Control: Azure Monitor log profile should collect logs for categories 'write', 'delete' and 'action'
Description
This policy ensures that a log profile collects logs for categories 'write', 'delete' and 'action'.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.monitor_log_profile_enabled_for_all_categories
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.monitor_log_profile_enabled_for_all_categories --share
SQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'categories') @> '["Write", "Action", "Delete"]' then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std -> 'categories') @> '["Write", "Action", "Delete"]' then ' collects logs for categories write, delete and action' else ' does not collects logs for all categories.' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_monitor_log_profile';