Control: Resource logs in Virtual Machine Scale Sets should be enabled
Description
It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_scale_set_logging_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_scale_set_logging_enabled --shareSQL
This control uses a named query:
with malware_agent_installed_vm as ( select distinct a.vm_id from azure_compute_virtual_machine as a, jsonb_array_elements(extensions) as b where b ->> 'Publisher' = 'Microsoft.Azure.Security' and b ->> 'ExtensionType' = 'IaaSAntimalware' and b ->> 'AutoUpgradeMinorVersion' = 'true')select a.vm_id as resource, case when a.os_type <> 'Windows' then 'skip' when b.vm_id is not null then 'ok' else 'alarm' end as status, case when a.os_type <> 'Windows' then a.title || ' is of ' || a.os_type || ' operating syetem.' when b.vm_id is not null then a.title || ' automatic update of Microsoft Antimalware protection signatures enabled.' else a.title || ' automatic update of Microsoft Antimalware protection signatures not enabled.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine as a left join malware_agent_installed_vm as b on a.vm_id = b.vm_id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;