From 4c11aef803430042ad32c770374f64e135af3ed4 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 10:13:57 -0400 Subject: [PATCH 1/6] update added for auto-upgrade extensions --- checklists/azure_arc_checklist.en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index d6b7511c3..2fe655798 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -184,6 +184,7 @@ "description": "Use automatic upgrades where available and define an update strategy for all extensions not supporting automatic upgrades.", "guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d", "severity": "High", + "graph": "resources | where type == 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal" }, { From 194a0dca67d850e0b672b764bd818c14d482aaa9 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 11:33:13 -0400 Subject: [PATCH 2/6] ARG for monitoring on arc machines --- checklists/azure_arc_checklist.en.json | 1 + 1 file changed, 1 insertion(+) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index 2fe655798..e56004738 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -213,6 +213,7 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", + "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project arcMachineId = id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.arcMachineId == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project arcMachineId, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, { From 1f45dd5936df99cefb79ec32cd8667f3d25b84e1 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 11:35:14 -0400 Subject: [PATCH 3/6] ready for PR --- checklists/azure_arc_checklist.en.json | 1 - 1 file changed, 1 deletion(-) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index e56004738..cab9ab6e5 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -184,7 +184,6 @@ "description": "Use automatic upgrades where available and define an update strategy for all extensions not supporting automatic upgrades.", "guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d", "severity": "High", - "graph": "resources | where type == 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal" }, { From 6f7041268af9486c1efdfe505c291589e8790e6a Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 11:53:03 -0400 Subject: [PATCH 4/6] update to column name --- checklists/azure_arc_checklist.en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index cab9ab6e5..1ebac7ee9 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -212,7 +212,7 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", - "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project arcMachineId = id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.arcMachineId == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project arcMachineId, compliant", + "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project id, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, { From 97067ec439458fef172152225f131a878aa23ac3 Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 17 Sep 2024 12:12:31 -0400 Subject: [PATCH 5/6] update with Saul's recommendation --- checklists/azure_arc_checklist.en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index 1ebac7ee9..a66f9e92f 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -212,7 +212,7 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", - "graph": "resources | where type == 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project id, compliant", + "graph": "resources | where type =~ 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project id, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, { From deaf7f80b17fc0f9f508ef4072d8a1b7f99afdda Mon Sep 17 00:00:00 2001 From: Denver Reed Date: Tue, 24 Sep 2024 18:23:07 -0400 Subject: [PATCH 6/6] change to isnotempty --- checklists/azure_arc_checklist.en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checklists/azure_arc_checklist.en.json b/checklists/azure_arc_checklist.en.json index a66f9e92f..fc1219316 100644 --- a/checklists/azure_arc_checklist.en.json +++ b/checklists/azure_arc_checklist.en.json @@ -212,7 +212,7 @@ "text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace", "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "severity": "Medium", - "graph": "resources | where type =~ 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = iif(extensionMachineId == '', 'No', 'Yes') | project id, compliant", + "graph": "resources | where type =~ 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = isnotempty(extensionMachineId) | project id, compliant", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected" }, {