feat(azure): New azure monitor check monitor_ensure_diagnostic_setting_appropriate (#3421)

Co-authored-by: Pepe Fagoaga <pepe@verica.io>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>

tests/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories_test.py

@@ -0,0 +1,103 @@
+from unittest import mock
+
+from prowler.providers.azure.services.monitor.monitor_service import DiagnosticSetting
+from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION
+
+
+class Test_monitor_diagnostic_setting_with_appropriate_categories:
+    def test_monitor_diagnostic_setting_with_appropriate_categories_no_subscriptions(
+        self,
+    ):
+        monitor_client = mock.MagicMock
+        monitor_client.diagnostics_settings = {}
+
+        with mock.patch(
+            "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client",
+            new=monitor_client,
+        ):
+
+            from prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories import (
+                monitor_diagnostic_setting_with_appropriate_categories,
+            )
+
+            check = monitor_diagnostic_setting_with_appropriate_categories()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_no_diagnostic_settings(self):
+        monitor_client = mock.MagicMock
+        monitor_client.diagnostics_settings = {AZURE_SUBSCRIPTION: []}
+        with mock.patch(
+            "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client",
+            new=monitor_client,
+        ):
+            from prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories import (
+                monitor_diagnostic_setting_with_appropriate_categories,
+            )
+
+            check = monitor_diagnostic_setting_with_appropriate_categories()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].status == "FAIL"
+            assert result[0].resource_id == "Monitor"
+            assert result[0].resource_name == "Monitor"
+            assert (
+                result[0].status_extended
+                == f"There are no diagnostic settings capturing appropiate categories in subscription {AZURE_SUBSCRIPTION}."
+            )
+
+    def test_diagnostic_settings_configured(self):
+        monitor_client = mock.MagicMock
+        monitor_client.diagnostics_settings = {
+            AZURE_SUBSCRIPTION: [
+                DiagnosticSetting(
+                    id="id",
+                    logs=[
+                        mock.MagicMock(category="Administrative", enabled=True),
+                        mock.MagicMock(category="Security", enabled=True),
+                        mock.MagicMock(category="ServiceHealth", enabled=False),
+                        mock.MagicMock(category="Alert", enabled=True),
+                        mock.MagicMock(category="Recommendation", enabled=False),
+                        mock.MagicMock(category="Policy", enabled=True),
+                        mock.MagicMock(category="Autoscale", enabled=False),
+                        mock.MagicMock(category="ResourceHealth", enabled=False),
+                    ],
+                    storage_account_id="/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname",
+                ),
+                DiagnosticSetting(
+                    id="id2",
+                    logs=[
+                        mock.MagicMock(category="Administrative", enabled=False),
+                        mock.MagicMock(category="Security", enabled=True),
+                        mock.MagicMock(category="ServiceHealth", enabled=False),
+                        mock.MagicMock(category="Alert", enabled=True),
+                        mock.MagicMock(category="Recommendation", enabled=False),
+                        mock.MagicMock(category="Policy", enabled=True),
+                        mock.MagicMock(category="Autoscale", enabled=False),
+                        mock.MagicMock(category="ResourceHealth", enabled=False),
+                    ],
+                    storage_account_id="/subscriptions/1224a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname",
+                ),
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories.monitor_client",
+            new=monitor_client,
+        ):
+            from prowler.providers.azure.services.monitor.monitor_diagnostic_setting_with_appropriate_categories.monitor_diagnostic_setting_with_appropriate_categories import (
+                monitor_diagnostic_setting_with_appropriate_categories,
+            )
+
+            check = monitor_diagnostic_setting_with_appropriate_categories()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].status == "PASS"
+            assert result[0].resource_id == "Monitor"
+            assert result[0].resource_name == "Monitor"
+            assert (
+                result[0].status_extended
+                == f"There is at least one diagnostic setting capturing appropiate categories in subscription {AZURE_SUBSCRIPTION}."
+            )

tests/providers/azure/services/monitor/monitor_service_test.py

@@ -0,0 +1,102 @@
+from unittest import mock
+from unittest.mock import patch
+
+from prowler.providers.azure.services.monitor.monitor_service import (
+    DiagnosticSetting,
+    Monitor,
+)
+from tests.providers.azure.azure_fixtures import (
+    AZURE_SUBSCRIPTION,
+    set_mocked_azure_audit_info,
+)
+
+
+def mock_monitor_get_diagnostics_settings(_):
+    return {
+        AZURE_SUBSCRIPTION: [
+            DiagnosticSetting(
+                id="id",
+                logs=[
+                    mock.MagicMock(category="Administrative", enabled=True),
+                    mock.MagicMock(category="Security", enabled=True),
+                    mock.MagicMock(category="ServiceHealth", enabled=False),
+                    mock.MagicMock(category="Alert", enabled=True),
+                    mock.MagicMock(category="Recommendation", enabled=False),
+                    mock.MagicMock(category="Policy", enabled=True),
+                    mock.MagicMock(category="Autoscale", enabled=False),
+                    mock.MagicMock(category="ResourceHealth", enabled=False),
+                ],
+                storage_account_id="/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname",
+            )
+        ]
+    }
+
+
+@patch(
+    "prowler.providers.azure.services.monitor.monitor_service.Monitor.__get_diagnostics_settings__",
+    new=mock_monitor_get_diagnostics_settings,
+)
+class Test_Monitor_Service:
+    def test__get_client__(self):
+        monitor = Monitor(set_mocked_azure_audit_info())
+        assert (
+            monitor.clients[AZURE_SUBSCRIPTION].__class__.__name__
+            == "MonitorManagementClient"
+        )
+
+    def test__get_subscriptions__(self):
+        monitor = Monitor(set_mocked_azure_audit_info())
+        assert monitor.subscriptions.__class__.__name__ == "dict"
+
+    def test__get_diagnostics_settings(self):
+        monitor = Monitor(set_mocked_azure_audit_info())
+        assert len(monitor.diagnostics_settings) == 1
+        assert monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].id == "id"
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[0].enabled is True
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[0].category
+            == "Administrative"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[1].enabled is True
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[1].category
+            == "Security"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[2].category
+            == "ServiceHealth"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[3].enabled is True
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[3].category
+            == "Alert"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[4].category
+            == "Recommendation"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[5].enabled is True
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[5].category
+            == "Policy"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[6].category
+            == "Autoscale"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].logs[7].category
+            == "ResourceHealth"
+        )
+        assert (
+            monitor.diagnostics_settings[AZURE_SUBSCRIPTION][0].storage_account_id
+            == "/subscriptions/1234a5-123a-123a-123a-1234567890ab/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/storageaccountname"
+        )