Benchmark: AU-6(4) Central Review And Analysis
Description
Provide and implement the capability to centrally review and analyze audit records from multiple components within the system.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select AU-6(4) Central Review And Analysis.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_au_6_4
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_au_6_4 --share
Controls
- App Service apps should have resource logs enabled
- Log Analytics extension should be installed on your Linux Azure Arc machines
- Log Analytics extension should be installed on your Windows Azure Arc machines
- Resource logs in Batch accounts should be enabled
- Guest Configuration extension should be installed on your machines
- Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity
- Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring
- Network traffic data collection agent should be installed on Linux virtual machines
- Network traffic data collection agent should be installed on Windows virtual machines
- Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring
- Resource logs in Data Lake Analytics should be enabled
- Resource logs in Azure Data Lake Store should be enabled
- Resource logs in Event Hub should be enabled
- Resource logs in IoT Hub should be enabled
- Resource logs in Key Vault should be enabled
- Resource logs in Logic Apps should be enabled
- Network Watcher should be enabled
- Resource logs in Search services should be enabled
- Auto provisioning of the Log Analytics agent should be enabled on your subscription
- Azure Defender for App Service should be enabled
- Microsoft Defender for Containers should be enabled
- Azure Defender for Key Vault should be enabled
- Azure Defender for Resource Manager should be enabled
- Azure Defender for servers should be enabled
- Azure Defender for Azure SQL Database servers should be enabled
- Microsoft Defender for Storage (Classic) should be enabled
- Resource logs in Service Bus should be enabled
- Auditing on SQL server should be enabled
- Azure Defender for SQL should be enabled for unprotected Azure SQL servers
- Resource logs in Azure Stream Analytics should be enabled