Merge pull request #1837 from alphadev4/SAAS-21778/Az-realtime-r-s

SAAS-21778/Az-realtime-r-s

Author: alphadev4

plugins/azure/redisCache/minimumTlsVersion.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure cache for Redis is using the latest TLS version',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11',
     apis: ['redisCaches:listBySubscription'],
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/redisCache/redisCacheDiagnosticLogs.js

@@ -18,6 +18,7 @@ module.exports = {
             default: 'ConnectedClientList'
         },
     },
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete','microsoftinsights:diagnosticsettings:write','microsoftinsights:diagnosticsettings:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/redisCache/redisCacheHasTags.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Modify Azure Cache for Redis and add tags.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources',
     apis: ['redisCaches:listBySubscription'],
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete','microsoftresources:tags:write'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/redisCache/redisCacheManagedIdentity.js

@@ -10,7 +10,8 @@ module.exports = {
     recommended_action: 'Modify Azure Cache for Redis and add managed identity.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-managed-identity#enable-managed-identity',
     apis: ['redisCaches:listBySubscription'],
-
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete'],
+    
     run: function(cache, settings, callback) {
         const results = [];
         const source = {};

plugins/azure/redisCache/redisCachePrivateEndpoint.js

@@ -10,7 +10,8 @@ module.exports = {
     recommended_action: 'Ensure that Azure Cache for Redis has public network access disabled.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-network-isolation#azure-private-link-recommended',
     apis: ['redisCaches:listBySubscription'],
-
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete'],
+    
     run: function(cache, settings, callback) {
         const results = [];
         const source = {};

plugins/azure/redisCache/redisCacheScheduledUpdates.js

@@ -10,7 +10,8 @@ module.exports = {
     recommended_action: 'Enable schedule updates for Redis Cache.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-administration#update-channel-and-schedule-updates',
     apis: ['redisCaches:listBySubscription', 'patchSchedules:listByRedisCache'],
-
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete','microsoftcache:redis:patchschedules:write','microsoftcache:redis:patchschedules:delete'],
+    
     run: function(cache, settings, callback) {
         const results = [];
         const source = {};

plugins/azure/redisCache/redisVersion.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure cache for Redis is using the latest version',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-overview#redis-versions',
     apis: ['redisCaches:listBySubscription'],
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/redisCache/sslAccessOnlyEnabled.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable SSL Access Only for Azure cache for Redis',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-management-faq#when-should-i-enable-the-non-tlsssl-port-for-connecting-to-redis',
     apis: ['redisCaches:listBySubscription'],
+    realtime_triggers: ['microsoftcache:redis:write','microsoftcache:redis:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/resourceGroup/rgHasTags.js

@@ -11,6 +11,7 @@ module.exports = {
     recommended_action: 'Modify affected resource group and add tags.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources-portal',
     apis: ['resourceGroups:list'],
+    realtime_triggers: ['microsoftresources:subscriptions:resourcegroups:write','microsoftresources:subscriptions:resourcegroups:delete','microsoftresources:tags:write'],
 
     run: function(cache, settings, callback) {
         var results = [];

plugins/azure/securitycenter/adminSecurityAlertsEnabled.js

@@ -9,8 +9,9 @@ module.exports = {
     more_info: 'Enabling security alerts to be sent to admins ensures that detected vulnerabilities and security issues are sent to the subscription admins for quick remediation.',
     recommended_action: 'Ensure that security alerts are configured to be sent to subscription owners.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details',
+    realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'],
+    
     apis: ['securityContacts:list'],
-
     run: function(cache, settings, callback) {
         const results = [];
         const source = {};

plugins/azure/securitycenter/appWhitelistingEnabled.js

@@ -10,7 +10,8 @@ module.exports = {
     recommended_action: 'Enable Adaptive Application Controls for Virtual Machines from the Azure Security Center by ensuring AuditIfNotExists setting is used.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-adaptive-application',
     apis: ['policyAssignments:list'],
-
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
+    
     run: function(cache, settings, callback) {
         const results = [];
         const source = {};

plugins/azure/securitycenter/autoProvisioningEnabled.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that the data collection settings of the subscription have Auto Provisioning set to enabled.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection',
     apis: ['autoProvisioningSettings:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/highSeverityAlertsEnabled.js

@@ -20,6 +20,7 @@ module.exports = {
             default: 'medium'
         }
     },
+    realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorBlobEncryption.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable Adaptive Application Controls for Storage Accounts from the Azure Security Center by ensuring AuditIfNotExists setting is used for blob encryption.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policies',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorDiskEncryption.js

@@ -14,6 +14,7 @@ module.exports = {
         hipaa: 'HIPAA requires data to be encrypted at rest. Enabling disk encryption ' +
                 'monitoring ensures this configuration is not modified undetected.'
     },
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorEndpointProtection.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable Adaptive Application Controls for Endpoint Protection from the Azure Security Center by ensuring AuditIfNotExists setting is used to monitor missing Endpoint Protection.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorExternalAccounts.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable Monitor for External Accounts with Write Permissions by ensuring AuditIfNotExists setting is used for \'External accounts with write permissions should be removed from your subscription\' from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorIpForwarding.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable IP Forwarding Monitoring by ensuring AuditIfNotExists setting is used for \'IP Forwarding on your virtual machine should be disabled\' from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorJitNetworkAccess.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorNextGenerationFirewall.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable Next Generation Firewall Monitoring by ensuring AuditIfNotExists setting is used for \'All network ports should be restricted on network security groups associated to your virtual machine\' from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorNsgEnabled.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure Network Security Group monitoring is configured from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorSqlAuditing.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure SQL auditing monitoring is configured for SQL databases from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorSqlEncryption.js

@@ -14,6 +14,7 @@ module.exports = {
         hipaa: 'HIPAA requires data to be encrypted at rest. Enabling SQL encryption ' +
                 'monitoring ensures this configuration is not modified undetected.'
     },
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorSubscriptionOwners.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable Monitor for Total Number of Subscription Owners by ensuring AuditIfNotExists setting is used for \'A maximum of 3 owners should be designated for your subscription\' from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-policy-definitions',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorSystemUpdates.js

@@ -14,6 +14,7 @@ module.exports = {
         pci: 'PCI requires all system components have the latest updates ' +
              'and patches installed within a month of release.'
     },
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/monitorVMVulnerability.js

@@ -15,6 +15,7 @@ module.exports = {
             'to protect cardholder data. These requirements include manual or automated ' +
             'vulnerability testing.'
     },
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/securityConfigMonitoring.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure Security Configuration Monitoring is configured for virtual machines from the Azure Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/governance/policy/overview',
     apis: ['policyAssignments:list'],
+    realtime_triggers: ['microsoftauthorization:policyassignments:write','microsoftauthorization:policyassignments:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/securityContactAdditionalEmail.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Modify security contact information and add additional emails.',
     link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications',
     apis: ['securityContactv2:listAll'],
+    realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/securityContactRoleSetToOwner.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Modify security contact information and enable emails for subscription owners',
     link: 'https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications',
     apis: ['securityContactv2:listAll'],
+    realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/securityContactsEnabled.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that email notifications are configured for the subscription from the Security Center.',
     link: 'https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details',
     apis: ['securityContacts:list'],
+    realtime_triggers: ['microsoftsecurity:securitycontacts:write','microsoftsecurity:securitycontacts:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/securitycenter/standardPricingEnabled.js

@@ -10,7 +10,8 @@ module.exports = {
     recommended_action: 'Ensure that standard pricing is enabled in the security center.',
     link: 'https://azure.microsoft.com/en-us/pricing/details/security-center/',
     apis: ['pricings:list'],
-
+    realtime_triggers: ['microsoftsecurity:pricings:write','microsoftsecurity:pricings:delete'],
+    
     run: function(cache, settings, callback) {
         var results = [];
         var source = {};

plugins/azure/servicebus/namespaceEncryptionAtRest.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure Service Bus namespaces have CMK encryption enabled.',
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/configure-customer-managed-key',
     apis: ['serviceBus:listNamespacesBySubscription'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/servicebus/namespaceInfraEncryption.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Enable infrastructure level encryption for all Azure Service Bus namespaces.',
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/configure-customer-managed-key#enable-infrastructure-double-encryption-of-data',
     apis: ['serviceBus:listNamespacesBySubscription'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/servicebus/namespaceLocalAuth.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure Service Bus namespaces have local authentication disabled.',
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/disable-local-authentication',
     apis: ['serviceBus:listNamespacesBySubscription'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/servicebus/namespaceLoggingEnabled.js

@@ -10,6 +10,7 @@ module.exports = {
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus-reference',
     recommended_action: 'Modify the namespace settings and enable diagnostic logs.',
     apis: ['serviceBus:listNamespacesBySubscription', 'diagnosticSettings:listByServiceBusNamespaces'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete','microsoftinsights:diagnosticsettings:write','microsoftinsights:diagnosticsettings:delete'],
 
     run: function(cache, settings, callback) {
         var results = [];

plugins/azure/servicebus/namespacePublicAccess.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure Service Bus namespaces are only accessible through private endpoints.',
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/private-link-service',
     apis: ['serviceBus:listNamespacesBySubscription'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];

plugins/azure/servicebus/namespaceTlsVersion.js

@@ -10,6 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that Azure Srvice Bus namespaces are using the latest TLS version',
     link: 'https://learn.microsoft.com/en-us/azure/service-bus-messaging/transport-layer-security-enforce-minimum-version',
     apis: ['serviceBus:listNamespacesBySubscription'],
+    realtime_triggers: ['microsoftservicebus:namespaces:write','microsoftservicebus:namespaces:delete'],
 
     run: function(cache, settings, callback) {
         const results = [];