Control: Log Analytics extension should be installed on your Windows Azure Arc machines
Description
This policy audits Windows Azure Arc machines if the Log Analytics agent is not installed.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.arc_compute_machine_windows_log_analytics_agent_installedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.arc_compute_machine_windows_log_analytics_agent_installed --shareSQL
This control uses a named query:
with compute_machine as( select id, name, subscription_id, resource_group from azure_hybrid_compute_machine, jsonb_array_elements(extensions) as e where e ->> 'name' = 'MicrosoftMonitoringAgent' and e ->> 'provisioningState' = 'Succeeded')select a.id as resource, case when a.os_name <> 'windows' then 'skip' when m.id is not null then 'ok' else 'alarm' end as status, case when a.os_name <> 'windows' then a.name || ' is of ' || a.os_name || ' operating system.' when m.id is not null then a.name || ' log analytics extension installed.' else a.name || ' log analytics extension not installed.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfromazure_hybrid_compute_machine as aleft join compute_machine as m on m.id = a.id,azure_subscription as subwhere sub.subscription_id = a.subscription_id;