turbot/azure_compliance

Control: 5.1.2 Ensure Diagnostic Setting captures appropriate categories

Description

The diagnostic setting should be configured to log the appropriate activities from the control/management plane.

A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.

Remediation

From Console

  1. Login to Azure Monitor console
  2. Click Activity log
  3. Click on Diagnostic settings
  4. Click on Add or Edit Settings for the diagnostic settings entry
  5. Ensure that the following categories are checked: Administrative, Alert, Policy, and Security

Note: By default, diagnostic setting is not set.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_5_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_5_1_2 --share

SQL

This control uses a named query:

monitor_diagnostic_settings_captures_proper_categories

Tags