Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace

Description

Link the Application Insights component to a Log Analytics workspace for logs encryption. Customer-managed keys are commonly required to meet regulatory compliance and for more control over the access to your data in Azure Monitor. Linking your component to a Log Analytics workspace that's enabled with a customer-managed key, ensures that your Application Insights logs meet this compliance requirement, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.application_insights_linked_to_log_analytics_workspace

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.application_insights_linked_to_log_analytics_workspace --share

SQL

This control uses a named query:

select
  a.id as resource,
  case
    when type = 'microsoft.insights/components' and workspace_resource_id is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when type = 'microsoft.insights/components' and workspace_resource_id is not null then a.name || ' linked to log analytics workspace.'
    else a.name || ' not linked to log analytics workspace.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_application_insight as a
  left join azure_subscription sub on sub.subscription_id = a.subscription_id;

Tags

rbi_itf_nbfc_v2017 = true
service = Azure/Monitor