Bryanzab/update references

services/Automation/automationAccounts/alerts.yaml

@@ -20,6 +20,9 @@
         operator: Exclude
         values:
         - Completed
+  references:
+  - name: Azure Automation Azure Monitor Metrics
+    url: https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftautomationautomationaccounts
   deployments:
   - description: Policy to audit/deploy Automation Account TotalJob Alert
     template: Deploy-AA-TotalJob-Alert.json

services/KeyVault/vaults/alerts.yaml

@@ -35,6 +35,13 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitoring KeyVault Reference
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference
+  - name: Monitoring Microsoft.KeyVault/vaults
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault
+  - name: KeyVault Insights Overview
+    url: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/key-vault-insights-overview
   deployments:
   - description: Policy to audit/deploy KeyVault Availability Alert
     template: Deploy-KV-Availability-Alert.json
@@ -55,6 +62,13 @@
     operator: GreaterThan
     threshold: 75
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitoring KeyVault Reference
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference
+  - name: Monitoring Microsoft.KeyVault/vaults
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault
+  - name: KeyVault Insights Overview
+    url: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/key-vault-insights-overview
   deployments:
   - description: Policy to audit/deploy KeyVault Capacity Alert
     template: Deploy-KV-Capacity-Alert.json
@@ -75,6 +89,13 @@
     operator: GreaterThan
     threshold: 1000
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitoring KeyVault Reference
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference
+  - name: Monitoring Microsoft.KeyVault/vaults
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault
+  - name: KeyVault Insights Overview
+    url: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/key-vault-insights-overview
   deployments:
   - description: Policy to audit/deploy KeyVault Latency Alert
     template: Deploy-KV-Latency-Alert.json
@@ -98,6 +119,13 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+  - name: Monitoring KeyVault Reference
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault-reference
+  - name: Monitoring Microsoft.KeyVault/vaults
+    url: https://docs.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault
+  - name: KeyVault Insights Overview
+    url: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/key-vault-insights-overview
   deployments:
   - description: Policy to audit/deploy KeyVault Requests Alert
     template: Deploy-KV-Requests-Alert.json

services/Network/azureFirewalls/alerts.yaml

@@ -35,6 +35,9 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Overview of Azure Firewall logs and metrics
+      url: https://docs.microsoft.com/en-us/azure/firewall/logs-and-metrics#metrics
   deployments:
   - description: Policy to audit/deploy Azure Firewall FirewallHealth Alert
     template: Deploy-AFW-FirewallHealth-Alert.json
@@ -55,6 +58,9 @@
     operator: LessThan
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Overview of Azure Firewall logs and metrics
+      url: https://docs.microsoft.com/en-us/azure/firewall/logs-and-metrics#metrics
   deployments:
   - description: Policy to audit/deploy Azure Firewall SNATPortUtilization Alert
     template: Deploy-AFW-SNATPortUtilization-Alert.json

services/Network/expressRouteCircuits/alerts.yaml

@@ -15,6 +15,11 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Monitor ExpressRoute Alerts
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#alerts
+    - name: ExpressRoute KQL Queries
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#sample-kusto-queries
   deployments:
   - description: Policy to audit/deploy ExpressRoute Circuits ARP Availability Alert
     template: Deploy-ERCIR-ARPAvailability-Alert.json
@@ -35,6 +40,11 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Monitor ExpressRoute Alerts
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#alerts
+    - name: ExpressRoute KQL Queries
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#sample-kusto-queries
   deployments:
   - description: Policy to audit/deploy ExpressRoute Circuits BGP Availability Alert
     template: Deploy-ERCIR-BGPAvailability-Alert.json
@@ -58,6 +68,11 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Monitor ExpressRoute Alerts
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#alerts
+    - name: ExpressRoute KQL Queries
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#sample-kusto-queries
   deployments:
   - description: Policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond
       Alert
@@ -82,6 +97,11 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Monitor ExpressRoute Alerts
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#alerts
+    - name: ExpressRoute KQL Queries
+      url: https://docs.microsoft.com/en-us/azure/expressroute/monitor-expressroute#sample-kusto-queries
   deployments:
   - description: Policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond
       Alert

services/Network/expressRouteGateways/alerts.yaml

@@ -15,6 +15,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: ExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
+      url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways
   deployments:
   - description: Policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert
     template: Deploy-ERG-BitsInPerSecond-Alert.json
@@ -35,6 +38,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: ExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
+      url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways
   deployments:
   - description: Policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert
     template: Deploy-ERG-BitsOutPerSecond-Alert.json
@@ -55,6 +61,9 @@
     operator: GreaterThan
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+    - name: ExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
+      url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways
   deployments:
   - description: Policy to audit/deploy ER Gateway Express Route CPU Utilization Alert
     template: Deploy-ERG-CPUUtilization-Alert.json

services/Network/loadBalancers/alerts.yaml

@@ -15,6 +15,13 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Azure Monitor supported metrics by resource type - Azure Load Balancer
+      url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-loadbalancers-metrics
+    - name: Azure Load Balancer Multi-Demensional-Metrics
+      url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics#multi-dimensional-metrics
+    - name: Is The Data Path Up and Available for My Load-Balancer
+      url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics#is-the-data-path-up-and-available-for-my-load-balancer-frontend
   deployments:
   - description: Policy to audit/deploy Azure Load Balancer Data Path Availability
       Alert
@@ -36,6 +43,9 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Azure Monitor supported metrics by resource type - Azure Load Balancer
+      url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-loadbalancers-metrics
   deployments:
   - description: Policy to audit/deploy Azure Load Balancer Global Backend Availability
       Alert
@@ -57,6 +67,11 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Azure Monitor supported metrics by resource type - Azure Load Balancer
+      url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-loadbalancers-metrics
+    - name: Are Backend Instances for my Load-Balancer Responding to Probes
+      url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics#are-the-backend-instances-for-my-load-balancer-responding-to-probes
   deployments:
   - description: Policy to audit/deploy Azure Load Balancer Health Probe Status Alert
     template: Deploy-LB-HealthProbeStatus-Alert.json
@@ -77,6 +92,13 @@
     operator: GreaterThan
     threshold: 900
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Azure Monitor supported metrics by resource type - Azure Load Balancer
+      url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-loadbalancers-metrics
+    - name: Load-Balancer Alerts
+      url: https://learn.microsoft.com/en-us/azure/load-balancer/monitor-load-balancer#alerts
+    - name: Check My SNAT Port Usage and Allocation
+      url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics#how-do-i-check-my-snat-port-usage-and-allocation
   deployments:
   - description: Policy to audit/deploy Azure Load Balancer Used SNAT Ports Alert
     template: Deploy-LB-UsedSNATPorts-Alert.json

services/Network/privateDnsZones/alerts.yaml

@@ -16,6 +16,9 @@
     operator: GreaterThanOrEqual
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Private DNS Alert Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-privatednszones-metrics
   deployments:
   - description: Policy to audit/deploy Private DNS Zone Capacity Utilization Alert
     template: Deploy-PDNSZ-CapacityUtilization-Alert.json
@@ -36,6 +39,9 @@
     operator: GreaterThanOrEqual
     threshold: 500
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Private DNS Alert Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-privatednszones-metrics
   deployments:
   - description: Policy to audit/deploy Private DNS Zone Query Volume Alert
     template: Deploy-PDNSZ-QueryVolume-Alert.json
@@ -56,6 +62,9 @@
     operator: GreaterThanOrEqual
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Private DNS Alert Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-privatednszones-metrics
   deployments:
   - description: Policy to audit/deploy Private DNS Zone Record Set Capacity Alert
     template: Deploy-PDNSZ-RecordSetCapacity-Alert.json
@@ -77,6 +86,9 @@
     operator: GreaterThanOrEqual
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Private DNS Alert Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-privatednszones-metrics
   deployments:
   - description: Policy to audit/deploy Private DNS Zone Registration Capacity Utilization
       Alert

services/Network/publicIPAddresses/alerts.yaml

@@ -15,6 +15,11 @@
     operator: GreaterThan
     threshold: 8000000
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitor Public IP Addresses
+    url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts
+  - name: Public IP Addresses Supported Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses
   deployments:
   - description: Policy to audit/deploy PIP Bytes in DDoS Attack Alert
     template: Deploy-PIP-BytesInDDOSAttack-Alert.json
@@ -35,6 +40,11 @@
     operator: GreaterThan
     threshold: 0
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitor Public IP Addresses
+    url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts
+  - name: Public IP Addresses Supported Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses
   deployments:
   - description: Policy to audit/deploy PIP DDoS Attack Alert
     template: Deploy-PIP-DDOSAttack-Alert.json
@@ -55,6 +65,11 @@
     operator: GreaterThanOrEqual
     threshold: 40000
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitor Public IP Addresses
+    url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts
+  - name: Public IP Addresses Supported Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses
   deployments:
   - description: Policy to audit/deploy PIP Packets in DDoS Attack Alert
     template: Deploy-PIP-PacketsInDDOS-Alert.json
@@ -75,6 +90,11 @@
     operator: LessThan
     threshold: 90
     criterionType: StaticThresholdCriterion
+  references:
+  - name: Monitor Public IP Addresses
+    url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts
+  - name: Public IP Addresses Supported Metrics
+    url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses
   deployments:
   - description: Policy to audit/deploy PIP VIP Availability Alert
     template: Deploy-PIP-VIPAvailability-Alert.json

services/Network/virtualNetworkGateways/alerts.yaml

@@ -15,6 +15,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert
     template: Deploy-VNETG-BandwidthUtilization-Alert.json
@@ -35,6 +38,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert
     template: Deploy-VNETG-Egress-Alert.json
@@ -58,6 +64,9 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert
     template: Deploy-VNETG-EgressPacketDropCount-Alert.json
@@ -81,6 +90,9 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert
     template: Deploy-VNETG-EgressPacketDropMismatch-Alert.json
@@ -101,6 +113,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Virtual Network Gateway Express Route Bits
       Per Second Alert
@@ -122,6 +137,9 @@
     operator: GreaterThan
     threshold: 80
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Virtual Network Gateway Express Route CPU
       Utilization
@@ -143,6 +161,9 @@
     operator: LessThan
     threshold: 1
     criterionType: StaticThresholdCriterion
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert
     template: Deploy-VNETG-Ingress-Alert.json
@@ -166,6 +187,9 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert
     template: Deploy-VNETG-IngressPacketDropCount-Alert.json
@@ -189,6 +213,9 @@
     failingPeriods:
       numberOfEvaluationPeriods: 4
       minFailingPeriodsToAlert: 4
+  references:
+    - name: Supported metrics for microsoft.network/virtualnetworkgateways
+      url:  https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworkgateways-metrics
   deployments:
   - description: Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch
       Alert