I want to create a governanceRule using Bicep (https://learn.microsoft.com/en-us/azure/templates/microsoft.security/governancerules?pivots=deployment-language-bicep).
Following the above documentation, I started out with the bare minimum (just the required properties with hard-coded values). Though, no matter what I try every request returns an errorcode (Code:BadRequest) without any indication what is wrong with the request. So it seems to be trial and error (only errors so far) here.
I am mostly unsure about the conditionSets. The documentation talks about examples The governance rule conditionSets - see examples, yet I have not been able to find any example. The only example I could come up with is the one I added in the template below. It is generated by ChatGPT, so I am hesitent to accept this as a valid value.
Does anyone have a link to further documentation so I can setup this template correctly?
resource governanceRule 'Microsoft.Security/governanceRules@2022-01-01-preview' = {
name: 'sampleRuleName'
properties: {
displayName: 'Sample Governance Rule'
description: 'This is a sample governance rule for demonstration purposes.'
ownerSource: {
type: 'Manually'
}
rulePriority: 1
ruleType: 'Integrated'
sourceResourceType: 'Assessments'
conditionSets: [
{
query: 'type eq "Microsoft.Security/complianceResults" and properties.state eq "NonCompliant"'
}
]
}
}
Follow-up
I have tried to get this working with the link supplied by @wenbo. This link gave me useful insights and now I am sure I can create a valid template.
The deployment still fails, but at least now I know this is due to some issues at the end of Microsoft.
I find one example for you, reference
Your conditionSets seems not be in the correct pattern. Follow the sample code condtionSets
targetScope = 'subscription'
param disableManagerEmailNotification bool = false
param disableOwnerEmailNotification bool = false
param description string
param displayName string
param isDisabled bool = false
param isGracePeriod bool = true
param ownerSourceType string
param ownerSourceValue string
param remediationTimeFrame string = '7.00:00:00' //default 7 days
param rulePriority int
param ruleType string = 'Integrated'
param sourceResourceType string = 'Assessments'
resource governanceRules 'Microsoft.Security/governanceRules@2022-01-01-preview' = {
name: displayName
properties: {
conditionSets: [
{
conditions: [
{
value: [
'Low'
'Medium'
'High'
]
property: 'properties.metadata.severity'
operator: 'In'
}
]
}
]
description: description
displayName: displayName
governanceEmailNotification: {
disableManagerEmailNotification: disableManagerEmailNotification
disableOwnerEmailNotification: disableOwnerEmailNotification
}
isDisabled: isDisabled
isGracePeriod: isGracePeriod
ownerSource: {
type: ownerSourceType
value: ownerSourceValue
}
remediationTimeframe: remediationTimeFrame
rulePriority: rulePriority
ruleType: ruleType
sourceResourceType: sourceResourceType
}
}