Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Control: 3.1.7 Ensure that diagnostic log delivery is configured for Azure Databricks

Description

Azure Databricks Diagnostic Logging provides insights into system operations, user activities, and security events within a Databricks workspace. Enabling diagnostic logs helps organizations:

  • Detect security threats by logging access, job executions, and cluster activities.
  • Ensure compliance with industry regulations such as SOC 2, HIPAA, and GDPR.
  • Monitor operational performance and troubleshoot issues proactively.

Diagnostic logging provides visibility into security and operational activities within Databricks workspaces while maintaining an audit trail for forensic investigations, and it supports compliance with regulatory standards that require logging and monitoring.

Remediation

From Azure Portal

Enable diagnostic logging for Azure Databricks:

  1. Navigate to your Azure Databricks workspace.
  2. In the left-hand menu, select Monitoring > Diagnostic settings.
  3. Click + Add diagnostic setting.
  4. Under Category details, select the log categories you wish to capture, such as AuditLogs, Clusters, Notebooks, and Jobs.
  5. Choose a destination for the logs:
  • Log Analytics workspace: For advanced querying and monitoring.
  • Storage account: For long-term retention.
  • Event Hub: For integration with third-party systems.
  1. Provide a Name for the diagnostic setting.
  2. Click Save.

Implement log retention policies:

  1. Navigate to your Log Analytics workspace.
  2. Under General, select Usage and estimated costs.
  3. Click Data Retention.
  4. Adjust the retention period slider to the desired number of days (up to 730 days).
  5. Click OK.

Monitor logs for anomalies:

  1. Navigate to Azure Monitor.
  2. Select Alerts > + New alert rule.
  3. Under Scope, specify the Databricks resource.
  4. Define Condition based on log queries that identify anomalies (e.g. unauthorized access attempts).
  5. Configure Actions to notify stakeholders or trigger automated responses.
  6. Provide an Alert rule name and description.
  7. Click Create alert rule.

From Azure CLI

Enable diagnostic logging for Azure Databricks:

az monitor diagnostic-settings create --name "DatabricksLogging" --resource <databricks-resource-id> --logs '[{"category": "AuditLogs", "enabled": true}, {"category": "Clusters", "enabled": true}, {"category": "Notebooks", "enabled": true}, {"category": "Jobs", "enabled": true}]' --workspace <log-analytics-id>

Implement log retention policies:

az monitor log-analytics workspace update --resource-group <resource-group> --name <log-analytics-name> --retention-time 365

Monitor logs for anomalies:

az monitor activity-log alert create --name "DatabricksAnomalyAlert" --resource-group <resource-group> --scopes <databricks-resource-id> --condition "contains 'UnauthorizedAccess'"

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v400_3_1_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v400_3_1_7 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  display_name as subscription
from
  azure_subscription;

Tags

category = Compliance
cis = true
cis_item_id = 3.1.7
cis_level = 1
cis_section_id = 3.1
cis_type = manual
cis_version = v4.0.0
plugin = azure
service = Azure/General