how can i retrieve a variable called crowdstrike in json form ?
Hi @AhmesDAHAM-4465,
Welcome to Microsoft Q&A! Thanks for posting the question.
Based on my understanding, you are trying to use the parameter values in the json policy definition. The parameters can have the value assigned to them when assigning the policy to a scope. These parameters can also have default values.
To use the parameter values, you may define the parameter as below:
"parameters": {
"allowedLocations": { //parameter name
"type": "array", //type, this can be - string, array object, boolean, integer, float, or datetime
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
},
"defaultValue": [ "westus2" ], //default value
"allowedValues": [
"eastus2",
"westus2",
"westus"
]
}
}
To be able to refer to this parameter in the definition, please use the following format:
{
"field": "location",
"in": "[parameters('allowedLocations')]" //reference to parameter
}
You may also have paramters which are stronglyTyped which provides a multiselect list of options within the Azure portal.
For more details, please refer to the following links:
Parameters in Azure Policy
Conditions available in Azure Policy
Tutorial: Create a custom policy definition
Please let me know if you have any questions.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.
Thank you for responding , but i'm doing a policy that audit virtual machines that have an antivirus called crowdstrike , in order to do that i'm looking for how to retrieve that antivirus ( crowdstrike ) and what's it's path to get to it .
@AhmesDAHAM-4465, thank you for clarifying the issue.
In case the crowdstrike antivirus is installed through VM extension, you can use Azure policy to check if this extension exists on the VM or not. For reference, please check the following built-in policies in Azure. You may refer to Built-in policies by going to "Azure Policy" in Azure Portal --> "Definition" option.
1. Only approved VM extensions should be installed
2. Microsoft IaaSAntimalware extension should be deployed on Windows servers
Please note that Azure Policies are for governance of Azure Resource and in general, you may set policy rules for properties which are available in resource's ARM template. When an application is installed through extension, the ARM template has that entry, hence Azure Policy can be used for that.
In case, the application is not installed as VM extension, you will have to use Guest configuration feature of Azure Policy. Please refer to this How to guide series for more details.
Please let me know if you have any questions.
To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.
@AhmesDAHAM-4465, Just checking in to see if the above post helped answer your question.
To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.
9 people are following this question.
