diff --git a/rules/S6413/azureresourcemanager/rule.adoc b/rules/S6413/azureresourcemanager/rule.adoc index 1a68024e73..bcd07da677 100644 --- a/rules/S6413/azureresourcemanager/rule.adoc +++ b/rules/S6413/azureresourcemanager/rule.adoc @@ -28,6 +28,18 @@ For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azur } ---- +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = { + properties: { + insights: { + isEnabled: true + retentionDays: 7 // Sensitive + } + } +} +---- + Raise issue when `retentionDays` is smaller than `14`, but not `0` (zero), or if `isEnabled` is `false` or the `insights` block is missing. For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]: @@ -52,6 +64,18 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkw } ---- +[source,bicep,diff-id=4,diff-type=noncompliant] +---- +resource networkWatchersFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2022-07-01' = { + properties: { + retentionPolicy: { + days: 7 + enabled: true + } + } +} +---- + Raise issue when `days` is smaller than `14`, but not `0` (zero), or if `enabled` is set to `false` or `retentionPolicy` is missing. For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]: @@ -73,6 +97,15 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/s } ---- +[source,bicep,diff-id=6,diff-type=noncompliant] +---- +resource sqlServerAudit 'Microsoft.Sql/servers/auditingSettings@2021-11-01' = { + properties: { + retentionDays: 7 // Sensitive + } +} +---- + Raise issue when retentionDays is smaller than `14`, but not `0` (zero). The same case applies to other types (when `type` field is set to one of following): @@ -107,6 +140,17 @@ For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azur } ---- +[source,bicep,diff-id=2,diff-type=compliant] +---- +resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = { + properties: { + insights: { + isEnabled: true + retentionDays: 30 // Compliant + } + } +} +---- For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]: @@ -130,6 +174,18 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkw } ---- +[source,bicep,diff-id=4,diff-type=compliant] +---- +resource networkWatchersFlowLogs 'Microsoft.Network/networkWatchers/flowLogs@2022-07-01' = { + properties: { + retentionPolicy: { + days: 30 // Compliant + enabled: true + } + } +} +---- + For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]: [source,json,diff-id=5,diff-type=compliant] @@ -149,6 +205,15 @@ For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/s } ---- +[source,bicep,diff-id=6,diff-type=compliant] +---- +resource sqlServerAudit 'Microsoft.Sql/servers/auditingSettings@2021-11-01' = { + properties: { + retentionDays: 30 // Compliant + } +} +---- + Above code also applies to other types defined in previous paragraph. ifdef::env-github,rspecator-view[]