Docs edits

Signed-off-by: Ian Maddaus <[email protected]>
inspec · Mar 9, 2022 · f107e03 · f107e03
1 parent 922bcca
commit f107e03
Show file tree

Hide file tree

Showing 4 changed files with 262 additions and 215 deletions.
diff --git a/docs-chef-io/content/inspec/resources/azure_sentinel_alert_rule.md b/docs-chef-io/content/inspec/resources/azure_sentinel_alert_rule.md
@@ -0,0 +1,134 @@
++++
+title = "azure_sentinel_alert_rule Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_sentinel_alert_rule"
+identifier = "inspec/resources/azure/azure_sentinel_alert_rule Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_sentinel_alert_rule` InSpec audit resource to test properties of an Azure Sentinel alert rule for a resource group or the entire subscription.
+
+For additional information, see the [`Azure Sentinel Alert Rules API documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipeline-runs/query-by-factory).
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+An `azure_sentinel_alert_rule` resource block returns all Azure alert_rule, either within a Resource Group (if provided), or within an entire Subscription.
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  it { should exit }
+end
+```
+
+## Parameters
+
+`resource_group` _(required)_
+
+: Azure resource group that the targeted resource resides in.
+
+`workspace_name` _(required)_
+
+: Azure workspace Name for which alert rule are being retrieved.
+
+`rule_id` _(required)_
+
+: Alert rule ID.
+
+
+## Properties
+
+`id`
+: The id of the alert rule.
+
+`name`
+: The name of the alert rule.
+
+`type`
+: The type of the alert rule.
+
+`kind`
+: The kind of the alert rule.
+
+`etag`
+: The etag of the alert rule.
+
+`properties`
+: The properties of the alert rule.
+
+## Examples
+
+**Test if rule ID exists.**
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  its('id') { should eq 'ALERRT_RULE_ID' }
+end
+```
+
+**Test if rule name exists.**
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  its('name') { should eq 'ALERRT_RULE_NAME' }
+end
+```
+
+**Test if rule kind is `Scheduled`.**
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  its('kind') { should eq 'Scheduled' }
+end
+```
+
+**Test if rule type is `Microsoft.SecurityInsights/alertRules`.**
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  its('type') { should eq 'Microsoft.SecurityInsights/alertRules' }
+end
+```
+
+**Test if the display name is present or not.**
+
+```ruby
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  its('properties.displayName') { should eq "DISPLAY_NAME" }
+end
+```
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exists
+
+```ruby
+# If we expect a resource to always exist
+
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  it { should exist }
+end
+
+# If we expect a resource to never exist
+
+describe azure_sentinel_alert_rule(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME', rule_id: 'RULE_ID') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="contributor" %}}
diff --git a/docs-chef-io/content/inspec/resources/azure_sentinel_alert_rules.md b/docs-chef-io/content/inspec/resources/azure_sentinel_alert_rules.md
@@ -0,0 +1,128 @@
++++
+title = "azure_sentinel_alert_rules Resource"
+platform = "azure"
+draft = false
+gh_repo = "inspec-azure"
+
+[menu.inspec]
+title = "azure_sentinel_alert_rules"
+identifier = "inspec/resources/azure/azure_sentinel_alert_rules Resource"
+parent = "inspec/resources/azure"
++++
+
+Use the `azure_sentinel_alert_rules` Chef InSpec audit resource to test properties of an Azure Sentinel alert rule for a resource group or the entire subscription.
+
+For additional information, see the [`Azure Sentinel Alert Rules API documentation`](https://docs.microsoft.com/en-us/rest/api/datafactory/pipeline-runs/query-by-factory).
+
+## Azure REST API Version, Endpoint, and HTTP Client Parameters
+
+{{% inspec_azure_common_parameters %}}
+
+## Installation
+
+{{% inspec_azure_install %}}
+
+## Syntax
+
+An `azure_sentinel_alert_rules` resource block returns all Azure Sentinel alerts rules, either within a Resource Group (if provided), or within an entire Subscription.
+
+```ruby
+describe azure_sentinel_alert_rules(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do
+  #...
+end
+```
+
+## Parameters
+
+`resource_group` _(required)_
+
+: The name of the resource group.
+
+`workspace_name` _(required)_
+
+: The name of the workspace.
+
+## Properties
+
+`names`
+: A list of the unique resource names.
+
+: **Field**: `name`
+
+`ids`
+: A list of alert_rule IDs .
+
+: **Field**: `id`
+
+`properties`
+: A list of properties for the resource.
+
+: **Field**: `properties`
+
+`types`
+: A list of types for each resource.
+
+: **Field**: `type`
+
+`severities`
+: The list of severity for alerts created by this alert rule.
+
+: **Field**: `severity`
+
+`displayNames`
+: The List of display name for alerts created by this alert rule.
+
+: **Field**: `displayName`
+
+`enableds`
+: The list of flags which Determines whether this alert rule is enabled or disabled.
+
+: **Field**: `enabled`
+
+`kinds`
+: The alert rule kind.
+
+: **Field**: `kind`
+
+`alertRuleTemplateNames`
+: The Name of the alert rule template used to create this rule.
+
+: **Field**: `alertRuleTemplateName`
+
+{{% inspec_filter_table %}}
+
+## Examples
+
+**Test if properties match.**
+
+```ruby
+describe azure_sentinel_alert_rules(resource_group: resource_group, workspace_name: workspace_name) do
+  its('names') { should include 'BuiltInFusion' }
+  its('types') { should include 'Microsoft.SecurityInsights/alertRules' }
+  its('kinds') { should include 'Fusion' }
+  its('severities') { should include 'High' }
+  its('enableds') { should include true }
+  its('displayNames') { should include 'Advanced Multistage Attack Detection' }
+  its('alertRuleTemplateNames') { should include 'f71aba3d-28fb-450b-b192-4e76a83015c8' }
+end
+```
+
+**Test if any alert ruleS exist in the resource group.**
+
+```ruby
+describe azure_sentinel_alert_rules(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do
+  it { should exist }
+end
+```
+
+**Test that there aren't any alert rule in a resource group.**
+
+```ruby
+describe azure_sentinel_alert_rules(resource_group: 'RESOURCE_GROUP', workspace_name: 'WORKSPACE_NAME') do
+  it { should_not exist }
+end
+```
+
+## Azure Permissions
+
+{{% azure_permissions_service_principal role="contributor" %}}
diff --git a/docs/resources/azure_sentinel_alert_rule.md b/docs/resources/azure_sentinel_alert_rule.md