v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 5.1.1 Ensure that a 'Diagnostics Setting' exists

Description

Enable Diagnostic settings for exporting activity logs. Diagnostic setting are available for each individual resources within a subscription. Settings should be configured for all appropriate resources for your environment.

A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.

Remediation

From Console

  1. Click on the resource that has a diagnostic status of disabled
  2. Select Add Diagnostic Settings
  3. Enter a Diagnostic setting name
  4. Select the appropriate log, metric, and destination. (This may be Log Analytics/Storage account or Event Hub)
  5. Click save

Note: By default, diagnostic setting is not set.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_5_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_5_1_1 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 5.1.1
cis_level = 1
cis_section_id = 5.1
cis_type = automated
cis_version = v1.3.0
plugin = azure
service = Azure/Monitor