AzureActivity
| where ResourceProviderValue contains "Microsoft.storage" and CategoryValue contains "Administrative"
| where OperationNameValue ==
"Microsoft. Authorization/roleAssignments/write",
"Microsoft. Authorization/roleAssignments/delete",
"Microsoft. Authorization/roleDefinitions/write",
"Microsoft. Authorization/roleDefinitions/delete"
| where ActivityStatusValue in (""Started", "Succeeded", "Failed")
| project TimeGenerated, ResourceId, OperationNameValue, ActivityStatus
I am trying to create alerts when someone changes the IAM RBAC roles or permissions on azure storage accounts using Kusto query
81 views Asked by Sahith Thatipalli At
1
There are 1 answers
Related Questions in AZURE-BLOB-STORAGE
- Azure Storage Account Access: Role Assignments Yield 'Access Denied' even for "Blob Owners" roles
- Getting "Incorrect padding" error when trying to retrieve the list of blob names
- Get all file from blob directory timeout 400 error when having large number of file
- Adding users file storage feature to my application
- azure-sdk-for-rust: How to get the Content-MD5 for a file?
- Azure storage blobs, Download file and check integrity
- Unhandled host error occurs after function execution
- Azure Storage Copy Blob From Url (REST API) error on x-ms-requires-sync header
- New Azure Function App processes blobs that were already processed by another Function App
- Unknown characters while reading PDF file from Azure Blobl Storage
- Transfer files to Azure Blob Storage
- "Directory is expected, not a file." error when using Azure CLI to download from blob storage
- Nothing read from Azure Blob storage after downloading file in stream data
- How to get the sizes of different Azure Blob Container inside Azure Storage Account on Grafana
- SAS token for azure storage container failed 403 error
Related Questions in AZURE-STORAGE
- Is there a way to view traffic logs for Azure Storage for connections that got blocked by Firewall settings from Networking pane?
- Unable to read data from ADLS gen 2 in Azure Databricks
- Nuxt 2 azure package starts breaking on build all of a sudden
- How to mount a FileShare to a named volume in Azure App Service using Docker Compose?
- sparkML load model from Azure storage
- SAS token for azure storage container failed 403 error
- Using Azure Storage Safely in an Electron Application
- How to programmatically configure proxy in Azure SDK for C++
- how to check which storage accounts are linked with the azure logic apps
- How to generate SAS toke for blob storage in dart language
- Is there a way to use System defined Identity to connect an asp.net core web Api to an azure storage account using managed Identity and RBAC
- unable to assign rbac role via code using bicep fails with Insufficient read or write permissions on storage account
- How to write large data file (csv) to Azure Storage with encryption
- Premium Tier is disabled in this workspace. Secret scopes can only be created with initial_manage_principal "users"
- I am trying to create alerts when someone changes the IAM RBAC roles or permissions on azure storage accounts using Kusto query
Related Questions in KQL
- Kusto query to get correct users counts connected to the server
- What are the possible ways I can handle duplicate data in ADX
- Issues with Defender Advanced Hunting using Python
- Azure DataBricks - Looking to query "workflows" related logs in Log Analytics (ie Name, CreatedBy, RecentRuns, Status, StartTime, Job)
- KQL Query to filter Message based on Grafana Variable
- How can I stack data correctly using kusto into a columnchart
- Why does ADX caching result from related dimension table/mv/function
- How can I get all but the last row in a KQL query?
- How to Run control commands in KQL Function or any KQL Object
- Issue with CASE operator - using different data type "Distinct types: I8,StringBuffer"
- Query Optimization in KQL || Pagination
- How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
- KQL ingest query not working with 'Where' statement
- KQL Summarize unable to show Null values
- KQL - Break down timespan of how long an item is in a specific state by day
Related Questions in AZURE-MONITORING
- Is there a way to view traffic logs for Azure Storage for connections that got blocked by Firewall settings from Networking pane?
- How can I stack data correctly using kusto into a columnchart
- Is it possible for my prometheus container to pull metrics from Azure Monitor?
- Get-Service command giving me the error Cannot open Service Control Manager on computer 'xx'. This operation might require other privileges
- How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
- Sent the Postgresql query result to Log Analytics workspace to create custom metric in Azure Monitor
- Verify if the logs of the type "WAF, FW, StorageAccount, Application " are sent ot the Eventhub
- I am trying to create alerts when someone changes the IAM RBAC roles or permissions on azure storage accounts using Kusto query
- Is the legacy oms_agent addon required for ama container insights for AKS?
- Terminate Azure Agent of Scale Set after a period of time
- How to customize ConfigMap for Container insights using Azure Monitor Agent on AKS?
- Azure Heartbeat Table: _ResourceId is blank
- Example for Azure Alert create using Python SDK
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- Azure Log Analytics Workspace only picking up one VM
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Alternatively, you can create an alert from the portal when someone changes the IAM RBAC roles on a storage account, follow these steps.
Azure Storage account > Activity log > select any Create role assignment operation > New alert rulescope (ex: subscription) > Resource type : Storage accounts.Create an action group using your email ID or choose an existing one.
To fetch all role assignment and deletion, select all in the status field of the condition tab.