https://learn.microsoft.com/ja-jp/entra/id-protection/howto-export-risk-data
- resource-group.tf
|
1 2 3 4 5 |
resource "azurerm_resource_group" "log-hoge" { name = "log-hoge" location = "japaneast" tags = local.tags } |
- storage_account.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
resource "azurerm_storage_account" "log-hoge" { name = "loghoge" resource_group_name = azurerm_resource_group.log-hoge.name location = azurerm_resource_group.log-hoge.location account_tier = "Standard" account_kind = "StorageV2" account_replication_type = "LRS" access_tier = "Hot" min_tls_version = "TLS1_2" tags = local.tags allow_nested_items_to_be_public = false } resource "azurerm_storage_container" "log-hoge" { name = "log-hoge" storage_account_name = azurerm_storage_account.log-hoge.name container_access_type = "private" } |
- entra-audit-log.tf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
resource "azurerm_monitor_aad_diagnostic_setting" "entra_id_audit" { name = "entra_id_audit" storage_account_id = azurerm_storage_account.log-hoge.id log_analytics_workspace_id = data.terraform_remote_state.log-hoge.outputs.log_analytics_workspace_id_hoge log { category = "AuditLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "SignInLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "NonInteractiveUserSignInLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "ServicePrincipalSignInLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "ManagedIdentitySignInLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "ProvisioningLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "ADFSSignInLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "RiskyUsers" enabled = true retention_policy { days = 0 enabled = false } } log { category = "UserRiskEvents" enabled = true retention_policy { days = 0 enabled = false } } log { category = "NetworkAccessTrafficLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "RiskyServicePrincipals" enabled = true retention_policy { days = 0 enabled = false } } log { category = "ServicePrincipalRiskEvents" enabled = true retention_policy { days = 0 enabled = false } } log { category = "EnrichedOffice365AuditLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "MicrosoftGraphActivityLogs" enabled = true retention_policy { days = 0 enabled = false } } log { category = "RemoteNetworkHealthLogs" enabled = true retention_policy { days = 0 enabled = false } } } |
Was this helpful?
0 / 0
1989年生まれのFindy/SRE。ホスティングから大規模なアドテクなどのインフラエンジニアとして携わる。現在はサービスの信頼性向上、DevOps、可用性、レイテンシ、パフォーマンス、モニタリング、オブザーバビリティ、緊急対応、AWSでのインフラ構築、Docker開発環境の提供、IaC、新技術の検証、リファクタリング、セキュリティ強化、分析基盤の運用などを担当している。個人事業主では数社サーバー保守とベンチャー企業のSREインフラコンサルティングやMENTA/TechBullで未経験者にインフラのコーチング/コミュニティマネージャーとして立ち上げと運営をしている。また、過去「脆弱性スキャナVuls」のOSS活動もしており、自称エバンジェリスト/技術広報/テクニカルサポート/コントリビュータでもある。