Azure security center ARM模板为所有资源启用标准计划
我可以在ARM模板中选择定价层,但这只会将定价层设置为标准并覆盖虚拟机。不过,我希望SQL Server和应用程序服务也包括在内。我需要在我的模板中添加什么?由于某些原因,我没有让Kathrines模板工作,所以我制作了非常简单的模板,可以工作Azure security center ARM模板为所有资源启用标准计划,azure,Azure,我可以在ARM模板中选择定价层,但这只会将定价层设置为标准并覆盖虚拟机。不过,我希望SQL Server和应用程序服务也包括在内。我需要在我的模板中添加什么?由于某些原因,我没有让Kathrines模板工作,所以我制作了非常简单的模板,可以工作 { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"pricingTierVMs": {
"type": "string",
"allowedValues": [
"Standard",
"Free"
],
"defaultValue": "Standard",
"metadata": {
"description": "Specify the Azure Security Center pricing tier for VMs"
}
},
"pricingTierSqlServers": {
"type": "string",
"allowedValues": [
"Standard",
"Free"
],
"defaultValue": "Standard",
"metadata": {
"description": "Specify the Azure Security Center pricing tier for SQL Servers"
}
},
"pricingTierAppServices": {
"type": "string",
"allowedValues": [
"Standard",
"Free"
],
"defaultValue": "Standard",
"metadata": {
"description": "Specify the Azure Security Center pricing tier for App Services"
}
},
"autoProvisioning":{
"type": "string",
"allowedValues": [
"On",
"Off"
],
"defaultValue": "On",
"metadata": {
"description": "Turn automatic deployment by ASC of the MMA (OMS VM extension) on or off"
}
},
"workspaceName": {
"type": "string",
"metadata": {
"description": "Specify the name of your custom Log Analytics workspace to collect ASC data."
}
},
"workspaceSubscriptionId": {
"type": "string",
"metadata": {
"description": "Specify the subscriptionId where the custom Log Analytics workspace is deployed."
}
},
"workspaceResourceGroup": {
"type": "string",
"metadata": {
"description": "Specify the resource group where the custom Log Analytics workspace is deployed."
}
},
"emailSecurityContact":{
"type": "string",
"metadata": {
"description": "email address of the contact, in the form of john@doe.com"
}
},
"phoneSecurityContact":{
"type": "string",
"metadata": {
"description": "phone number of the Security Contact"
}
},
"alertNotifications":{
"type": "string",
"allowedValues": [
"On",
"Off"
],
"defaultValue": "On",
"metadata": {
"description": "Send alert notifications to Security Contact"
}
},
"alertsToAdmin":{
"type": "string",
"allowedValues": [
"On",
"Off"
],
"defaultValue": "On",
"metadata": {
"description": "Send alert notifications to Admins"
}
}
},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "VirtualMachines",
"properties": {
"pricingTier": "[parameters('pricingTierVMs')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "SqlServers",
"properties": {
"pricingTier": "[parameters('pricingTierSqlServers')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "AppServices",
"properties": {
"pricingTier": "[parameters('pricingTierAppServices')]"
}
},
{
"type": "Microsoft.Security/autoProvisioningSettings",
"name": "default",
"apiVersion": "2017-08-01-preview",
"properties":{
"autoProvision": "[parameters('autoProvisioning')]"
}
},
{
"type": "Microsoft.Security/workspaceSettings",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
"workspaceId": "[concat('/subscriptions/', parameters('workspaceSubscriptionId'), '/resourceGroups/', parameters('workspaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]",
"scope": "[subscription().id]"
}
},
{
"type": "Microsoft.Security/",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
}
},
{
"type": "Microsoft.Security/securityContacts",
"name": "default1",
"apiVersion": "2017-08-01-preview",
"properties":{
"email": "[parameters('emailSecurityContact')]",
"phone": "[parameters('phoneSecurityContact')]",
"alertNotifications": "[parameters('alertNotifications')]",
"alertsToAdmins": "[parameters('alertsToAdmin')]"
}
}
],
"outputs": {}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"pricing": {
"type": "string",
"allowedValues": [
"Standard",
"Free"
]
}
},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
"pricingTier": "[parameters('pricing')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "SqlServers",
"dependsOn": [
"[concat('Microsoft.Security/pricings/default')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "AppServices",
"dependsOn": [
"[concat('Microsoft.Security/pricings/SqlServers')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "VirtualMachines",
"dependsOn": [
"[concat('Microsoft.Security/pricings/AppServices')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
]
}这是一个更新的完整模板,用于在现有日志分析工作区上部署Security Center,该工作区将启用新的(包括预览)定价
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"autoProvisioning": {
"type": "string",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Turn automatic deployment by ASC of the MMA (OMS VM extension) on or off"
}
},
"workspaceName": {
"type": "string",
"metadata": {
"description": "Specify the name of your custom Log Analytics workspace to collect ASC data."
}
},
"workspaceSubscriptionId": {
"type": "string",
"metadata": {
"description": "Specify the subscriptionId where the custom Log Analytics workspace is deployed."
}
},
"workspaceResourceGroup": {
"type": "string",
"metadata": {
"description": "Specify the resource group where the custom Log Analytics workspace is deployed."
}
},
"emailSecurityContact": {
"type": "string",
"metadata": {
"description": "email address of the contact, in the form of john@doe.com"
}
},
"phoneSecurityContact": {
"type": "string",
"metadata": {
"description": "phone number of the Security Contact"
}
},
"alertNotifications": {
"type": "string",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Send alert notifications to Security Contact"
}
},
"alertsToAdmin": {
"type": "string",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Send alert notifications to Admins"
}
},
"securitySettings": {
"type": "string",
"allowedValues": [
"On",
"Off"
],
"metadata": {
"description": "Turn security policy settings On or Off."
}
},
"pricing": {
"type": "string",
"allowedValues": [
"Standard",
"Free"
],
"defaultValue" : "Standard"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Security/autoProvisioningSettings",
"name": "default",
"apiVersion": "2017-08-01-preview",
"properties": {
"autoProvision": "[parameters('autoProvisioning')]"
}
},
{
"type": "Microsoft.Security/workspaceSettings",
"apiVersion": "2017-08-01-preview",
"name": "default",
"properties": {
"workspaceId": "[concat('/subscriptions/', parameters('workspaceSubscriptionId'), '/resourceGroups/', parameters('workspaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]",
"scope": "[subscription().id]"
}
},
{
"type": "Microsoft.Security/securityContacts",
"name": "default1",
"apiVersion": "2017-08-01-preview",
"properties": {
"email": "[parameters('emailSecurityContact')]",
"phone": "[parameters('phoneSecurityContact')]",
"alertNotifications": "[parameters('alertNotifications')]",
"alertsToAdmins": "[parameters('alertsToAdmin')]"
}
},
{
"type": "Microsoft.Security/policies",
"apiVersion": "2015-06-01-preview",
"name": "default",
"properties": {
"policyLevel": "Subscription",
"name": "default",
"unique": "Off",
"logCollection": "Off",
"recommendations": {
"patch": "[parameters('securitySettings')]",
"baseline": "[parameters('securitySettings')]",
"antimalware": "[parameters('securitySettings')]",
"diskEncryption": "[parameters('securitySettings')]",
"acls": "[parameters('securitySettings')]",
"nsgs": "[parameters('securitySettings')]",
"waf": "[parameters('securitySettings')]",
"sqlAuditing": "[parameters('securitySettings')]",
"sqlTde": "[parameters('securitySettings')]",
"ngfw": "[parameters('securitySettings')]",
"vulnerabilityAssessment": "[parameters('securitySettings')]",
"storageEncryption": "[parameters('securitySettings')]",
"jitNetworkAccess": "[parameters('securitySettings')]"
},
"pricingConfiguration": {
"selectedPricingTier": "[parameters('pricing')]"
}
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "SqlServers",
"dependsOn": [
"[concat('Microsoft.Security/policies/default')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "AppServices",
"dependsOn": [
"[concat('Microsoft.Security/pricings/SqlServers')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
},
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "VirtualMachines",
"dependsOn": [
"[concat('Microsoft.Security/pricings/AppServices')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
,
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "SqlServerVirtualMachines",
"dependsOn": [
"[concat('Microsoft.Security/pricings/VirtualMachines')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
,
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "StorageAccounts",
"dependsOn": [
"[concat('Microsoft.Security/pricings/SqlServerVirtualMachines')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
,
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "KubernetesService",
"dependsOn": [
"[concat('Microsoft.Security/pricings/StorageAccounts')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
,
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "ContainerRegistry",
"dependsOn": [
"[concat('Microsoft.Security/pricings/KubernetesService')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
,
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2018-06-01",
"name": "KeyVaults",
"dependsOn": [
"[concat('Microsoft.Security/pricings/ContainerRegistry')]"
],
"properties": {
"pricingTier": "[parameters('pricing')]"
}
}
],
"outputs": {}
}您能粘贴整个模板吗?我无法确定在何处添加它,这样它就不会抱怨作用域。在部署时,我得到“错误:代码=InvalidTemplate;消息=部署模板验证失败:'第87行和第9列的模板资源'default'无效。”。我使用“New AzDeployment”命令,您可能会认为您的答案是正确的;)