Benchmark: Monitor
Description
This section contains recommendations for configuring Monitor resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Monitor.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.all_controls_monitorSnapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.all_controls_monitor --shareControls
- Application Insights components should block log ingestion and querying from public networks
- Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace
- Log Analytics workspaces should block log ingestion and querying from public networks
- Log Analytics Workspaces should block non-Azure Active Directory based ingestion
- Azure subscriptions should have a log profile for Activity Log
- Ensure Diagnostic Setting captures appropriate categories
- Ensure that Activity Log Alert exists for Create Policy Assignment
- Ensure that Activity Log Alert exists for Create or Update Network Security Group
- Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule
- Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
- Ensure that Activity Log Alert exists for Create or Update Security Solution
- Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
- Ensure that Activity Log Alert exists for Delete Network Security Group
- Ensure that Activity Log Alert exists for Delete Network Security Group Rule
- Ensure that Activity Log Alert exists for Delete Policy Assignment
- Ensure that Activity Log Alert exists for Delete Public IP Address rule
- Ensure that Activity Log Alert exists for Delete Security Solution
- Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
- An activity log alert should exist for specific Administrative operations
- Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule
- Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'
- Azure Monitor should collect activity logs from all regions
- Monitor log profiles should have retention set to 365 days or greater
- Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
- Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- Ensure the storage container storing the operational logs is not publicly accessible