Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-oci-compliance
Overview
3Dashboards
133Benchmarks
43Queries
2Variables
GitHub

Control: 3.1 Ensure audit log retention period is set to 365 days

Description

Ensuring audit logs are kept for 365 days.

Remediation

From Console

  1. Go to the Tenancy Details page.
  2. Click Edit Audit Retention Policy.
  3. Set the AUDIT RETENTION PERIOD to 365.
  4. Click Submit.

From Command Line

  1. Execute the following command:
oci audit config update --retention-period-days 365 --compartment-id <compartment OCID>

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v110_3_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v110_3_1 --share

SQL

This control uses a named query:

select
  id as resource,
  case
    when retention_period_days < 365 then 'alarm'
    else 'ok'
  end as status,
  'Audit log retention period set to ' || retention_period_days || '.'
  as reason
  
  , tenant_name as tenant
from
  oci_identity_tenancy;

Tags

category = Compliance
cis = true
cis_item_id = 3.1
cis_level = 1
cis_section_id = 3
cis_type = automated
cis_version = v1.1.0
plugin = oci
service = OCI/Identity