Control: Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring
Description
This policy audits any Windows/Linux virtual machines if the Log Analytics extension is not installed.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_log_analytics_agent_installedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_log_analytics_agent_installed --shareSQL
This control uses a named query:
with agent_installed_vm as ( select distinct a.vm_id from azure_compute_virtual_machine as a, jsonb_array_elements(extensions) as b where b ->> 'Publisher' = 'Microsoft.EnterpriseCloud.Monitoring' and b ->> 'ExtensionType' = any(ARRAY ['MicrosoftMonitoringAgent', 'OmsAgentForLinux']) and b ->> 'ProvisioningState' = 'Succeeded' and b -> 'Settings' ->> 'workspaceId' is not null)select a.vm_id as resource, case when b.vm_id is not null then 'ok' else 'alarm' end as status, case when b.vm_id is not null then a.title || ' have log analytics agent installed.' else a.title || ' log analytics agent not installed.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine as a left join agent_installed_vm as b on a.vm_id = b.vm_id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;