Control: Log Analytics Workspaces should block non-Azure Active Directory based ingestion
Description
Enforcing log ingestion to require Azure Active Directory authentication prevents unauthenticated logs from an attacker which could lead to incorrect status, false alerts, and incorrect logs stored in the system.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.log_analytics_workspace_block_non_azure_ingestionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.log_analytics_workspace_block_non_azure_ingestion --shareSQL
This control uses a named query:
log_analytics_workspace_block_non_azure_ingestion