mirror of
https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering
synced 2026-02-27 18:52:18 +01:00
Added script to list a types of Alerts rules
This commit is contained in:
Jurjen Ladenius
347
Powershell/Lists/Azure/AlertRules.ps1
Normal file
347
Powershell/Lists/Azure/AlertRules.ps1
Normal file
@@ -0,0 +1,347 @@
|
||||
#Connect-AzAccount
|
||||
|
||||
$access_token = (Get-AzAccessToken).Token
|
||||
$ofs = ', '
|
||||
|
||||
function GetSmartDetectorActionGroupIds {
|
||||
|
||||
param (
|
||||
[string] $alertRuleName,
|
||||
[string] $resourceGroupName,
|
||||
[string] $subscriptionId
|
||||
)
|
||||
|
||||
## example : GetSmartDetectorActionGroupIds -alertRuleName "Failure Anomalies - authorization-functions-v2" -resourceGroupName "authorization" -subscriptionId "3190b0fd-4a66-4636-a204-5b9f18be78a6"
|
||||
|
||||
$escapedAlertRuleName = [uri]::EscapeDataString($alertRuleName)
|
||||
$url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/microsoft.alertsManagement/smartDetectorAlertRules/$escapedAlertRuleName`?api-version=2019-06-01"
|
||||
$head = @{ Authorization =" Bearer $access_token" }
|
||||
$response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
|
||||
$response | ForEach-Object {
|
||||
$alert = $_
|
||||
$alert.properties.actionGroups
|
||||
| ForEach-Object {
|
||||
$actionGroup = $_
|
||||
$_.groupIds | ForEach-Object {
|
||||
[pscustomobject]@{
|
||||
Id = $alert.id
|
||||
Name = $alert.name
|
||||
Description = $alert.properties.description
|
||||
State = $alert.properties.state
|
||||
Alert = $alert.properties
|
||||
ActionGroups = $alert.actionGroups
|
||||
ActionGroup = $actionGroup
|
||||
ActionGroupId = $_
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function GetDecentDescription {
|
||||
param (
|
||||
[string] $description
|
||||
)
|
||||
|
||||
if ($null -eq $description) {
|
||||
""
|
||||
}
|
||||
else {
|
||||
$description.Replace("`n"," - ").Replace("`r"," - ").Replace(" - - "," - ")
|
||||
}
|
||||
}
|
||||
|
||||
[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
|
||||
$fileName = ".\$date alert rules.csv"
|
||||
|
||||
$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
|
||||
|
||||
class AlertRule {
|
||||
[string] $SubscriptionId = ""
|
||||
[string] $SubscriptionName = ""
|
||||
[string] $Id = ""
|
||||
[string] $ResourceGroupName = ""
|
||||
[string] $Type = ""
|
||||
[string] $Name = ""
|
||||
[string] $Description = ""
|
||||
[string] $State = ""
|
||||
[string] $ActionGroupId = ""
|
||||
[string] $ActionGroupName = ""
|
||||
[string] $ActionGroupResourceGroupName = ""
|
||||
[string] $ActionGroupEnabled = ""
|
||||
[string] $ActionGroupArmRoleReceivers = ""
|
||||
[string] $ActionGroupEmailReceivers = ""
|
||||
[string] $AzureFunctionReceivers = ""
|
||||
[string] $Tag_Team = ""
|
||||
[string] $Tag_Product = ""
|
||||
[string] $Tag_Environment = ""
|
||||
[string] $Tag_Data = ""
|
||||
[string] $Tag_CreatedOnDate = ""
|
||||
[string] $Tag_Deployment = ""
|
||||
|
||||
}
|
||||
|
||||
[Microsoft.Azure.Commands.Insights.OutputClasses.PSActionGroupResource[]]$actionGroups = @()
|
||||
foreach ($subscription in $subscriptions)
|
||||
{
|
||||
Set-AzContext -SubscriptionId $subscription.Id | out-null
|
||||
$actionGroups += Get-AzActionGroup
|
||||
}
|
||||
|
||||
[AlertRule[]]$Result = @()
|
||||
|
||||
foreach ($subscription in $subscriptions)
|
||||
{
|
||||
Set-AzContext -SubscriptionId $subscription.Id
|
||||
##Set-AzContext -SubscriptionId "a134faf1-7a89-4f2c-8389-06d00bd5e2a7"
|
||||
|
||||
# microsoft.alertsmanagement/smartdetectoralertrules
|
||||
$smartDetectorRules = Get-AzResource -ResourceType "microsoft.alertsmanagement/smartdetectoralertrules"
|
||||
foreach ($smartDetectorRule in $smartDetectorRules)
|
||||
{
|
||||
$actions = GetSmartDetectorActionGroupIds -alertRuleName $smartDetectorRule.Name -resourceGroupName $smartDetectorRule.ResourceGroupName -subscriptionId $subscription.Id
|
||||
|
||||
if (($null -eq $actions) -or ($actions.Length -eq 0)) {
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $smartDetectorRule.Id
|
||||
$AlertRule.Name = $smartDetectorRule.Name
|
||||
$AlertRule.Type = $smartDetectorRule.ResourceType
|
||||
$AlertRule.ResourceGroupName = $smartDetectorRule.ResourceGroupName
|
||||
$AlertRule.Tag_Team = $smartDetectorRule.Tags.team
|
||||
$AlertRule.Tag_Product = $smartDetectorRule.Tags.product
|
||||
$AlertRule.Tag_Environment = $smartDetectorRule.Tags.environment
|
||||
$AlertRule.Tag_Data = $smartDetectorRule.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $smartDetectorRule.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $smartDetectorRule.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
else {
|
||||
foreach($action in $actions) {
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
|
||||
$actionGroup = $actionGroups | where { $_.id -eq [uri]::UnescapeDataString($action.ActionGroupId) }
|
||||
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $smartDetectorRule.Id
|
||||
$AlertRule.Name = $smartDetectorRule.Name
|
||||
$AlertRule.Type = $smartDetectorRule.ResourceType
|
||||
$AlertRule.ResourceGroupName = $smartDetectorRule.ResourceGroupName
|
||||
$AlertRule.Description = GetDecentDescription $action.Description
|
||||
$AlertRule.State = $action.State
|
||||
$AlertRule.ActionGroupId = $action.ActionGroupId
|
||||
|
||||
if ($null -ne $actionGroup) {
|
||||
$AlertRule.ActionGroupName = $actionGroup.Name
|
||||
$AlertRule.ActionGroupResourceGroupName = $actionGroup.ResourceGroupName
|
||||
$AlertRule.ActionGroupEnabled = $actionGroup.Enabled
|
||||
$AlertRule.ActionGroupArmRoleReceivers = [string] ( $actionGroup.ArmRoleReceivers | ForEach-Object { $_.Name } )
|
||||
$AlertRule.ActionGroupEmailReceivers = [string] ( $actionGroup.EmailReceivers | ForEach-Object { $_.EmailAddress } )
|
||||
$AlertRule.AzureFunctionReceivers = [string] ($actionGroup.AzureFunctionReceivers | ForEach-Object { $_.FunctionName } )
|
||||
}
|
||||
|
||||
$AlertRule.Tag_Team = $smartDetectorRule.Tags.team
|
||||
$AlertRule.Tag_Product = $smartDetectorRule.Tags.product
|
||||
$AlertRule.Tag_Environment = $smartDetectorRule.Tags.environment
|
||||
$AlertRule.Tag_Data = $smartDetectorRule.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $smartDetectorRule.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $smartDetectorRule.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# microsoft.insights/scheduledqueryrules
|
||||
$scheduledQueryRules = Get-AzScheduledQueryRule
|
||||
$scheduledQueryRulesResources = Get-AzResource -ResourceType "microsoft.insights/scheduledqueryrules"
|
||||
foreach($scheduledQueryRule in $scheduledQueryRules) {
|
||||
$resource = $scheduledQueryRulesResources | where { $_.id -eq $scheduledQueryRule.Id }
|
||||
|
||||
if (($null -eq $scheduledQueryRule.ActionGroup) -or ($scheduledQueryRule.ActionGroup.Length -eq 0))
|
||||
{
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $scheduledQueryRule.Id
|
||||
$AlertRule.Name = $scheduledQueryRule.Name
|
||||
$AlertRule.Type = $scheduledQueryRule.Type
|
||||
$AlertRule.ResourceGroupName = $resource.ResourceGroupName
|
||||
$AlertRule.Description = GetDecentDescription $scheduledQueryRule.Description
|
||||
$AlertRule.State = $scheduledQueryRule.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.Tag_Team = $smartDetectorRule.Tags.team
|
||||
$AlertRule.Tag_Product = $smartDetectorRule.Tags.product
|
||||
$AlertRule.Tag_Environment = $smartDetectorRule.Tags.environment
|
||||
$AlertRule.Tag_Data = $smartDetectorRule.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $smartDetectorRule.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $smartDetectorRule.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
else {
|
||||
foreach($action in $scheduledQueryRule.ActionGroup) {
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
|
||||
$actionGroup = $actionGroups | where { $_.id -eq [uri]::UnescapeDataString($action) }
|
||||
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $scheduledQueryRule.Id
|
||||
$AlertRule.Name = $scheduledQueryRule.Name
|
||||
$AlertRule.Type = $scheduledQueryRule.Type
|
||||
$AlertRule.ResourceGroupName = $resource.ResourceGroupName
|
||||
$AlertRule.Description = GetDecentDescription $scheduledQueryRule.Description
|
||||
$AlertRule.State = $scheduledQueryRule.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.ActionGroupId = $action
|
||||
|
||||
if ($null -ne $actionGroup) {
|
||||
$AlertRule.ActionGroupName = $actionGroup.Name
|
||||
$AlertRule.ActionGroupResourceGroupName = $actionGroup.ResourceGroupName
|
||||
$AlertRule.ActionGroupEnabled = $actionGroup.Enabled
|
||||
$AlertRule.ActionGroupArmRoleReceivers = [string] ( $actionGroup.ArmRoleReceivers | ForEach-Object { $_.Name } )
|
||||
$AlertRule.ActionGroupEmailReceivers = [string] ( $actionGroup.EmailReceivers | ForEach-Object { $_.EmailAddress } )
|
||||
$AlertRule.AzureFunctionReceivers = [string] ($actionGroup.AzureFunctionReceivers | ForEach-Object { $_.FunctionName } )
|
||||
}
|
||||
|
||||
$AlertRule.Tag_Team = $smartDetectorRule.Tags.team
|
||||
$AlertRule.Tag_Product = $smartDetectorRule.Tags.product
|
||||
$AlertRule.Tag_Environment = $smartDetectorRule.Tags.environment
|
||||
$AlertRule.Tag_Data = $smartDetectorRule.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $smartDetectorRule.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $smartDetectorRule.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Microsoft.Insights/metricAlerts
|
||||
$metricAlerts = Get-AzMetricAlertRuleV2
|
||||
foreach($metricAlert in $metricAlerts) {
|
||||
if (($null -eq $metricAlert.Actions) -or ($metricAlert.Actions.Length -eq 0))
|
||||
{
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $metricAlert.Id
|
||||
$AlertRule.Name = $metricAlert.Name
|
||||
$AlertRule.Type = $metricAlert.Type
|
||||
$AlertRule.ResourceGroupName = $metricAlert.ResourceGroup
|
||||
$AlertRule.Description = GetDecentDescription $metricAlert.Description
|
||||
$AlertRule.State = $metricAlert.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.Tag_Team = $metricAlert.Tags.team
|
||||
$AlertRule.Tag_Product = $metricAlert.Tags.product
|
||||
$AlertRule.Tag_Environment = $metricAlert.Tags.environment
|
||||
$AlertRule.Tag_Data = $metricAlert.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $metricAlert.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $metricAlert.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
else {
|
||||
foreach($action in $metricAlert.Actions) {
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
|
||||
$actionGroup = $actionGroups | where { $_.id -eq [uri]::UnescapeDataString($action.ActionGroupId) }
|
||||
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $metricAlert.Id
|
||||
$AlertRule.Name = $metricAlert.Name
|
||||
$AlertRule.Type = $metricAlert.Type
|
||||
$AlertRule.ResourceGroupName = $metricAlert.ResourceGroup
|
||||
$AlertRule.Description = GetDecentDescription $metricAlert.Description
|
||||
$AlertRule.State = $metricAlert.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.ActionGroupId = $action.ActionGroupId
|
||||
|
||||
if ($null -ne $actionGroup) {
|
||||
$AlertRule.ActionGroupName = $actionGroup.Name
|
||||
$AlertRule.ActionGroupResourceGroupName = $actionGroup.ResourceGroupName
|
||||
$AlertRule.ActionGroupEnabled = $actionGroup.Enabled
|
||||
$AlertRule.ActionGroupArmRoleReceivers = [string] ( $actionGroup.ArmRoleReceivers | ForEach-Object { $_.Name } )
|
||||
$AlertRule.ActionGroupEmailReceivers = [string] ( $actionGroup.EmailReceivers | ForEach-Object { $_.EmailAddress } )
|
||||
$AlertRule.AzureFunctionReceivers = [string] ($actionGroup.AzureFunctionReceivers | ForEach-Object { $_.FunctionName } )
|
||||
}
|
||||
|
||||
$AlertRule.Tag_Team = $metricAlert.Tags.team
|
||||
$AlertRule.Tag_Product = $metricAlert.Tags.product
|
||||
$AlertRule.Tag_Environment = $metricAlert.Tags.environment
|
||||
$AlertRule.Tag_Data = $metricAlert.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $metricAlert.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $metricAlert.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Microsoft.Insights/ActivityLogAlerts
|
||||
$activityLogAlerts = Get-AzActivityLogAlert
|
||||
foreach($activityLogAlert in $activityLogAlerts) {
|
||||
|
||||
if (($null -eq $activityLogAlert.ActionGroup) -or ($activityLogAlert.ActionGroup.Length -eq 0))
|
||||
{
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $activityLogAlert.Id
|
||||
$AlertRule.Name = $activityLogAlert.Name
|
||||
$AlertRule.Type = $activityLogAlert.Type
|
||||
$AlertRule.ResourceGroupName = $activityLogAlert.ResourceGroupName
|
||||
$AlertRule.Description = GetDecentDescription $activityLogAlert.Description
|
||||
$AlertRule.State = $activityLogAlert.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.Tag_Team = $activityLogAlert.Tags.team
|
||||
$AlertRule.Tag_Product = $activityLogAlert.Tags.product
|
||||
$AlertRule.Tag_Environment = $activityLogAlert.Tags.environment
|
||||
$AlertRule.Tag_Data = $activityLogAlert.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $activityLogAlert.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $activityLogAlert.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
else {
|
||||
foreach($action in $activityLogAlert.ActionGroup) {
|
||||
[AlertRule] $AlertRule = [AlertRule]::new()
|
||||
|
||||
$actionGroup = $actionGroups | where { $_.id -eq [uri]::UnescapeDataString($action.Id) }
|
||||
|
||||
$AlertRule.SubscriptionId = $subscription.Id
|
||||
$AlertRule.SubscriptionName = $subscription.Name
|
||||
$AlertRule.Id = $activityLogAlert.Id
|
||||
$AlertRule.Name = $activityLogAlert.Name
|
||||
$AlertRule.Type = $activityLogAlert.Type
|
||||
$AlertRule.ResourceGroupName = $activityLogAlert.ResourceGroupName
|
||||
$AlertRule.Description = GetDecentDescription $activityLogAlert.Description
|
||||
$AlertRule.State = $activityLogAlert.Enabled -eq $true ? "Enabled" : "Disabled"
|
||||
$AlertRule.ActionGroupId = $action.Id
|
||||
|
||||
if ($null -ne $actionGroup) {
|
||||
$AlertRule.ActionGroupName = $actionGroup.Name
|
||||
$AlertRule.ActionGroupResourceGroupName = $actionGroup.ResourceGroupName
|
||||
$AlertRule.ActionGroupEnabled = $actionGroup.Enabled
|
||||
$AlertRule.ActionGroupArmRoleReceivers = [string] ( $actionGroup.ArmRoleReceivers | ForEach-Object { $_.Name } )
|
||||
$AlertRule.ActionGroupEmailReceivers = [string] ( $actionGroup.EmailReceivers | ForEach-Object { $_.EmailAddress } )
|
||||
$AlertRule.AzureFunctionReceivers = [string] ($actionGroup.AzureFunctionReceivers | ForEach-Object { $_.FunctionName } )
|
||||
}
|
||||
|
||||
$AlertRule.Tag_Team = $activityLogAlert.Tags.team
|
||||
$AlertRule.Tag_Product = $activityLogAlert.Tags.product
|
||||
$AlertRule.Tag_Environment = $activityLogAlert.Tags.environment
|
||||
$AlertRule.Tag_Data = $activityLogAlert.Tags.data
|
||||
$AlertRule.Tag_CreatedOnDate = $activityLogAlert.Tags.CreatedOnDate
|
||||
$AlertRule.Tag_Deployment = $activityLogAlert.Tags.drp_deployment
|
||||
|
||||
$Result += $AlertRule
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$Result | Export-Csv -Path $fileName -NoTypeInformation -Force
|
||||
|
||||
$Result | ft
|
||||
Reference in New Issue
Block a user