AzureActivity
| where ResourceProviderValue contains "Microsoft.storage" and CategoryValue contains "Administrative"
| where OperationNameValue ==
"Microsoft. Authorization/roleAssignments/write",
"Microsoft. Authorization/roleAssignments/delete",
"Microsoft. Authorization/roleDefinitions/write",
"Microsoft. Authorization/roleDefinitions/delete"
| where ActivityStatusValue in (""Started", "Succeeded", "Failed")
| project TimeGenerated, ResourceId, OperationNameValue, ActivityStatus
I am trying to create alerts when someone changes the IAM RBAC roles or permissions on azure storage accounts using Kusto query
81 Views Asked by Sahith Thatipalli At
1
There are 1 best solutions below
Related Questions in AZURE-BLOB-STORAGE
- Azure Storage Account Access: Role Assignments Yield 'Access Denied' even for "Blob Owners" roles
- Getting "Incorrect padding" error when trying to retrieve the list of blob names
- Get all file from blob directory timeout 400 error when having large number of file
- Adding users file storage feature to my application
- azure-sdk-for-rust: How to get the Content-MD5 for a file?
- Azure storage blobs, Download file and check integrity
- Unhandled host error occurs after function execution
- Azure Storage Copy Blob From Url (REST API) error on x-ms-requires-sync header
- New Azure Function App processes blobs that were already processed by another Function App
- Unknown characters while reading PDF file from Azure Blobl Storage
- Transfer files to Azure Blob Storage
- "Directory is expected, not a file." error when using Azure CLI to download from blob storage
- Nothing read from Azure Blob storage after downloading file in stream data
- How to get the sizes of different Azure Blob Container inside Azure Storage Account on Grafana
- SAS token for azure storage container failed 403 error
Related Questions in AZURE-STORAGE
- Is there a way to view traffic logs for Azure Storage for connections that got blocked by Firewall settings from Networking pane?
- Unable to read data from ADLS gen 2 in Azure Databricks
- Nuxt 2 azure package starts breaking on build all of a sudden
- How to mount a FileShare to a named volume in Azure App Service using Docker Compose?
- sparkML load model from Azure storage
- SAS token for azure storage container failed 403 error
- Using Azure Storage Safely in an Electron Application
- How to programmatically configure proxy in Azure SDK for C++
- how to check which storage accounts are linked with the azure logic apps
- How to generate SAS toke for blob storage in dart language
- Is there a way to use System defined Identity to connect an asp.net core web Api to an azure storage account using managed Identity and RBAC
- unable to assign rbac role via code using bicep fails with Insufficient read or write permissions on storage account
- How to write large data file (csv) to Azure Storage with encryption
- Premium Tier is disabled in this workspace. Secret scopes can only be created with initial_manage_principal "users"
- I am trying to create alerts when someone changes the IAM RBAC roles or permissions on azure storage accounts using Kusto query
Related Questions in KQL
- Kusto query to get correct users counts connected to the server
- What are the possible ways I can handle duplicate data in ADX
- Issues with Defender Advanced Hunting using Python
- Azure DataBricks - Looking to query "workflows" related logs in Log Analytics (ie Name, CreatedBy, RecentRuns, Status, StartTime, Job)
- KQL Query to filter Message based on Grafana Variable
- How can I stack data correctly using kusto into a columnchart
- Why does ADX caching result from related dimension table/mv/function
- How can I get all but the last row in a KQL query?
- How to Run control commands in KQL Function or any KQL Object
- Issue with CASE operator - using different data type "Distinct types: I8,StringBuffer"
- Query Optimization in KQL || Pagination
- How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
- KQL ingest query not working with 'Where' statement
- KQL Summarize unable to show Null values
- KQL - Break down timespan of how long an item is in a specific state by day
Related Questions in AZURE-MONITORING
- Comparision between AppDynamics and Application Insights
- Alert Creation for All VMs under same subscription in Azure using Terraform
- Namespace must be defined to use Custom Metrics
- Application insights - Live metrics
- How to capture the error message of the each activity among the multiple activities(3) in a pipeline using single stored procedure
- Azure Alerts on bespoke endpoint status
- Monitoring IIS Applications using Application Insights
- Should Azure Log Analytics and Application Insights be used per app or per environment?
- How to create metrics on static website pages in Azure by CLI
- Azure monitoring agent vs Log Analytics Agent
- Azure monitoring Data Collection Rules(DCR) through DevOps
- Azure Monitor Data Collector API Powershell sample doesn't work
- Which Azure metrics aggregation type returns decimal values?
- Alerting from a custom event in azure application insights not firing
- Monitoring Azure function
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Alternatively, you can create an alert from the portal when someone changes the IAM RBAC roles on a storage account, follow these steps.
Azure Storage account > Activity log > select any Create role assignment operation > New alert rulescope (ex: subscription) > Resource type : Storage accounts.Create an action group using your email ID or choose an existing one.
To fetch all role assignment and deletion, select all in the status field of the condition tab.