/Storage/storageAccounts/alerts.yaml index 08775143f..b5751bc74 100644 --- a/services/Storage/storageAccounts/alerts.yaml +++ b/services/Storage/storageAccounts/alerts.yaml @@ -19,7 +19,7 @@ evaluationFrequency: PT5M timeAggregation: Average operator: LessThan - threshold: 90 + threshold: 100 # JCore - Changed from 90 to 100 per customer feedback criterionType: StaticThresholdCriterion autoMitigate: false references: @@ -36,6 +36,54 @@ properties: scope: Resource multiResource: false +# JCore - Added based on AVD Alerts included this storage alert +- name: Throttling + description: + The storage account will be throttled if throughput exceeds the account's tier limit. Increasing the file share or storage tier may be necessary. + type: Metric + verified: false + visible: true + tags: + - alz + properties: + metricName: Transactions + dimensions: + - name: ResponseType + operator: Include + values: + - SuccessWithThrottling + SuccessWithShareIopsThrottling + ClientShareIopsThrottlingError + - name: FileShare + operator: Include + values: + - SuccessWithShareEgressThrottling + SuccessWithShareIngressThrottling + SuccessWithShareIopsThrottling + ClientShareEgressThrottlingError + ClientShareIngressThrottlingError + ClientShareIopsThrottlingError + metricNamespace: Microsoft.Storage/storageAccounts/fileServices + severity: 2 + windowSize: PT15M + evaluationFrequency: PT5M + timeAggregation: Total + operator: GreaterThanOrEqual + threshold: 1 + criterionType: StaticThresholdCriterion + autoMitigate: false + references: + - name: High latency, low throughput, or low IOPS + url: https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files-troubleshoot-performance?tabs=windows#high-latency-low-throughput-or-low-iops + deployments: + - name: Deploy SA Throttling Alert + template: Deploy-SA-Throttling-Alert.json + type: Policy + tags: + - alz + properties: + scope: Resource + multiResource: false #consider activity log alert for deletion of storage accounts to add to ALZ pattern #AUTO GENERATED ALERTS/THRESHOLDS - name: UsedCapacity @@ -89,13 +137,12 @@ criterionType: StaticThresholdCriterion threshold: 60000000.0 autoMitigate: false - #adding references - references: - - name: Transaction Metrics - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics + references: + - name: Transaction Metrics + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics - - name: Storage Account Metric Dimensions (all storage) - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#metrics-dimensions + - name: Storage Account Metric Dimensions (all storage) + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#metrics-dimensions - name: Ingress description: The amount of ingress data, in bytes. This number includes ingress @@ -117,12 +164,11 @@ criterionType: StaticThresholdCriterion threshold: 1073741824.0 autoMitigate: false - #adding references - references: - - name: Transaction Metrics - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics - - name: Storage Account Metric Dimensions (all storage) - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#metrics-dimensions + references: + - name: Transaction Metrics + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics + - name: Storage Account Metric Dimensions (all storage) + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#metrics-dimensions - name: BlobCapacity description: The amount of storage used by the storage account's Blob service in @@ -144,12 +190,12 @@ criterionType: StaticThresholdCriterion threshold: 107374182400.0 autoMitigate: false - references: - - name: Blob Storage Metrics - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#blob-storage + references: + - name: Blob Storage Metrics + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#blob-storage - - name: Storage Account Metric Dimensions (Blob Storage) - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#dimensions-specific-to-blob-storage + - name: Storage Account Metric Dimensions (Blob Storage) + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#dimensions-specific-to-blob-storage - name: SuccessE2ELatency description: The average end-to-end latency of successful requests made to a storage @@ -173,11 +219,11 @@ criterionType: StaticThresholdCriterion threshold: 1000.0 #going to be a threshold set by each cx, because of the difference in scenarios autoMitigate: false - references: - - name: Verify throughput and latency metrics for a storage account - url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-scalable-app-verify-metrics - - name: Troubleshoot performance in Azure storage accounts - url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-performance#metrics-show-high-successe2elatency-and-low-successserverlatency + references: + - name: Verify throughput and latency metrics for a storage account + url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-scalable-app-verify-metrics + - name: Troubleshoot performance in Azure storage accounts + url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-performance#metrics-show-high-successe2elatency-and-low-successserverlatency - name: BlobCount description: The number of blob objects stored in the storage account. type: Metric @@ -197,9 +243,9 @@ criterionType: StaticThresholdCriterion threshold: 0.0 autoMitigate: false - references: - - name: Monitor the use of a container - url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#monitor-the-use-of-a-container + references: + - name: Monitor the use of a container + url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#monitor-the-use-of-a-container - name: SuccessServerLatency description: The average time used to process a successful request by Azure Storage. @@ -221,13 +267,13 @@ criterionType: StaticThresholdCriterion threshold: 1000.0 autoMitigate: false - references: - - name: Trouble shoot performance in Azure storage accounts - url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-performance - - name: Verify throughput and latency metrics for a storage account - url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-scalable-app-verify-metrics - - name: Storage Transaction Metrics - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics + references: + - name: Trouble shoot performance in Azure storage accounts + url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-performance + - name: Verify throughput and latency metrics for a storage account + url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-scalable-app-verify-metrics + - name: Storage Transaction Metrics + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics #queue alerts, for ALZ we may want to revisit, but they may also be apart of another pattern [small patterns that are more modular, that can be coupled with ALZ pattern/ other patterns as they come] - name: QueueMessageCount description: The number of unexpired queue messages in the storage account. @@ -248,13 +294,13 @@ criterionType: StaticThresholdCriterion threshold: 1000.0 autoMitigate: false - references: - - name: Best practices for Azure Queue storage - url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell - - name: Queue Storage Metrics - url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics - - name: supported metrics for Microsoft.Storage/storageAccounts/queueServices - url: https://learn.microsoft.com/azure/azure-monitor/reference/supported-metrics/microsoft-storage-storageaccounts-queueservices-metrics + references: + - name: Best practices for Azure Queue storage + url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell + - name: Queue Storage Metrics + url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics + - name: supported metrics for Microsoft.Storage/storageAccounts/queueServices + url: https://learn.microsoft.com/azure/azure-monitor/reference/supported-metrics/microsoft-storage-storageaccounts-queueservices-metrics - name: QueueCapacity description: The amount of Queue storage used by the storage account. type: Metric @@ -274,11 +320,11 @@ criterionType: StaticThresholdCriterion threshold: 0.0 autoMitigate: false - references: - - name: Queue Storage Metrics - url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics - - name: Best practices for monitoring Azure Queue Storage - url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell + references: + - name: Queue Storage Metrics + url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics + - name: Best practices for monitoring Azure Queue Storage + url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell - name: QueueCount description: The number of queues in the storage account. type: Metric @@ -298,11 +344,11 @@ criterionType: StaticThresholdCriterion threshold: 0.0 autoMitigate: false - references: - - name: Queue Storage Metrics - url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics - - name: Best practices for monitoring Azure Queue Storage - url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell + references: + - name: Queue Storage Metrics + url: https://learn.microsoft.com/azure/storage/queues/monitor-queue-storage-reference#queue-storage-metrics + - name: Best practices for monitoring Azure Queue Storage + url: https://learn.microsoft.com/azure/storage/queues/queues-storage-monitoring-scenarios?tabs=azure-powershell - name: FileCapacity description: The amount of File storage used by the storage account. type: Metric @@ -322,9 +368,9 @@ criterionType: StaticThresholdCriterion threshold: 96636764160.0 autoMitigate: false - references: - - name: File Storage Metrics - url: https://learn.microsoft.com/azure/storage/files/storage-files-monitoring-scenarios#file-storage-metrics + references: + - name: File Storage Metrics + url: https://learn.microsoft.com/azure/storage/files/storage-files-monitoring-scenarios#file-storage-metrics - name: Transactions description: The number of requests made to a storage service or the specified API @@ -357,13 +403,13 @@ - anonymous threshold: 10.0 autoMitigate: false - references: - - name: Identify storage accounts with no or low use - url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#identify-storage-accounts-with-no-or-low-use - - name: Monitor the use of a container - url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#monitor-the-use-of-a-container - - name: Storage Transaction Metrics - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics + references: + - name: Identify storage accounts with no or low use + url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#identify-storage-accounts-with-no-or-low-use + - name: Monitor the use of a container + url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#monitor-the-use-of-a-container + - name: Storage Transaction Metrics + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage-reference#transaction-metrics - name: FileShareSnapshotCount description: The number of snapshots present on the share in storage account's Files @@ -385,10 +431,9 @@ criterionType: StaticThresholdCriterion threshold: 190.0 autoMitigate: false - #adding references - references: - - name: Azure Files monitoring data reference - url: https://learn.microsoft.com/azure/storage/files/storage-files-monitoring-reference#azure-files + references: + - name: Azure Files monitoring data reference + url: https://learn.microsoft.com/azure/storage/files/storage-files-monitoring-reference#azure-files - name: Availability (File Servers) description: The percentage of availability for the storage service or the specified @@ -413,11 +458,10 @@ criterionType: StaticThresholdCriterion threshold: 99.9 autoMitigate: false - #adding references - references: - - name: Monitoring Availability - url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-availability#monitoring-availability - - name: Troubleshoott availability issues in storage accounts + references: + - name: Monitoring Availability + url: https://learn.microsoft.com/troubleshoot/azure/azure-storage/troubleshoot-storage-availability#monitoring-availability + - name: Troubleshoott availability issues in storage accounts - name: FileShareCount description: The number of file shares in the storage account. type: Metric diff --git a/services/Web/serverFarms/Deploy-WSF-CPUPercentage-Alert.json b/services/Web/serverFarms/Deploy-WSF-CPUPercentage-Alert.json index ce061a26a..d0970eb04 100644 --- a/services/Web/serverFarms/Deploy-WSF-CPUPercentage-Alert.json +++ b/services/Web/serverFarms/Deploy-WSF-CPUPercentage-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy App Service Plan CPU Percentage Alert", "description": "Policy to audit/deploy App Service Plan CPU Percentage Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Web Services", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/Web/serverFarms/Deploy-WSF-DiskQueueLength-Alert.json b/services/Web/serverFarms/Deploy-WSF-DiskQueueLength-Alert.json index 91432e1fb..25df27871 100644 --- a/services/Web/serverFarms/Deploy-WSF-DiskQueueLength-Alert.json +++ b/services/Web/serverFarms/Deploy-WSF-DiskQueueLength-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy App Service Plan Disk Queue Length Alert", "description": "Policy to audit/deploy App Service Plan Disk Queue Length Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Web Services", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Web/serverFarms/Deploy-WSF-HttpQueueLength-Alert.json b/services/Web/serverFarms/Deploy-WSF-HttpQueueLength-Alert.json index b4aa30ca4..4db109eae 100644 --- a/services/Web/serverFarms/Deploy-WSF-HttpQueueLength-Alert.json +++ b/services/Web/serverFarms/Deploy-WSF-HttpQueueLength-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy App Service Plan Http Queue Length Alert", "description": "Policy to audit/deploy App Service Plan Http Queue Length Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "category": "Web Services", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -147,6 +147,42 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "Medium" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": 2 + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": 2 } ] }, diff --git a/services/Web/serverFarms/Deploy-WSF-MemoryPercentage-Alert.json b/services/Web/serverFarms/Deploy-WSF-MemoryPercentage-Alert.json index 246525fa0..6250eeecd 100644 --- a/services/Web/serverFarms/Deploy-WSF-MemoryPercentage-Alert.json +++ b/services/Web/serverFarms/Deploy-WSF-MemoryPercentage-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy App Service Plan Memory Percentage Alert", "description": "Policy to audit/deploy App Service Plan Memory Percentage Alert", "metadata": { - "version": "1.0.1", + "version": "1.1.0", "Category": "Web Services", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "_deployed_by_amba": "True" @@ -131,6 +131,34 @@ { "field": "Microsoft.Insights/metricAlerts/enabled", "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "Average" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "GreaterThan" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[parameters('threshold')]" } ] }, diff --git a/services/_index.md b/services/_index.md index c58e2c9f0..c41a12867 100644 --- a/services/_index.md +++ b/services/_index.md @@ -1,5 +1,5 @@ --- -title: Services +title: Azure Resources weight: 5 geekdocCollapseSection: true --- diff --git a/tooling/export-alerts/alerts-template.xlsx b/tooling/export-alerts/alerts-template.xlsx index 6a855a19e..87da4cd53 100644 Binary files a/tooling/export-alerts/alerts-template.xlsx and b/tooling/export-alerts/alerts-template.xlsx differ diff --git a/tooling/export-alerts/export-alerts.py b/tooling/export-alerts/export-alerts.py index 685b333b0..af6fa8f03 100644 --- a/tooling/export-alerts/export-alerts.py +++ b/tooling/export-alerts/export-alerts.py @@ -68,7 +68,7 @@ def findColumn(ws, colName, headerRow=1): # Find the column for the property col = 0 for cell in ws[1]: - if cell.value == colName: + if cell.value.lower() == colName.lower(): col = cell.column break @@ -77,29 +77,50 @@ def findColumn(ws, colName, headerRow=1): def addAlertToSheet(alert, ws, headerRow=1): + # Add general alert paramters + for key in alert: + col = findColumn(ws, key, headerRow) + if col > 0: + value = '' + + if key == 'tags': + value = ', '.join(alert[key]) + elif key == 'references': + references = alert['references'] + urls = [] + + if references: + for ref in references: + if 'url' in ref: + urls.append(ref['url']) + else: + print ('No URL in reference: ' + ref['name']) + else: + print ('No references in alert: ' + alert['name']) + + value = '\n'.join(urls) + elif type(alert[key]) is str or type(alert[key]) is int or type(alert[key]) is bool: + value = alert[key] + + if value != '': + ws.cell(row=ws.max_row, column=col).value = value + + # Add the properties properties = alert['properties'] - for key in properties: col = findColumn(ws, key, headerRow) if col > 0: + value = '' + # Add the value to the cell if type(properties[key]) is str: - ws.cell(row=ws.max_row, column=col).value = properties[key] + value = properties[key] else: - ws.cell(row=ws.max_row, column=col).value = json.dumps(properties[key]) + value = ws.cell(row=ws.max_row, column=col).value = json.dumps(properties[key]) - - col = findColumn(ws, 'references', headerRow) - - if col > 0: - if 'references' in alert: - references = alert['references'] - urls = [] - for ref in references: - urls.append(ref['url']) - - ws.cell(row=ws.max_row, column=col).value = '\n'.join(urls) + if value != '': + ws.cell(row=ws.max_row, column=col).value = value def exportToXls(data, templateFile, outputFile): wb = load_workbook(templateFile) @@ -115,15 +136,20 @@ def exportToXls(data, templateFile, outputFile): for category in data: for type in data[category]: for alert in data[category][type]: + columnsToAdd = [ + category, + type + ] + match alert['type'].lower(): case 'metric': - wsMetric.append([category, type, alert['name'], alert['description']]) + wsMetric.append(columnsToAdd) addAlertToSheet(alert, wsMetric) case 'log': - wsLog.append([category, type, alert['name'], alert['description']]) + wsLog.append(columnsToAdd) addAlertToSheet(alert, wsLog) case 'activitylog': - wsActivity.append([category, type, alert['name'], alert['description']]) + wsActivity.append(columnsToAdd) addAlertToSheet(alert, wsActivity) case _: print('Unknown alert type: ' + alert['type'])