Control: App Service apps should have resource logs enabled
Description
Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_diagnostic_logs_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_diagnostic_logs_enabled --shareSQL
This control uses a named query:
select a.id as resource, case when (a.configuration-> 'properties' -> 'detailedErrorLoggingEnabled')::bool and (a.configuration -> 'properties' -> 'httpLoggingEnabled')::bool and (a.configuration-> 'properties' -> 'requestTracingEnabled')::bool then 'ok' else 'alarm' end as status, case when (a.configuration-> 'properties' -> 'detailedErrorLoggingEnabled')::bool and (a.configuration -> 'properties' -> 'httpLoggingEnabled')::bool and (a.configuration-> 'properties' -> 'requestTracingEnabled')::bool then a.name || ' diagnostic logs enabled.' else a.title || ' diagnostic logs disabled.' -- concat_ws(', ', -- case when not ((a.configuration-> 'properties' -> 'detailedErrorLoggingEnabled')::bool) then 'detailed_Error_Logging_Enabled' end, -- case when not ((a.configuration -> 'properties' -> 'httpLoggingEnabled')::bool) then 'http_logging_enabled' end, -- case when not ((a.configuration-> 'properties' -> 'requestTracingEnabled')::bool) then 'request_tracing_enabled' end -- ) || '.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as a, azure_subscription as subwhere sub.subscription_id = a.subscription_id;