Detections
Analytics

Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Log Analytics workspaces.
  2. Select the workspace you wish to edit.
  3. Under Settings, select Network Isolation.
  4. Under Virtual networks access configuration, set Accept data ingestion from public networks to No.

In Terraform -

  1. In the azurerm_log_analytics_workspace resource, set internet_ingestion_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/azure-monitor/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace#internet_ingestion_enabled

Policy Details

Rule Reference ID: AC_AZURE_0145
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_log_analytics_workspace
Resource Category: Analytics
Resource Type: Log Analytics Workspace

Frameworks