Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking Azure alert is failing because 'global' location name is lowercase #1644

Open
chopeen opened this issue Jun 5, 2024 · 0 comments · May be fixed by #1645
Open

Checking Azure alert is failing because 'global' location name is lowercase #1644

chopeen opened this issue Jun 5, 2024 · 0 comments · May be fixed by #1645
Labels
bug Something isn't working potential Unconfirmed issue

Comments

@chopeen
Copy link

chopeen commented Jun 5, 2024
edited
Loading

Describe the bug

When azurerm_monitor_activity_log_alert is used to create a new alert, the following spelling is used:

{
    "id": "/subscriptions/[...]/resourceGroups/[...]/providers/Microsoft.Insights/activityLogAlerts/Alert for Create Policy Assignment",
    "name": "Alert for Create Policy Assignment",
    "type": "Microsoft.Insights/ActivityLogAlerts",
    "location": "global",
[...]

When such an alert is created, ScoutSuite does not find it, because it checks for region Global (see DisplayName and Name spelling of region names):

ScoutSuite/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py

Lines 44 to 47 in 7909f2f

def ensure_alert_exist(self, log_alerts, equals_value: str):
for log_alert in log_alerts:
if log_alert.location == 'Global' and log_alert.enabled:
if '/subscriptions/' + self.subscription_id in log_alert.scopes:

Proposed fix

Make the string comparison case insensitive.
@chopeen chopeen added bug Something isn't working potential Unconfirmed issue labels Jun 5, 2024
@chopeen chopeen changed the title Check if Azure alert exists fails because 'global' location name is lowercase Checking Azure alert is failing because 'global' location name is lowercase Jun 5, 2024
@chopeen chopeen linked a pull request Jun 5, 2024 that will close this issue
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working potential Unconfirmed issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix case sensitivity issue in ActivityLogAlerts (Azure region name) chopeen/ScoutSuite
1 participant
@chopeen