Ensure that diagnostic settings are enabled for exporting activity logs for your Microsoft Azure cloud resources. Diagnostic settings are available for each individual cloud resource within a subscription. The activity log captures all management activities performed by a cloud resource on the Azure platform.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
excellence
optimisation
efficiency
A diagnostic setting controls how an activity log is exported for a cloud resource. A well configured diagnostic setting should allow your activity logs to be exported to a secure location and stored for a longer period of time in order to be able to perform a better analysis of the recorded activity, useful later for security and compliance auditing.
Audit
To determine if exporting activity logs is enabled for each Azure cloud resource available in a subscription, perform the following actions:
Remediation / Resolution
To enable exporting activity logs for each Microsoft Azure cloud resource within your Azure subscription, perform the following actions:
References
- Azure Official Documentation
- Overview of Azure platform logs
- az monitor log-profiles create
- LT-5: Centralize security log management and analysis
- Azure Command Line Interface (CLI) Documentation
- az resource list
- az monitor diagnostic-settings list
- az monitor diagnostic-settings create