New Resource Reporting

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

Intro

One of the common ask I get from customers is to alert on new resources when they are created. I typically hesitate to alert every time a single resource is created because I think the better approach is to generate a report of new resource on a schedule. So, for this blog I want to walk you through utilizing Azure Logic Apps along with Azure Log Analytics to generate a useful report that you can schedule. 

Sneek Peak 

Before we jump into implementation let’s look at what the Logic Apps looks like 

bwatts670_0-1613761551232.png

 

As you can see this is a simple Logic App. We only have 3 steps in this process: 

  • Schedule: simple scheduler to kick off the workflow 
  • Query for New Resources: Query Log Analytics Workspace using the KQL language to find new resources. 
  • Email HTML Report: Send the results of the KQL query via email as a HTML attachment. 

Below is an example of the HTML Report: 

bwatts670_1-1613761551237.png

Prerequisites 

If you’re interested in implementing this Logic App you need to be aware of a few requirements: 

 

1. You need to send you’re Azure Activity Logs to a Log Analytics Workspace in order for the Log Analytics query to come back with any results. 

 

Azure Activity log - Azure Monitor | Microsoft Docs 

 

2. For the example below I use the connector to Office365. So you either need an Office365 account or you need to use a different action for the email. 

Implementing 

Hopefully, everyone is still interested and wants to look at this in your environment. Well let’s walk through importing the Logic App! 

Step 1: Create a Logic App 

You can follow the below document to create a Logic App if you’ve never created one before: 

 

Quickstart - Create your first Logic Apps workflow - Azure portal - Azure Logic Apps | Microsoft Docs 

 

You can name you’re Logic App whatever you like. I chose to name mine “NewResourcesReport” 

Step 2: Customize the Logic App 

When you create the Logic App it will bring you to the Template page. You can choose “Recurrence” to get started with the Logic App. 

bwatts670_2-1613761551244.png

 

I typically like to rename my steps before I do anything. So whenever I mention renaming a step you simply click on the “…” for the step and choose rename: 

bwatts670_3-1613761551248.png

 

Complete the following for the “Recurrence” step: 

  • Rename to “Schedule” 
  • Set to whatever interval you wish. I’m choosing to run mine once a week. 

bwatts670_4-1613761551253.png

 

Click on “+ New Step”search for “Azure Monitor”, and choose “Azure Monitor Logs” 

bwatts670_5-1613761551259.png

 

This will bring up the actions available for “Azure Monitor Logs” and we will use the “Run query and visualize results” 

bwatts670_6-1613761551263.png

 

Rename the action to “Query for New Resources” 

 

Enter the following values to connect to the Log Analytics Workspace where your “Azure Activity Logs” are being sent. 

  • Subscription: Azure Subscription where the Log Analytics Workspace is located 
  • Resource Group: Azure Resource Group where the Log Analytics Workspace is located 
  • Resource Type: Log Analytics Workspace 
  • Resource Name: Log Analytics Workspace where the Azure Activity Logs are being sent 
  • Query: 
let ResourceCreation=AzureActivity  | where OperationNameValue =~ 'MICROSOFT.RESOURCES/DEPLOYMENTS/WRITE';  ResourceCreation  | summarize arg_max(TimeGenerated, *) by CorrelationId  | where ActivityStatusValue =~ 'Success'  | project CorrelationId  | join kind=inner (ResourceCreation   | summarize arg_min(TimeGenerated, *) by CorrelationId) on CorrelationId  | project TimeGenerated, Caller, CallerIpAddress, ResourceGroup, ResourceId 

 

  • Time Range: Should match with you Schedule Activity. For example, my schedule is for once a week so I chose “Last 7 days” 
  • Chart Type: Html Table 

bwatts670_7-1613761551268.png

 

 

Click on “+ New Step” below this activity, search for “send an email (v2)”, and choose the Office 365 Outlook action named “Send an email (V2)” 

bwatts670_8-1613761551286.png

 

Rename the Action to “Email HTML Report” and fill out the following: 

  • Body: Whatever you wish for the Body of the email 
  • Subject: Whatever you wish for the Subject of the email 
  • To: Fill out the emails you wish to receive the report 
  • Click on “Add new parameter” and choose “Attachment” 
  • Attachment Content: from the “Dynamic content” choose “Attachment Content” under “Query for New Resources” 
  • Attachment Name: Something like “Resources.html” 

bwatts670_9-1613761551293.png

That’s it for the Logic App. You should now click on “Save” and once the Logic App is saved click on “Run” 

bwatts670_10-1613761551280.png

 

Summary 

With the help of Azure Log Analytics and the Kusto query language we are able to create a simple 3 step Logic App that will generate a HTML report that is emailed out on a recurring basis. This is a great example of how Azure Logic Apps can be a great tool to utilize as an Azure Administrator. 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.