Azure Security Center Workspace
This page shows how to write Terraform and Azure Resource Manager for Security Center Workspace and write them securely.
azurerm_security_center_workspace (Terraform)
The Workspace in Security Center can be configured in Terraform with the resource name azurerm_security_center_workspace
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_security_center_workspace" "sc" {
scope = var.scope_id
workspace_id = var.workspace_id
depends_on = [azurerm_security_center_subscription_pricing.sc]
}
resource "azurerm_security_center_workspace" "asc_la" {
scope = "/subscriptions/6786a392-5dfc-4ed5-8a03-baba5ce5c186"
workspace_id = azurerm_log_analytics_workspace.lawaks.id
}
resource "azurerm_security_center_workspace" "sc" {
scope = var.subscription_id
workspace_id = var.res_la_workspace_id
}
resource "azurerm_security_center_subscription_pricing" "sec_pricing" {
resource "azurerm_security_center_workspace" "sc" {
count = var.deployOptionalFeatures.security_center ? 1 : 0
scope = data.azurerm_subscription.primary.id
workspace_id = local.Project-law.id
depends_on = [azurerm_security_center_subscription_pricing.sc]
resource "azurerm_security_center_workspace" "sc" {
count = var.deployOptionalFeatures.security_center ? 1 : 0
scope = data.azurerm_subscription.primary.id
workspace_id = local.Project-law.id
depends_on = [azurerm_security_center_subscription_pricing.sc]
resource "azurerm_security_center_workspace" "this" {
scope = var.scope
workspace_id = var.workspace_id
dynamic "timeouts" {
for_each = var.timeouts
resource "azurerm_security_center_workspace" "sc" {
count = var.enable_security_center ? 1 : 0
scope = var.scope_id
workspace_id = var.workspace_id
depends_on = [azurerm_security_center_subscription_pricing.sc]
resource "azurerm_security_center_workspace" "this" {
scope = var.scope
workspace_id = var.workspace_id
dynamic "timeouts" {
for_each = var.timeouts
resource "azurerm_security_center_workspace" "sc" {
scope = var.scope_id
workspace_id = var.workspace_id
depends_on = [azurerm_security_center_subscription_pricing.sc]
}
resource "azurerm_security_center_workspace" "sc" {
count = var.deployOptionalFeatures.security_center ? 1 : 0
scope = data.azurerm_subscription.primary.id
workspace_id = local.Project-law.id
depends_on = [azurerm_security_center_subscription_pricing.sc]
Parameters
-
id
optional computed - string -
scope
required - string -
workspace_id
required - string -
timeouts
single block
Explanation in Terraform Registry
Manages the subscription's Security Center Workspace.
NOTE: Owner access permission is required.
Tips: Best Practices for The Other Azure Security Center Resources
In addition to the azurerm_security_center_contact, Azure Security Center has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_security_center_contact
Ensure to enable alert notifications
It is better to configure at least one valid contact for the security center. Microsoft will inform you directly in the event of a security incident using emails.
azurerm_security_center_subscription_pricing
Ensure to enable alert notifications
It is better to enable Azure Defender, which is a cloud workload protection service for App Services. In addition, It is also able to analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP.
Microsoft.Security/workspaceSettings (Azure Resource Manager)
The workspaceSettings in Microsoft.Security can be configured in Azure Resource Manager with the resource name Microsoft.Security/workspaceSettings
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
}
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
}
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
}
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
}
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
}
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
}
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
"scope": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
},
"type": "Microsoft.Security/workspaceSettings",
"properties": {
"workspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
}
}
},
Frequently asked questions
What is Azure Security Center Workspace?
Azure Security Center Workspace is a resource for Security Center of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Security Center Workspace?
For Terraform, the LaurentLesle/azure_terraform_blueprint_modules_security_center, msandbu/akseks and avishekansible/AzureLandingZone source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the assing/alerts-extension, assing/alerts-extension and assing/alerts-extension source code examples are useful. See the Azure Resource Manager Example section for further details.