Ensure that a 'Diagnostics Setting' exists

MEDIUM

Description

Description:

Enable Diagnostic settings for exporting activity logs.
Diagnostic setting are available for each individual resources within a subscription. Settings should be configured for all appropriate resources for your environment.

Rationale:

A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.

Remediation

From Azure Console

Go to 'Monitor'
Click the 'Diagnostics settings'
Click on the resource that has a diagnostic status of 'disabled'
Select 'Add Diagnostic Settings'
Enter a 'Diagnostic setting name'
Select the appropriate log, metric, and destination. (This may be Log Analytics/Storage account or Event Hub)
Click 'save'

Repeat these step for all resources as needed.

Policy Details

Rule Reference ID: AC_AZURE_0216

CSP: Azure

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: azurerm_monitor_diagnostic_setting

Resource Category: Logging and Monitoring

Resource Type: Monitor

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
CIS Azure Foundations v1.3.0
CIS Azure Foundations v1.4.0 Level 1

Detections