Control types for @turbot/azure-network
- Azure > Network > Application Security Group > Active
- Azure > Network > Application Security Group > Approved
- Azure > Network > Application Security Group > CMDB
- Azure > Network > Application Security Group > Configured
- Azure > Network > Application Security Group > Discovery
- Azure > Network > Application Security Group > Tags
- Azure > Network > Express Route Circuits > Active
- Azure > Network > Express Route Circuits > Approved
- Azure > Network > Express Route Circuits > CMDB
- Azure > Network > Express Route Circuits > Discovery
- Azure > Network > Express Route Circuits > Tags
- Azure > Network > Network Interface > Active
- Azure > Network > Network Interface > Approved
- Azure > Network > Network Interface > CMDB
- Azure > Network > Network Interface > Configured
- Azure > Network > Network Interface > Discovery
- Azure > Network > Network Interface > Tags
- Azure > Network > Network Security Group > Active
- Azure > Network > Network Security Group > Approved
- Azure > Network > Network Security Group > CMDB
- Azure > Network > Network Security Group > Configured
- Azure > Network > Network Security Group > Discovery
- Azure > Network > Network Security Group > Egress Rules
- Azure > Network > Network Security Group > Egress Rules > Approved
- Azure > Network > Network Security Group > Ingress Rules
- Azure > Network > Network Security Group > Ingress Rules > Approved
- Azure > Network > Network Security Group > Tags
- Azure > Network > Private DNS Zones > Active
- Azure > Network > Private DNS Zones > Approved
- Azure > Network > Private DNS Zones > CMDB
- Azure > Network > Private DNS Zones > Discovery
- Azure > Network > Private DNS Zones > Tags
- Azure > Network > Private Endpoints > Active
- Azure > Network > Private Endpoints > Approved
- Azure > Network > Private Endpoints > CMDB
- Azure > Network > Private Endpoints > Discovery
- Azure > Network > Private Endpoints > Tags
- Azure > Network > Public IP Address > Active
- Azure > Network > Public IP Address > Approved
- Azure > Network > Public IP Address > CMDB
- Azure > Network > Public IP Address > Configured
- Azure > Network > Public IP Address > Discovery
- Azure > Network > Public IP Address > Tags
- Azure > Network > Route Table > Active
- Azure > Network > Route Table > Approved
- Azure > Network > Route Table > CMDB
- Azure > Network > Route Table > Configured
- Azure > Network > Route Table > Discovery
- Azure > Network > Route Table > Tags
- Azure > Network > Subnet > Active
- Azure > Network > Subnet > Approved
- Azure > Network > Subnet > CMDB
- Azure > Network > Subnet > Configured
- Azure > Network > Subnet > Discovery
- Azure > Network > Virtual Network > Active
- Azure > Network > Virtual Network > Approved
- Azure > Network > Virtual Network > CMDB
- Azure > Network > Virtual Network > Configured
- Azure > Network > Virtual Network > Discovery
- Azure > Network > Virtual Network > Tags
- Azure > Network > Virtual Network Gateway > Active
- Azure > Network > Virtual Network Gateway > Approved
- Azure > Network > Virtual Network Gateway > CMDB
- Azure > Network > Virtual Network Gateway > Configured
- Azure > Network > Virtual Network Gateway > Discovery
- Azure > Network > Virtual Network Gateway > Tags
Azure > Network > Application Security Group > Active
Take an action when an Azure Network application security group is not active based on theAzure > Network > Application Security Group > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Application Security Group > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupActive
Azure > Network > Application Security Group > Approved
Take an action when an Azure Network application security group is not approved based on Azure > Network > Application Security Group > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupApproved
Azure > Network > Application Security Group > CMDB
Record and synchronize details for the Azure Network application security group into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Application Security Group > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupCmdb
Azure > Network > Application Security Group > Configured
Maintain Azure > Network > Application Security Group configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupConfigured
Azure > Network > Application Security Group > Discovery
Discover all Azure Network application security group resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Application Security Group > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupDiscovery
Azure > Network > Application Security Group > Tags
Take an action when an Azure Network application security group tags is not updated based on the Azure > Network > Application Security Group > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Application Security Group > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/applicationSecurityGroupTags
Azure > Network > Express Route Circuits > Active
Take an action when an Azure Network express route circuits is not active based on theAzure > Network > Express Route Circuits > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Express Route Circuits > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/expressRouteCircuitsActive
Azure > Network > Express Route Circuits > Approved
Take an action when an Azure Network express route circuits is not approved based on Azure > Network > Express Route Circuits > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/expressRouteCircuitsApproved
Azure > Network > Express Route Circuits > CMDB
Record and synchronize details for the Azure Network express route circuits into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Express Route Circuits > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/expressRouteCircuitsCmdb
Azure > Network > Express Route Circuits > Discovery
Discover all Azure Network express route circuits resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Express Route Circuits > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/expressRouteCircuitsDiscovery
Azure > Network > Express Route Circuits > Tags
Take an action when an Azure Network express route circuits tags is not updated based on the Azure > Network > Express Route Circuits > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Express Route Circuits > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/expressRouteCircuitsTags
Azure > Network > Network Interface > Active
Take an action when an Azure Network network interface is not active based on theAzure > Network > Network Interface > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Network Interface > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/networkInterfaceActive
Azure > Network > Network Interface > Approved
Take an action when an Azure Network network interface is not approved based on Azure > Network > Network Interface > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/networkInterfaceApproved
Azure > Network > Network Interface > CMDB
Record and synchronize details for the Azure Network network interface into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Network Interface > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/networkInterfaceCmdb
Azure > Network > Network Interface > Configured
Maintain Azure > Network > Network Interface configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/networkInterfaceConfigured
Azure > Network > Network Interface > Discovery
Discover all Azure Network network interface resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Network Interface > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/networkInterfaceDiscovery
Azure > Network > Network Interface > Tags
Take an action when an Azure Network network interface tags is not updated based on the Azure > Network > Network Interface > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Network Interface > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/networkInterfaceTags
Azure > Network > Network Security Group > Active
Take an action when an Azure Network network security group is not active based on theAzure > Network > Network Security Group > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Network Security Group > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupActive
Azure > Network > Network Security Group > Approved
Take an action when an Azure Network network security group is not approved based on Azure > Network > Network Security Group > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupApproved
Azure > Network > Network Security Group > CMDB
Record and synchronize details for the Azure Network network security group into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Network Security Group > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupCmdb
Azure > Network > Network Security Group > Configured
Maintain Azure > Network > Network Security Group configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupConfigured
Azure > Network > Network Security Group > Discovery
Discover all Azure Network network security group resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Network Security Group > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupDiscovery
Azure > Network > Network Security Group > Egress Rules
tmod:@turbot/azure-network#/control/types/networkSecurityGroupEgressRules
Azure > Network > Network Security Group > Egress Rules > Approved
Configure Security Group Rules checking. This control defines whether to
verify the security group egress rules are approved, as well as the
subsequent action to take on unapproved items. Rules for all Approved
policies will be compiled in Approved > Compiled Rules
and then
evaluated.
If set to Enforce: Delete unapproved
, any unapproved rules will be
revoked from the security group.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupEgressRulesApproved
Azure > Network > Network Security Group > Ingress Rules
tmod:@turbot/azure-network#/control/types/networkSecurityGroupIngressRules
Azure > Network > Network Security Group > Ingress Rules > Approved
Configure Security Group Rules checking. This control defines whether to
verify the security group ingress rules are approved, as well as the
subsequent action to take on unapproved items. Rules for all Approved
policies will be compiled in Approved > Compiled Rules
and then
evaluated.
If set to Enforce: Delete unapproved
, any unapproved rules will be
revoked from the security group.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupIngressRulesApproved
Azure > Network > Network Security Group > Tags
Take an action when an Azure Network network security group tags is not updated based on the Azure > Network > Network Security Group > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Network Security Group > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/networkSecurityGroupTags
Azure > Network > Private DNS Zones > Active
Take an action when an Azure Network private dns zones is not active based on theAzure > Network > Private DNS Zones > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Private DNS Zones > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/privateDnsZonesActive
Azure > Network > Private DNS Zones > Approved
Take an action when an Azure Network private dns zones is not approved based on Azure > Network > Private DNS Zones > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/privateDnsZonesApproved
Azure > Network > Private DNS Zones > CMDB
Record and synchronize details for the Azure Network private dns zones into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/azure-network#/control/types/privateDnsZonesCmdb
Azure > Network > Private DNS Zones > Discovery
Discover all Azure Network private dns zones resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/azure-network#/control/types/privateDnsZonesDiscovery
Azure > Network > Private DNS Zones > Tags
Take an action when an Azure Network private dns zones tags is not updated based on the Azure > Network > Private DNS Zones > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Private DNS Zones > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/privateDnsZonesTags
Azure > Network > Private Endpoints > Active
Take an action when an Azure Network private endpoints is not active based on theAzure > Network > Private Endpoints > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Private Endpoints > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/privateEndpointsActive
Azure > Network > Private Endpoints > Approved
Take an action when an Azure Network private endpoints is not approved based on Azure > Network > Private Endpoints > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/privateEndpointsApproved
Azure > Network > Private Endpoints > CMDB
Record and synchronize details for the Azure Network private endpoints into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Private Endpoints > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/privateEndpointsCmdb
Azure > Network > Private Endpoints > Discovery
Discover all Azure Network private endpoints resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Private Endpoints > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/privateEndpointsDiscovery
Azure > Network > Private Endpoints > Tags
Take an action when an Azure Network private endpoints tags is not updated based on the Azure > Network > Private Endpoints > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Private Endpoints > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/privateEndpointsTags
Azure > Network > Public IP Address > Active
Take an action when an Azure Network public ip address is not active based on theAzure > Network > Public IP Address > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Public IP Address > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/publicIpAddressActive
Azure > Network > Public IP Address > Approved
Take an action when an Azure Network public ip address is not approved based on Azure > Network > Public IP Address > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/publicIpAddressApproved
Azure > Network > Public IP Address > CMDB
Record and synchronize details for the Azure Network public ip address into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Public IP Address > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/publicIpAddressCmdb
Azure > Network > Public IP Address > Configured
Maintain Azure > Network > Public IP Address configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/publicIpAddressConfigured
Azure > Network > Public IP Address > Discovery
Discover all Azure Network public ip address resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Public IP Address > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/publicIpAddressDiscovery
Azure > Network > Public IP Address > Tags
Take an action when an Azure Network public ip address tags is not updated based on the Azure > Network > Public IP Address > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Public IP Address > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/publicIpAddressTags
Azure > Network > Route Table > Active
Take an action when an Azure Network route table is not active based on theAzure > Network > Route Table > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Route Table > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/routeTableActive
Azure > Network > Route Table > Approved
Take an action when an Azure Network route table is not approved based on Azure > Network > Route Table > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/routeTableApproved
Azure > Network > Route Table > CMDB
Record and synchronize details for the Azure Network route table into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Route Table > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/routeTableCmdb
Azure > Network > Route Table > Configured
Maintain Azure > Network > Route Table configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/routeTableConfigured
Azure > Network > Route Table > Discovery
Discover all Azure Network route table resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Route Table > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/routeTableDiscovery
Azure > Network > Route Table > Tags
Take an action when an Azure Network route table tags is not updated based on the Azure > Network > Route Table > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Route Table > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/routeTableTags
Azure > Network > Subnet > Active
Take an action when an Azure Network subnet is not active based on theAzure > Network > Subnet > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Subnet > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/subnetActive
Azure > Network > Subnet > Approved
Take an action when an Azure Network subnet is not approved based on Azure > Network > Subnet > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/subnetApproved
Azure > Network > Subnet > CMDB
Record and synchronize details for the Azure Network subnet into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/azure-network#/control/types/subnetCmdb
Azure > Network > Subnet > Configured
Maintain Azure > Network > Subnet configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/subnetConfigured
Azure > Network > Subnet > Discovery
Discover all Azure Network subnet resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/azure-network#/control/types/subnetDiscovery
Azure > Network > Virtual Network > Active
Take an action when an Azure Network virtual network is not active based on theAzure > Network > Virtual Network > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Virtual Network > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkActive
Azure > Network > Virtual Network > Approved
Take an action when an Azure Network virtual network is not approved based on Azure > Network > Virtual Network > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkApproved
Azure > Network > Virtual Network > CMDB
Record and synchronize details for the Azure Network virtual network into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Virtual Network > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/virtualNetworkCmdb
Azure > Network > Virtual Network > Configured
Maintain Azure > Network > Virtual Network configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/virtualNetworkConfigured
Azure > Network > Virtual Network > Discovery
Discover all Azure Network virtual network resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Virtual Network > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/virtualNetworkDiscovery
Azure > Network > Virtual Network > Tags
Take an action when an Azure Network virtual network tags is not updated based on the Azure > Network > Virtual Network > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Virtual Network > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkTags
Azure > Network > Virtual Network Gateway > Active
Take an action when an Azure Network virtual network gateway is not active based on theAzure > Network > Virtual Network Gateway > Active > * policies
.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Virtual Network Gateway > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayActive
Azure > Network > Virtual Network Gateway > Approved
Take an action when an Azure Network virtual network gateway is not approved based on Azure > Network > Virtual Network Gateway > Approved > * policies
.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayApproved
Azure > Network > Virtual Network Gateway > CMDB
Record and synchronize details for the Azure Network virtual network gateway into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Virtual Network Gateway > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayCmdb
Azure > Network > Virtual Network Gateway > Configured
Maintain Azure > Network > Virtual Network Gateway configuration.
Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayConfigured
Azure > Network > Virtual Network Gateway > Discovery
Discover all Azure Network virtual network gateway resources and add them to the CMDB.
The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Virtual Network Gateway > Regions
policy, the CMDB control will delete the resource from the CMDB.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayDiscovery
Azure > Network > Virtual Network Gateway > Tags
Take an action when an Azure Network virtual network gateway tags is not updated based on the Azure > Network > Virtual Network Gateway > Tags > *
policies.
If the resource is not updated with the tags defined in Azure > Network > Virtual Network Gateway > Tags > Template
, this control raises an alarm and takes the defined enforcement action.
See Tags for more information.
tmod:@turbot/azure-network#/control/types/virtualNetworkGatewayTags