Benchmark: Integrated Analysis of Audit Records AU-6(5)
Description
The organization integrates analysis of audit records with analysis of vulnerable scanning information, performance data, and information system monitoring information collected from other sources to further enhance the ability to identify inappropriate or unusual activity.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Integrated Analysis of Audit Records AU-6(5).
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5_au_6_5Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5_au_6_5 --shareControls
- App Service apps should have resource logs enabled
- Log Analytics extension should be installed on your Linux Azure Arc machines
- Log Analytics extension should be installed on your Windows Azure Arc machines
- Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed
- Resource logs in Batch accounts should be enabled
- Guest Configuration extension should be installed on your machines
- Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity
- Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring
- Network traffic data collection agent should be installed on Linux virtual machines
- Network traffic data collection agent should be installed on Windows virtual machines
- Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring
- Resource logs in Data Lake Analytics should be enabled
- Resource logs in Azure Data Lake Store should be enabled
- Resource logs in Event Hub should be enabled
- Resource logs in IoT Hub should be enabled
- Resource logs in Key Vault should be enabled
- Resource logs in Logic Apps should be enabled
- Network Watcher should be enabled
- Resource logs in Search services should be enabled
- Auto provisioning of the Log Analytics agent should be enabled on your subscription
- Azure Defender for App Service should be enabled
- Microsoft Defender for Containers should be enabled
- Azure Defender for DNS should be enabled
- Azure Defender for Key Vault should be enabled
- Azure Defender for Resource Manager should be enabled
- Azure Defender for servers should be enabled
- Azure Defender for Azure SQL Database servers should be enabled
- Azure Defender for SQL should be enabled for unprotected SQL Managed Instances
- Microsoft Defender for Storage (Classic) should be enabled
- Resource logs in Service Bus should be enabled
- Auditing on SQL server should be enabled
- Azure Defender for SQL should be enabled for unprotected Azure SQL servers
- Resource logs in Azure Stream Analytics should be enabled