nuclei-templates/cloud/azure/functions/azure-functionapp-appinsights-missing.yaml

id: azure-functionapp-appinsights-missing
info:
  name: Application Insights Integration for Azure Function Apps
  author: princechaddha
  severity: high
  description: |
    Ensure that the functions managed with Microsoft Azure Function App are configured to use Azure Monitor Application Insights. Application Insights is a robust APM solution designed to cater to the needs of both developers and DevOps experts. By enabling this service, you can effortlessly set up continuous monitoring for your serverless application. Application Insights excels at identifying performance irregularities and offers a suite of potent analytical tools to assist you in troubleshooting problems and gaining deep insights into user interactions with your application.    
  impact: |
    Without integration with Application Insights, Azure Function Apps may lack comprehensive monitoring, impacting the visibility and troubleshooting of performance issues.    
  remediation: |
    Configure your Azure Function Apps to integrate with Application Insights to enable detailed monitoring and analytics capabilities.    
  reference:
    - https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
  tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config

flow: |
  code(1);
  for (let AppData of iterate(template.functionApps)) {
    AppData = JSON.parse(AppData);
    set("name", AppData.name);
    set("resourceGroup", AppData.resourceGroup);
    code(2);
  }  

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az functionapp list --query '[*].{name:name, resourceGroup:resourceGroup}' --output json      

    extractors:
      - type: json
        name: functionApps
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az functionapp config appsettings list --name $name --resource-group $resourceGroup --query '[*].name' --output json      

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "APPINSIGHTS_INSTRUMENTATIONKEY"
        negative: true

      - type: word
        part: body
        words:
          - "["

    extractors:
      - type: dsl
        dsl:
          - 'name + " does not have Application Insights integration enabled"'
# digest: 490a0046304402202c00f10e8c72bde3b21ff58233646bd5850099ff2a0e0cf67ea8f565bd76940f02204e1a64a66609263e1f8310d8c171ed81170211f07d9bf390d915c33feaf52af2:922c64590222798bb761d5b6d8e72950