Search for Alerting Rule: Microsoft Azure Tokens
Use the search tokens below that we provide during rule creation wizard.
subscriptionNamesubscriptionName
Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.
Example
Show connectors with this subscription name
subscriptionName: Sample Cloud Subscription
Use a text value ##### to find Azure connectos based on the unique subscription ID associated with the connector at the time of creation.
Example
Show connectors with this subscription ID
subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Select the region code from the drop-down menu. The drop-down menu options contains region code. For example, the region code for Singapore is ap-southeast-1. For the complete mapping of region code to region, view Azure Region Mapping.
Example
Find resources in the ap-southeast-1 (Singapore) region
region: ap-southeast-1
Select the type of service you're interested in. Select from names in the drop-down menu. The drop-down menu options contains service type code. For example, the service code for Azure Active Directory is AZURE_AD. For the complete mapping of service type code to service type Azure Service Type Mapping.
Example
Show service type Azure Active Directory
service.type: AZURE_AD
Select the type of resource you're interested in. Select from names in the drop-down menu. The drop-down menu options contains of resource type code. For example, the service code for Network Security Group is NETWORK_SECURITY_GROUP. For the complete mapping of resource type code to resource type, view Azure Resource Type Mapping.
Example
Show resources of type Network Security Group
resource.type: NETWORK_SECURITY_GROUP
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
resource.id: acl-8e5198f5
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use control result value (FAIL) to view controls with specific result.
Example
Show controls that failed
control.result: FAIL
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use a date range or specific date to define when the resource was evaluated on.
Examples
Show resources discovered within certain dates
evaluatedOn: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
evaluatedOn: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
evaluatedOn: [now-2w ... now-1s]
Show resources discovered on specific date
evaluatedOn: 2018-01-08
Use a date range or specific date to define when the resource was last evaluated on.
Examples
Show resources last evaluated within certain dates
lastEvaluated: [2018-01-01 ... 2018-03-01]
Show resources last evaluated starting 2018-10-01, ending 1 month ago
lastEvaluated: [2018-01-01 ... now-1m]
Show resources last evaluated starting 2 weeks ago, ending 1 second ago
lastEvaluated: [now-2w ... now-1s]
Show resources last evaluated on specific date
lastEvaluated: 2018-01-08
Use a date range or specific date to define when the resource was first discovered and evaluated.
Examples
Show resources first evaluated within certain dates
firstEvaluated: [2018-01-01 ... 2018-03-01]
Show resources first evaluated starting 2018-10-01, ending 1 month ago
firstEvaluated: [2018-01-01 ... now-1m]
Show resources first evaluated starting 2 weeks ago, ending 1 second ago
firstEvaluated: [now-2w ... now-1s]
Show resources first evaluated on specific date
firstEvaluated: 2018-01-08
Use values within quotes to find a CIS or AWS policy by name.
Examples
Show findings with this name
policy.name: CIS Amazon Web Services Foundations Benchmark
Show any findings that contain parts of name
policy.name: "CIS Amazon Web Services Foundations Benchmark"
Microsoft Azure Region Mapping
|
Code |
Region Name |
|
eastasia |
Hong Kong |
|
southeastasia |
Singapore |
|
centralus |
Iowa |
|
eastus |
Virginia |
|
eastus2 |
Virginia 2 |
|
westus |
California |
|
northcentralus |
Illinois |
|
southcentralus |
Texas |
|
northeurope |
Ireland |
|
westeurope |
Netherlands |
|
japaneast |
Tokyo Saitama |
|
japanwest |
Osaka |
|
brazilsouth |
Sao Paulo State |
|
australiaeast |
New South Wales |
|
australiasoutheast |
Victoria |
|
southindia |
Chennai |
|
centralindia |
Pune |
|
westindia |
Mumbai |
|
canadacentral |
Toronto |
|
canadaeast |
Quebec City |
|
uksouth |
London |
|
ukwest |
Cardiff |
|
westcentralus |
Wyoming |
|
westus2 |
Washington |
|
koreacentral |
Seoul |
|
koreasouth |
Busan |
|
francecentral |
Paris |
|
francesouth |
Marseille |
|
australiacentral |
Canberra |
|
australiacentral2 |
Canberra 2 |
|
uaecentral |
UAE Central |
|
uaenorth |
UAE North |
|
southafricanorth |
Johannesburg |
|
southafricawest |
Cape Town |
|
switzerlandnorth |
Switzerland North |
|
switzerlandwest |
Switzerland West |
|
germanynorth |
Germany North |
|
germanywestcentral |
Germany West Central |
|
norwaywest |
Norway West |
|
norwayeast |
Norway East |
|
usgovvirginia |
US Gov Virginia |
|
usgoviowa |
US Gov Iowa |
|
usgovarizona |
US Gov Arizona |
|
usgovtexas |
US Gov Texas |
|
usdodeast |
US DoD East |
|
usdodcentral |
US DoD Central |
|
chinaeast |
Shanghai |
|
chinanorth |
Beijing |
|
germanycentral |
Frankfurt |
|
germanynortheast |
Magdeburg |
Microsoft Azure Service Type Mapping
|
Code |
Service Type |
|
VIRTUAL_MACHINE |
Virtual Machines |
|
VIRTUAL_NETWORK |
Virtual Networks |
|
RESOURCE_GROUP |
Resource Groups |
|
NETWORK_SECURITY_GROUP |
Network Security Groups |
|
SQL_SERVER_DATABASE |
SQL Server Databases |
|
SQL_SERVER |
SQL Servers |
|
SECURITY_CENTER |
Security Center |
|
STORAGE_ACCOUNT |
Storage Account |
|
MONITOR |
Monitor |
|
KEY_VAULT |
Key Vault |
|
PSQL_SERVER |
PostgreSQL server |
|
LOCKS |
Locks |
|
APP_SERVICE |
App Service |
|
AZURE_AD |
Azure Active Directory |
|
NETWORK_WATCHER |
Network Watcher |
|
MYSQL_SERVER |
MySQL server |
|
ACTIVITY_LOG |
Activity Log |
|
SNAPSHOT |
Snapshot |
|
KUBERNETES_SERVICE |
Kubernetes Service |
|
APPLICATION_GATEWAYS |
Application Gateways |
|
LOAD_BALANCER |
Load Balancer |
|
CONTAINER_REGISTRY |
Container Registry |
|
MARIADB_SERVER |
MariaDB server |
|
AZURE_SQL |
Azure SQL |
|
COSMOS_DB |
Cosmos DB |
|
DISK |
Disk |
Microsoft Azure Resource Mapping
|
Code |
Resource Type |
|
NETWORK_SECURITY_GROUP |
Network Security Group |
|
SQL_SERVER |
SQL Server |
|
SQL_SERVER_DATABASE |
SQL Server Database |
|
VIRTUAL_MACHINE |
Virtual Machine |
|
RESOURCE_GROUP |
Resource Group |
|
VIRTUAL_NETWORK |
Virtual Network |
|
SECURITY_POLICY |
Security Policy |
|
STORAGE_ACCOUNT |
Storage Account |
|
STORAGE_CONTAINER |
Storage Container |
|
ACTIVITY_LOG |
Activity Log |
|
DISK |
Disk |
|
KEY_VAULT |
Key Vault |
|
KEY |
Key |
|
SECRET |
Secret |
|
WEB_APP |
Web App |
|
FUNCTION_APP |
Function App |
|
APP_SERVICE_PLAN |
App Service Plan |
|
APPLICATION_GATEWAYS |
Application Gateways |
|
LOAD_BALANCER |
Load Balancer |
|
CONTAINER_REGISTRY |
Container Registry |
|
MARIADB_SERVER |
MariaDB server |
|
VIRTUAL_NETWORK_SUBNET |
Virtual Network Subnet |
|
VIRTUAL_NETWORK_PEERING |
Virtual Network Peering |
|
NETWORK_SECURITY_GROUP_FLOW_LOG |
NSG Flow Log |
|
COSMOS_DB |
Cosmos DB |