Control: 5.1.1 Ensure that a 'Diagnostics Setting' exists
Description
Enable Diagnostic settings for exporting activity logs. Diagnostic setting are available for each individual resources within a subscription. Settings should be configured for all appropriate resources for your environment.
A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.
Remediation
From Console
- Click on the resource that has a diagnostic status of disabled
- Select Add Diagnostic Settings
- Enter a Diagnostic setting name
- Select the appropriate log, metric, and destination. (This may be Log Analytics/Storage account or Event Hub)
- Click save
Note: By default, diagnostic setting is not set.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_5_1_1
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_5_1_1 --share
SQL
This control uses a named query:
manual_control