Azure: Blueprints: ARM Template: Metric Alerts

In this tutorial, I will provide you with the basics on how to create a Metric Alert using ARM Templates in Blueprints.
In this case, our metric alert is used to indicate when a pipeline fails to run in an Azure Data Factory.

Step 1: Create an Action Group

Before we create a metric alert, we need to create an action group. In this action group, we will indicate that we wish to send our notifications to a mailbox as an email. We could setup an SMS or even trigger a webhook but such features are not cover in this tutorial.

To create an action group using an ARM Template, there are two ways to approach it.
The first method is to create the Action Group in the portal and then extract the ARM template from the portal.

Step 1A: Extract Action Group ARM Template using the portal

In the portal, search for Monitor. Next, in the Monitor, inside the left side panel, click on Alerts.
In the right panel, search for the Manage actions button. Then, click on the button + Action group.
Select your subscription and resource group, fill in the Action group name and display name and press Next Notifications.

In notification, select Email/SMS message/Push/Voice. A panel will slide in, check the Email checkbox and type your email. Click OK when you are done.

Don’t forget to type the name of the action group and create the action group.

If everything goes well, your new action group will show up in the list:

Step 1B: Extract ARM Template from Resource Group

Search for Resource Groups. In Resource Groups, select your resource group.

On the left side panel, scroll down until you find the Automation section, then press Export template.

After the portal ends creating the template, search for microsoft.insights/actionGroups. You will notices that there could be more than one under the property resources.
The one that you are interested has a particular value for the name property, in our case is: “name”: “[parameters(‘actionGroups_Carlstein_name’)]”.
Notices that the name is setup by a parameter that has the name we gave to the action group.

Let take a look to the whole resource:

The arrows indicate what are the properties we setup in the portal. Please notices that the location is Global, this resource can only exists in this location.

Next, in your blueprint, you only need to include this resource inside your resources array.

Step 2: Set Inbox to Receive Emails from Microsoft

Some inboxes are setup to receive only internal emails, block external emails that are not part of a whitelist, or just label them as spam.

So, make sure that these three emails are accepted by your inbox:

  • azure-noreply@microsoft.com
  • azureemail-noreply@microsoft.com
  • alerts-noreply@mail.windowsazure.com

Step 3: Set Inbox to Receive Emails from Microsoft

In the portal, search for Data Factories and select your data factory.

On the right side, you will find a button that says Author & Monitor.

Next, you press on Monitor and Alert & metrics as shown below.

In this section, press New alert rule. Give a name, description and severity level to your alert.

These are the level of severity:

  • Sev 0 = Critical
  • Sev 1 = Error
  • Sev 2 = Warning
  • Sev 3 = Informational
  • Sev 4 = Verbose

Select + Add criteria, pick the criteria you wish, in our case is Failed pipeline runs metrics.

Then, pick the type of failures you wish to consider, the conditions for which it should trigger, and the period of time and frequency that the condition will be evaluated.

Next, press + Configure notification, in the slide panel, check on the Use existing and select the action group you created.

Note: You can also create the action group directly from this panel; however, depending of the policies applied to your account, you might be restricted to do so and only be able to do it via the Monitor section or an ARM template.

When you finish, you will see your new alert.

Note: In Azure Data Factory, the alerts and metrics are not triggered when running in Debugging Mode. The only way to test them is by publishing and have some way to make the pipeline fail. In our case, we can set a variable in the pipeline of some type and in an activity try to setup a value that doesn’t match that time in order to trigger a failure.

Lets take a look to the ARM template for this. Search for the resource Microsoft.Insights/metricalerts.

In the first part of this resource we have:

  1. The name we used to give the alert
  2. The location which is always global
  3. The description
  4. The level of severity
  5. If the alert is enabled or not
  6. The frequency. In this case PT1M means every 1 minute

Notices that we have a dependency:

"dependsOn": [
      "[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_Carlstein_name'))]"
  ]

This means that before this metric alert is created, it will wait until the action group is created.

Next, we have the rest of this ARM template:

For which we have:

  1. This is the evaluation frequency, which we discussed previously.
  2. The property windowSize is the Period which as the value PT1M
  3. The name here has a auto-generated GUID but you can pick another name if you wish
  4. Here we have the three type of failures that we are listening to.
  5. Here is the criteria under Alert logic
  6. Finally, we provide the action group id that we will be using for this alert.

So, in this way, you can create your own blueprint to recreate your resources.

Share
Leave a comment

Sextortion and Ransomware

Author: Alejandro Godofredo Carlstein Ramos Mejia

In marketing, there are two emotions that can increase sales: fear and pleasure. Therefore, it is not surprising that scammers used these marketing concepts, for their nefarious purposes. We can call it social or psychological hacking. It allows these fraudsters to gain money from their preys plus entree to places where they are not supposed to have access. Therefore, no one is safe including corporations and governments. This kind of attack starts with a new way of blackmail, sextortion.

Sextortion is quite profitable for swindles. The FBI’s Internet Compliance Center (IC3) estimates a total of 83 million dollars in losses (Fazzini). It is incredible how many people are victimized by this kind of attack. The victim receives a shocking email. In this email, the crook claims to have filmed the victim masturbating (or watching something indecent) by gaining access to the computer. To make the threat even more believable, information such as the name, email and password are included into the message.

The email continues that if the victim does not pay a certain ransom, via bitcoins, inside the period of 24 to 72 hours, then the “film” will be exposed to all the victim’s relatives and co-workers. To make the threat even more convincing, the attacker explains that by opening a text editor and typing ‘48hr more’ (or something similar), the victim will be granted such time to obtain the sum to pay the ransom. Finally, the email threats the victim that he or she should not reach any government authority because it would be a waste of time and will regret it dearly.

The victim should know that the current email system is quite old and insecure. Attackers can easily change the content of the ‘from’ field. Actually, they can change the content of any field in the email. This is called Email spoofing. So, if they try to impress you by displaying your own email in the ‘from’ field, while insisting your email got hack (and they have full control of it), don’t be. This trick is an old technique used by spammers and scammers to prevent being track back.

There are different ways to obtain your email and password. One way is via the Deep Web, Darknet or Dark Web of which many things can be purchased such as fake driver licenses, passwords, drugs and more (DarkOwl). In this case, your leaked information can be purchased. As some of you may know, well-known companies such as Facebook as being previously victims of information leakage (Winder).

Another way these ruffians obtain your email and password is by publishing extensions, plugins, and applications in online markets such as Google Market, Firefox, and such (Doffman). This is dangerous in mobile devices and browser because it only takes the user to grant access to the storage or peripherals (such as the camera) while in regular computers the software may gain automatic access at installation.

Thanks to social media, job seeking sites and such websites, your information is exposed. If your email belongs to a domain that you own, your registration information is publicly available, unless you pay an extra fee to keep it private. They can also try to trick you by sending an email that seems to belong to a service provider you are using such as your hosting provider. Never, ever, click on a link provided to you by such emails. It’s better for you to go directly to the site of your service provider than using any link in the email. The same goes to phone numbers.

If these attackers notices that they keep failing in their intent to intimidate you, they will keep sending more emails with different claims into them. They are trying to figure out what “makes you tick”. They will claim to have installed a keylogger into your computer. They will state to have installed software that allows them to take screenshots of what you were watching. They will say that they have access all your online services. They will accuse you of all short of crimes. They will even tell you how you are their slave and they are your masters. They will use any physiological warfare at their disposition to bend your will.

This form of blackmail goes beyond the ransom for money. It imposes a security threat to governments and corporations. Just think about it. It only takes one victim to grant access, to these thugs, into a system. If a person, who is being blackmail, is willing to pay the ransom, then he or she may be willing to provide confidential information to these attackers. The best prevention is to inform your employees of such attack and create an HR program for victimized employees. Victims should be able to approach HR without fear of repercussion of any kind. Remember that your employees are your last line of defense. They can make it easier or harder to any attacker to infiltrate your system; which takes us to the next threat: Ransomware.

Ransomware is a corporate and governmental nightmare. When the attacker gains access to your system, a software will penetrate your systems by propagating and encrypting all content. Then, a message will show up indicating that only when the ransom is paid that the content would be unencrypted. The cost of paying the ransom normally is lower than the cost of hiring someone (or a company) to decrypt such content is higher; plus, there is no guarantee that it can be successfully done. Therefore, it is not surprise that entities that fall victim of such attack will pay the ransom in hopes to continue operating.

Another method of installing software such as the ransomware is via gratification. This trick involve leaving a USB flash drive in a location, such as the parking lot, or by providing such flash drive “for free” to victims. People love receiving or finding things for free.

The first line of defense is skepticism and some basic security measurements. You should not believe everything that an email says. You should not click on any link that an email provides. It is better if you go directly to the service provider instead. You should ensure that all your online accounts hold different strong passwords and change them frequently. You should make sure of the veracity of any plugin, extension, or application you are planning to install. Ask yourself if you really need it. Make separate copy of your content. If you find any devices or you are given a device such as a USB flash drive, do not plug it. It is not worth the risk.

If you are a corporation or government entity, you should have an active program to educate and support your employees. This program should include a place where employees can reach for help without fear of being judged, punished, discriminated, humiliated and fired. The less information your employees leak, due fear to be exposed, the harder is to gain unauthorized access.

Work Cities

Doffman, Zak. “New Android Warning: Millions Have Installed Apps Hiding A Costly Scam—Uninstall Now.” Fobes, 25 Sept. 2019, https://www.forbes.com/sites/zakdoffman/2019/09/25/new-android-warning-nasty-apps-installed-by-millions-scamming-100-from-unaware-users/#1e95f15762ec.

Fazzini, Kate. “Email Sextortion Scams Are on the Rise and They’re Scary — Here’s What to Do If You Get One.” CNBC, 17 June 2019, https://www.cnbc.com/2019/06/17/email-sextortion-scams-on-the-rise-says-fbi.html.

“DarkOwl.” What is the Darknet? DarkOwl LLC. N.d. Web. September 12, 2019. https://www.darkowl.com/what-is-the-darknet

Winder, Davey. “Unsecured Facebook Databases Leak Data Of 419 Million Users.” Fobes, 5 Sept. 2019, https://www.forbes.com/sites/daveywinder/2019/09/05/facebook-security-snafu-exposes-419-million-user-phone-numbers/#1b46efad1ab7.

Share
Leave a comment

SQL Join Types: Two (Outer) Full Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	FULL JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	FULL JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
--WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Alternative Query

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365)

Result

OrderID

CustomerName

ShipperName

10309   

Hungry Owl All-Night Grocers

Speedy Express

10365   

Antonio Moreno Taquería

United Package

10310   

The Big Cheese

United Package 

10308   

Ana Trujillo Emparedados y helados

Federal Shipping

NULL

Alfreds Futterkiste

NULL

All Queries

CREATE TABLE Orders(OrderID INT, CustomerID INT, EmployeeID INT, OrderDate DATE, ShipperID INT);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10308, 2, 7, '1996-09-18', 3);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10309, 37, 3, '1996-09-19', 1);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10310, 77, 8, '1996-09-20', 2);
INSERT INTO Orders(OrderID, CustomerID, EmployeeID, OrderDate, ShipperID ) VALUES (10365, 3, 3, '1996-11-27', 2);

CREATE TABLE Customers(CustomerID INT, CustomerName VARCHAR(50));
INSERT INTO Customers(CustomerID, CustomerName) VALUES (1, 'Alfreds Futterkiste');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (2, 'Ana Trujillo Emparedados y helados');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (3, 'Antonio Moreno Taquería');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (37, 'Hungry Owl All-Night Grocers');
INSERT INTO Customers(CustomerID, CustomerName) VALUES (77, 'The Big Cheese');

CREATE TABLE Shippers(ShipperID INT, ShipperName VARCHAR(50));
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (1, 'Speedy Express');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (2, 'United Package');
INSERT INTO Shippers(ShipperID, ShipperName) VALUES (3, 'Federal Shipping');

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName 
FROM Orders
  LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Customers
  LEFT JOIN Orders ON Orders.CustomerID = Customers.CustomerID
  LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL
UNION ALL
SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName FROM Shippers
  LEFT JOIN Orders ON Orders.CustomerID = Shippers.ShipperID
  LEFT JOIN Customers ON Customers.CustomerID = Shippers.ShipperID
WHERE Orders.CustomerID IS NULL AND Customers.CustomerID IS NULL 
--AND Orders.OrderId IN (10308, 10309, 10310, 10365
Share
Leave a comment

SQL Join Types: Two Left (Outer) Joins

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2: Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	LEFT JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share
Leave a comment

SQL Join Types: Inner Join and Left (Outer) Join

Tables

Table 1: Orders

OrderID

CustomerID

EmployeeID

OrderDate

ShipperID

10308

2

7

1996-09-18

3

10309

37

3

1996-09-19

1

10310

77

8

1996-09-20

2

10365 

1996-11-27 

Note: There is no order in which the CustomerID = 1 (Alfreds Futterkiste).

Table 2 : Customers

CustomerID

CustomerName

ContactName

Address

City

PostalCode

Country

1

Alfreds Futterkiste

Maria Anders

Obere Str. 57

Berlin

12209

Germany

2

Ana Trujillo Emparedados y helados

Ana Trujillo

Avda. de la Constitución 2222

México D.F.

05021

Mexico

3

Antonio Moreno Taquería

Antonio Moreno

Mataderos 2312

México D.F.

05023

Mexico

37 

Hungry Owl All-Night Grocers 

Patricia McKenna 

8 Johnstown Road 

Cork 

 

Ireland

77 

The Big Cheese 

Liz Nixon 

89 Jefferson Way Suite 2 

Portland 

97201 

USA 

Table 3: Shippers

ShipperID

ShipperName

Phone

Speedy Express 

(503) 555-9831 

United Package 

(503) 555-3199 

Federal Shipping 

(503) 555-9931 

Query

If you need a place to try this query, try here: https://www.w3schools.com/sql/trysql.asp?filename=trysql_op_in

SELECT Orders.OrderID, Customers.CustomerName, Shippers.ShipperName
FROM ((Orders
	INNER JOIN Customers ON Orders.CustomerID = Customers.CustomerID)
	LEFT JOIN Shippers ON Orders.ShipperID = Shippers.ShipperID)
WHERE Orders.OrderId IN (10308, 10309, 10310, 10365);

Result

OrderID

CustomerName

ShipperName

10308 

Ana Trujillo Emparedados y helados 

Federal Shipping 

10309 

Hungry Owl All-Night Grocers 

Speedy Express 

10310 

The Big Cheese 

United Package 

10365 

Antonio Moreno Taquería 

United Package 

Share
Leave a comment