v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 5.1.7 Ensure that logging for Azure AppService 'HTTP logs' is enabled

Description

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Remediation

From Azure Portal

  1. Go to App Services and for each App Service:
  2. Go to Diagnostic Settings.
  3. Click Add Diagnostic Setting.
  4. Check the checkbox next to 'HTTP logs'.
  5. Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).

Default Value:

Not configured.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v200_5_1_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v200_5_1_7 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 5.1.7
cis_level = 2
cis_section_id = 5.1
cis_type = manual
cis_version = v2.0.0
plugin = azure
service = Azure/KeyVault