v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 5.1.2 Ensure Diagnostic Setting captures appropriate categories

Description

The diagnostic setting should be configured to log the appropriate activities from the control/management plane.

A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.

Remediation

From Console

  1. Login to Azure Monitor console
  2. Click Activity log
  3. Click on Diagnostic settings
  4. Click on Add or Edit Settings for the diagnostic settings entry
  5. Ensure that the following categories are checked: Administrative, Alert, Policy, and Security

Note: By default, diagnostic setting is not set.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v140_5_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v140_5_1_2 --share

SQL

This control uses a named query:

monitor_diagnostic_settings_captures_proper_categories

Tags

category = Compliance
cis = true
cis_item_id = 5.1.2
cis_level = 1
cis_section_id = 5.1
cis_type = automated
cis_version = v1.4.0
plugin = azure
service = Azure/Monitor