Control: Resource logs in IoT Hub should be enabled
Description
Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.iot_hub_logging_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.iot_hub_logging_enabled --shareSQL
This control uses a named query:
select address as resource, case when name in (select split_part((attributes_std ->> 'target_resource_id'), '.', 3) from terraform_resource where type = 'azurerm_monitor_diagnostic_setting' and split_part((attributes_std ->> 'target_resource_id'), '.', 2) = 'azurerm_iothub')then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when name in (select split_part((attributes_std ->> 'target_resource_id'), '.', 3) from terraform_resource where type = 'azurerm_monitor_diagnostic_setting' and split_part((attributes_std ->> 'target_resource_id'), '.', 2) = 'azurerm_iothub')then ' logging enabled' else ' logging disabled' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_iothub';