Control: Monitor log profiles should have retention set to 365 days or greater
Description
This control is non-compliant if Monitor log profile retention is set to less than 365 days.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.monitor_log_profile_retention_365_daysSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.monitor_log_profile_retention_365_days --shareSQL
This control uses a named query:
select p.id as resource, case when p.retention_policy ->> 'enabled' = 'false' then 'alarm' when p.retention_policy ->> 'enabled' = 'true' and (p.retention_policy ->> 'days')::int >= 365 then 'ok' else 'alarm' end as status, case when p.retention_policy ->> 'enabled' = 'false' then p.name || ' retention policy disabled.' else p.name || ' retention is set to ' || (p.retention_policy ->> 'days') || ' day(s).' end as reason , p.resource_group as resource_group , sub.display_name as subscriptionfrom azure_log_profile as p left join azure_subscription sub on sub.subscription_id = p.subscription_id;