Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: 5.1.1 Ensure that a 'Diagnostics Setting' exists

Description

Enable Diagnostic settings for exporting activity logs. Diagnostic setting are available for each individual resources within a subscription. Settings should be configured for all appropriate resources for your environment.

A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.

Remediation

From Console

  1. Click on the resource that has a diagnostic status of disabled
  2. Select Add Diagnostic Settings
  3. Enter a Diagnostic setting name
  4. Select the appropriate log, metric, and destination. (This may be Log Analytics/Storage account or Event Hub)
  5. Click save

Note: By default, diagnostic setting is not set.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_5_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_5_1_1 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  display_name as subscription
from
  azure_subscription;

Tags

category = Compliance
cis = true
cis_item_id = 5.1.1
cis_level = 1
cis_section_id = 5.1
cis_type = automated
cis_version = v1.3.0
plugin = azure
service = Azure/Monitor