Control types for @turbot/azure-network

• Azure > Network > Application Security Group > Active
• Azure > Network > Application Security Group > Approved
• Azure > Network > Application Security Group > CMDB
• Azure > Network > Application Security Group > Configured
• Azure > Network > Application Security Group > Discovery
• Azure > Network > Application Security Group > Tags
• Azure > Network > Express Route Circuits > Active
• Azure > Network > Express Route Circuits > Approved
• Azure > Network > Express Route Circuits > CMDB
• Azure > Network > Express Route Circuits > Discovery
• Azure > Network > Express Route Circuits > Tags
• Azure > Network > Network Interface > Active
• Azure > Network > Network Interface > Approved
• Azure > Network > Network Interface > CMDB
• Azure > Network > Network Interface > Configured
• Azure > Network > Network Interface > Discovery
• Azure > Network > Network Interface > Tags
• Azure > Network > Network Security Group > Active
• Azure > Network > Network Security Group > Approved
• Azure > Network > Network Security Group > CMDB
• Azure > Network > Network Security Group > Configured
• Azure > Network > Network Security Group > Discovery
• Azure > Network > Network Security Group > Egress Rules
• Azure > Network > Network Security Group > Egress Rules > Approved
• Azure > Network > Network Security Group > Ingress Rules
• Azure > Network > Network Security Group > Ingress Rules > Approved
• Azure > Network > Network Security Group > Tags
• Azure > Network > Private DNS Zones > Active
• Azure > Network > Private DNS Zones > Approved
• Azure > Network > Private DNS Zones > CMDB
• Azure > Network > Private DNS Zones > Discovery
• Azure > Network > Private DNS Zones > Tags
• Azure > Network > Private Endpoints > Active
• Azure > Network > Private Endpoints > Approved
• Azure > Network > Private Endpoints > CMDB
• Azure > Network > Private Endpoints > Discovery
• Azure > Network > Private Endpoints > Tags
• Azure > Network > Public IP Address > Active
• Azure > Network > Public IP Address > Approved
• Azure > Network > Public IP Address > CMDB
• Azure > Network > Public IP Address > Configured
• Azure > Network > Public IP Address > Discovery
• Azure > Network > Public IP Address > Tags
• Azure > Network > Route Table > Active
• Azure > Network > Route Table > Approved
• Azure > Network > Route Table > CMDB
• Azure > Network > Route Table > Configured
• Azure > Network > Route Table > Discovery
• Azure > Network > Route Table > Tags
• Azure > Network > Subnet > Active
• Azure > Network > Subnet > Approved
• Azure > Network > Subnet > CMDB
• Azure > Network > Subnet > Configured
• Azure > Network > Subnet > Discovery
• Azure > Network > Virtual Network > Active
• Azure > Network > Virtual Network > Approved
• Azure > Network > Virtual Network > CMDB
• Azure > Network > Virtual Network > Configured
• Azure > Network > Virtual Network > Discovery
• Azure > Network > Virtual Network > Tags
• Azure > Network > Virtual Network Gateway > Active
• Azure > Network > Virtual Network Gateway > Approved
• Azure > Network > Virtual Network Gateway > CMDB
• Azure > Network > Virtual Network Gateway > Configured
• Azure > Network > Virtual Network Gateway > Discovery
• Azure > Network > Virtual Network Gateway > Tags

Azure > Network > Application Security Group > Active

Take an action when an Azure Network application security group is not active based on the
Azure > Network > Application Security Group > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Application Security Group > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Application Security Group > Approved

Take an action when an Azure Network application security group is not approved based on Azure > Network > Application Security Group > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Application Security Group > CMDB

Record and synchronize details for the Azure Network application security group into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Application Security Group > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Application Security Group > Configured

Maintain Azure > Network > Application Security Group configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Application Security Group > Discovery

Discover all Azure Network application security group resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Application Security Group > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Application Security Group > Tags

Take an action when an Azure Network application security group tags is not updated based on the Azure > Network > Application Security Group > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Application Security Group > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Express Route Circuits > Active

Take an action when an Azure Network express route circuits is not active based on the
Azure > Network > Express Route Circuits > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Express Route Circuits > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Express Route Circuits > Approved

Take an action when an Azure Network express route circuits is not approved based on Azure > Network > Express Route Circuits > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Express Route Circuits > CMDB

Record and synchronize details for the Azure Network express route circuits into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Express Route Circuits > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Express Route Circuits > Discovery

Discover all Azure Network express route circuits resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Express Route Circuits > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Express Route Circuits > Tags

Take an action when an Azure Network express route circuits tags is not updated based on the Azure > Network > Express Route Circuits > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Express Route Circuits > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Network Interface > Active

Take an action when an Azure Network network interface is not active based on the
Azure > Network > Network Interface > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Network Interface > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Network Interface > Approved

Take an action when an Azure Network network interface is not approved based on Azure > Network > Network Interface > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Network Interface > CMDB

Record and synchronize details for the Azure Network network interface into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Network Interface > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Network Interface > Configured

Maintain Azure > Network > Network Interface configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Network Interface > Discovery

Discover all Azure Network network interface resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Network Interface > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Network Interface > Tags

Take an action when an Azure Network network interface tags is not updated based on the Azure > Network > Network Interface > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Network Interface > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Network Security Group > Active

Take an action when an Azure Network network security group is not active based on the
Azure > Network > Network Security Group > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Network Security Group > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Network Security Group > Approved

Take an action when an Azure Network network security group is not approved based on Azure > Network > Network Security Group > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Network Security Group > CMDB

Record and synchronize details for the Azure Network network security group into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Network Security Group > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Network Security Group > Configured

Maintain Azure > Network > Network Security Group configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Network Security Group > Discovery

Discover all Azure Network network security group resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Network Security Group > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Network Security Group > Egress Rules

Azure > Network > Network Security Group > Egress Rules > Approved

Configure Security Group Rules checking. This control defines whether to
verify the security group egress rules are approved, as well as the
subsequent action to take on unapproved items. Rules for all Approved
policies will be compiled in Approved > Compiled Rules and then
evaluated.

If set to Enforce: Delete unapproved, any unapproved rules will be
revoked from the security group.

Azure > Network > Network Security Group > Ingress Rules

Azure > Network > Network Security Group > Ingress Rules > Approved

Configure Security Group Rules checking. This control defines whether to
verify the security group ingress rules are approved, as well as the
subsequent action to take on unapproved items. Rules for all Approved
policies will be compiled in Approved > Compiled Rules and then
evaluated.

If set to Enforce: Delete unapproved, any unapproved rules will be
revoked from the security group.

Azure > Network > Network Security Group > Tags

Take an action when an Azure Network network security group tags is not updated based on the Azure > Network > Network Security Group > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Network Security Group > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Private DNS Zones > Active

Take an action when an Azure Network private dns zones is not active based on the
Azure > Network > Private DNS Zones > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Private DNS Zones > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Private DNS Zones > Approved

Take an action when an Azure Network private dns zones is not approved based on Azure > Network > Private DNS Zones > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Private DNS Zones > CMDB

Record and synchronize details for the Azure Network private dns zones into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Network > Private DNS Zones > Discovery

Discover all Azure Network private dns zones resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Network > Private DNS Zones > Tags

Take an action when an Azure Network private dns zones tags is not updated based on the Azure > Network > Private DNS Zones > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Private DNS Zones > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Private Endpoints > Active

Take an action when an Azure Network private endpoints is not active based on the
Azure > Network > Private Endpoints > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Private Endpoints > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Private Endpoints > Approved

Take an action when an Azure Network private endpoints is not approved based on Azure > Network > Private Endpoints > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Private Endpoints > CMDB

Record and synchronize details for the Azure Network private endpoints into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Private Endpoints > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Private Endpoints > Discovery

Discover all Azure Network private endpoints resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Private Endpoints > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Private Endpoints > Tags

Take an action when an Azure Network private endpoints tags is not updated based on the Azure > Network > Private Endpoints > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Private Endpoints > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Public IP Address > Active

Take an action when an Azure Network public ip address is not active based on the
Azure > Network > Public IP Address > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Public IP Address > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Public IP Address > Approved

Take an action when an Azure Network public ip address is not approved based on Azure > Network > Public IP Address > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Public IP Address > CMDB

Record and synchronize details for the Azure Network public ip address into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Public IP Address > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Public IP Address > Configured

Maintain Azure > Network > Public IP Address configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Public IP Address > Discovery

Discover all Azure Network public ip address resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Public IP Address > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Public IP Address > Tags

Take an action when an Azure Network public ip address tags is not updated based on the Azure > Network > Public IP Address > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Public IP Address > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Route Table > Active

Take an action when an Azure Network route table is not active based on the
Azure > Network > Route Table > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Route Table > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Route Table > Approved

Take an action when an Azure Network route table is not approved based on Azure > Network > Route Table > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Route Table > CMDB

Record and synchronize details for the Azure Network route table into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Route Table > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Route Table > Configured

Maintain Azure > Network > Route Table configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Route Table > Discovery

Discover all Azure Network route table resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Route Table > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Route Table > Tags

Take an action when an Azure Network route table tags is not updated based on the Azure > Network > Route Table > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Route Table > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Subnet > Active

Take an action when an Azure Network subnet is not active based on the
Azure > Network > Subnet > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Subnet > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Subnet > Approved

Take an action when an Azure Network subnet is not approved based on Azure > Network > Subnet > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Subnet > CMDB

Record and synchronize details for the Azure Network subnet into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Network > Subnet > Configured

Maintain Azure > Network > Subnet configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Subnet > Discovery

Discover all Azure Network subnet resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Network > Virtual Network > Active

Take an action when an Azure Network virtual network is not active based on the
Azure > Network > Virtual Network > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Virtual Network > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Virtual Network > Approved

Take an action when an Azure Network virtual network is not approved based on Azure > Network > Virtual Network > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Virtual Network > CMDB

Record and synchronize details for the Azure Network virtual network into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Virtual Network > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Virtual Network > Configured

Maintain Azure > Network > Virtual Network configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Virtual Network > Discovery

Discover all Azure Network virtual network resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Virtual Network > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Virtual Network > Tags

Take an action when an Azure Network virtual network tags is not updated based on the Azure > Network > Virtual Network > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Virtual Network > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.

Azure > Network > Virtual Network Gateway > Active

Take an action when an Azure Network virtual network gateway is not active based on the
Azure > Network > Virtual Network Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (Azure > Network > Virtual Network Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note: In contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

Azure > Network > Virtual Network Gateway > Approved

Take an action when an Azure Network virtual network gateway is not approved based on Azure > Network > Virtual Network Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Network > Virtual Network Gateway > CMDB

Record and synchronize details for the Azure Network virtual network gateway into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in Azure > Network > Virtual Network Gateway > Regions policy, the CMDB control will delete the
resource from the CMDB.

Azure > Network > Virtual Network Gateway > Configured

Maintain Azure > Network > Virtual Network Gateway configuration.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

Azure > Network > Virtual Network Gateway > Discovery

Discover all Azure Network virtual network gateway resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Note: Discovery and CMDB controls also use the Regions policy associated with the resource. If the region is not in Azure > Network > Virtual Network Gateway > Regions policy, the CMDB control will delete the resource from the CMDB.

Azure > Network > Virtual Network Gateway > Tags

Take an action when an Azure Network virtual network gateway tags is not updated based on the Azure > Network > Virtual Network Gateway > Tags > * policies.

If the resource is not updated with the tags defined in Azure > Network > Virtual Network Gateway > Tags > Template, this control raises an alarm and takes the defined enforcement action.

See Tags for more information.