Control: Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs
Description
Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.monitor_diagnostic_settings_exists_for_subscriptionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.monitor_diagnostic_settings_exists_for_subscription --shareSQL
This control uses a named query:
with subscription_diagnostic_settings as ( select distinct subscription_id from azure_diagnostic_setting)select sub.id as resource, case when d.subscription_id is null then 'alarm' else 'ok' end as status, case when d.subscription_id is null then sub.display_name || ' does not have a diagnostic setting for subscription activity logs.' else sub.display_name || ' has a diagnostic setting for subscription activity logs.' end as reason , sub.display_name as subscriptionfrom azure_subscription as sub left join subscription_diagnostic_settings as d on d.subscription_id = sub.subscription_id;