v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 6.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled

Description

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Remediation

From Azure Portal

  1. Go to App Services.

For each App Service:

  1. Under Monitoring, go to Diagnostic settings.
  2. To update an existing diagnostic setting, click Edit setting against the setting. To create a new diagnostic setting, click Add diagnostic setting and provide a name for the new setting.
  3. Check the checkbox next to HTTP logs.
  4. Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).
  5. Click Save.

Default Value

Not configured.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v300_6_1_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v300_6_1_6 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 6.1.6
cis_level = 2
cis_section_id = 6.1
cis_type = manual
cis_version = v3.0.0
plugin = azure
service = Azure/KeyVault