Add Azure Monitor persistence hook#913
Merged
Merged
Conversation
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
J12934
previously requested changes
Jan 6, 2022
J12934
left a comment
Member
There was a problem hiding this comment.
Looks great 😊
Noticed a few things while going over the code
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
J12934
reviewed
Jan 6, 2022
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
rfelber
previously approved these changes
Feb 20, 2022
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
rfelber
approved these changes
Feb 23, 2022
This was referenced Jan 6, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds the Azure Monitor persistence provider, as requested in #454.
Description
Azure Monitor is the logging service by Microsoft. It allows configuring alerting based on events in logs, and also serves as the basis for Microsoft Sentinel, the cloud SIEM by Microsoft. As such, it can be desireable to push results from SCB into the system so that they can be acted upon.
This hook uses the data collector API to push the data into custom log types (one per scan type). For more details, read the included documentation.
At the moment, the code is fairly bare-bones and does not check if the data actually conforms to the expectations that Azure Monitor has, namely, a maximum of:
The consequences for not respecting the field value and column name size limitations are truncation of the data. Too large POST requests will likely be rejected by the system with a HTTP error (not explicitly specified in docs). If desired, I can add more checks to the code to validate these requirements explicitly - I expect that 99.999% of secureCodeBox findings will fall within them without any extra modification. Truncation seems like an okay outcome to me (and cannot be prevented using checks on our end, since the only thing we could do is to truncate client-side). So the only place where we can actually do anything useful based on the client-side checks would be to split up POSTs that are larger than 30 MB into multiple individual POSTs. Do we expect findings to be larger than 30 MB?
Checklist
npm testruns for the whole project.