Top / Microsoft Azure / Azure Security Center / Workspace

Azure Security Center Workspace

This page shows how to write Terraform and Azure Resource Manager for Security Center Workspace and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_security_center_workspace (Terraform)

The Workspace in Security Center can be configured in Terraform with the resource name azurerm_security_center_workspace. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

securitycenter.tf#L13
resource "azurerm_security_center_workspace" "sc" {
  scope        = var.scope_id
  workspace_id = var.workspace_id

  depends_on = [azurerm_security_center_subscription_pricing.sc]
}
akssec.tf#L11
resource "azurerm_security_center_workspace" "asc_la" {
  scope        = "/subscriptions/6786a392-5dfc-4ed5-8a03-baba5ce5c186"
  workspace_id = azurerm_log_analytics_workspace.lawaks.id
}
resource.tf#L1
resource "azurerm_security_center_workspace" "sc" {
  scope        = var.subscription_id
  workspace_id = var.res_la_workspace_id
}

resource "azurerm_security_center_subscription_pricing" "sec_pricing" {
80-security-center.tf#L17
resource "azurerm_security_center_workspace" "sc" {
  count        = var.deployOptionalFeatures.security_center ? 1 : 0
  scope        = data.azurerm_subscription.primary.id
  workspace_id = local.Project-law.id

  depends_on = [azurerm_security_center_subscription_pricing.sc]
80-security-center.tf#L17
resource "azurerm_security_center_workspace" "sc" {
  count        = var.deployOptionalFeatures.security_center ? 1 : 0
  scope        = data.azurerm_subscription.primary.id
  workspace_id = local.Project-law.id

  depends_on = [azurerm_security_center_subscription_pricing.sc]
main.tf#L7
resource "azurerm_security_center_workspace" "this" {
  scope        = var.scope
  workspace_id = var.workspace_id

  dynamic "timeouts" {
    for_each = var.timeouts
main.tf#L15
resource "azurerm_security_center_workspace" "sc" {
  count = var.enable_security_center ? 1 : 0
  scope        = var.scope_id
  workspace_id = var.workspace_id

  depends_on = [azurerm_security_center_subscription_pricing.sc]
main.tf#L7
resource "azurerm_security_center_workspace" "this" {
  scope        = var.scope
  workspace_id = var.workspace_id

  dynamic "timeouts" {
    for_each = var.timeouts
module.tf#L13
resource "azurerm_security_center_workspace" "sc" {
  scope        = var.scope_id
  workspace_id = var.workspace_id

  depends_on = [azurerm_security_center_subscription_pricing.sc]
}
80-security-center.tf#L17
resource "azurerm_security_center_workspace" "sc" {
  count        = var.deployOptionalFeatures.security_center ? 1 : 0
  scope        = data.azurerm_subscription.primary.id
  workspace_id = local.Project-law.id

  depends_on = [azurerm_security_center_subscription_pricing.sc]

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages the subscription's Security Center Workspace.

NOTE: Owner access permission is required.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Security Center Resources

In addition to the azurerm_security_center_contact, Azure Security Center has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_security_center_contact

Ensure to enable alert notifications

It is better to configure at least one valid contact for the security center. Microsoft will inform you directly in the event of a security incident using emails.

risk-label

azurerm_security_center_subscription_pricing

Ensure to enable alert notifications

It is better to enable Azure Defender, which is a cloud workload protection service for App Services. In addition, It is also able to analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP.

Review your Azure Security Center settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Security/workspaceSettings (Azure Resource Manager)

The workspaceSettings in Microsoft.Security can be configured in Azure Resource Manager with the resource name Microsoft.Security/workspaceSettings. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

UpdateWorkspaceSetting_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
            }
        }
    },
CreateWorkspaceSetting_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
                "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
            }
        }
GetWorkspaceSettings_example.json#L12
                        "type": "Microsoft.Security/workspaceSettings",
                        "properties": {
                            "workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
                            "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
                        }
                    },
UpdateWorkspaceSetting_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
            }
        }
    },
CreateWorkspaceSetting_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
                "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
            }
        }
GetWorkspaceSettings_example.json#L12
                        "type": "Microsoft.Security/workspaceSettings",
                        "properties": {
                            "workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
                            "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
                        }
                    },
UpdateWorkspaceSettingSubscription_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
            }
        }
    },
CreateWorkspaceSettingSubscription_example.json#L9
            "type": "Microsoft.Security/workspaceSettings",
            "properties": {
                "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
                "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
            }
        }
GetWorkspaceSettingsSubscription_example.json#L12
                        "type": "Microsoft.Security/workspaceSettings",
                        "properties": {
                            "workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
                            "scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
                        }
                    },
UpdateWorkspaceSetting_example.json#L9
      "type": "Microsoft.Security/workspaceSettings",
      "properties": {
        "workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
      }
    }
  },

The Other Related Azure Security Center Resources

Frequently asked questions

What is Azure Security Center Workspace?

Azure Security Center Workspace is a resource for Security Center of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Security Center Workspace?

For Terraform, the LaurentLesle/azure_terraform_blueprint_modules_security_center, msandbu/akseks and avishekansible/AzureLandingZone source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the assing/alerts-extension, assing/alerts-extension and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents