Control: 2.23 Ensure that Logstore data retention period is set 365 days or greater

Description

Ensure Activity Log Retention is set for 365 days or greater.

Remediation

Perform below steps to ensure the log retention is set to 365 days or greater.

Logon to SLS Console.
Find the project in the Projects section, and then click the target project name.
On the page that appears, click Modify a Logstore icon next to the Logstore, and then choose Modify.
On the page that appears, click Modify, modify the Data Retention Period to 365 or greater and then click Save.

Default Value:

The Permanent Storage is turned off by default.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_2_23

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_2_23 --share

SQL

This control uses a named query:

select
  'acs:sls:' || region || ':' || project || ':logstore/' || name as resource,
  case
    when ttl = -1 then 'ok'
    when ttl >= 365 then 'ok'
    else 'alarm'
  end as status,
  case
    when ttl = -1 then title || ' has permanent storage enabled.'
    when ttl is null then title || ' data retention period not configured.'
    when ttl >= 365 then title || ' data retention period set to ' || ttl || ' days.'
    else title || ' data retention period set to ' || coalesce(ttl::text, 'unknown') || ' days, which is less than the recommended 365 days.'
  end as reason
  , account_id as account_id, region as region
from
  alicloud_log_store;

Control: 2.23 Ensure that Logstore data retention period is set 365 days or greater

Description

Remediation

Default Value:

Usage

SQL

Tags