Monitor log profile does not have activity logs for global services and all regions Affecting Monitor service in Azure


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Logging/ Configuration

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-AzureHIPAAISO-27001NIST-800-53PCI-DSSSOC-2
  • Snyk IDSNYK-CC-00688
  • creditSnyk Research Team

Description

Configure the log profile to export activities from all Azure supported regions/locations, including global.

How to fix?

Set the locations attribute to include global and any other location storing resources.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "resources": [
        {
            "type": "Microsoft.Insights/logProfiles",
            "apiVersion": "2016-03-01",
            "name": "logprofile_allowed",
            "location": "[resourceGroup().location]",
            "properties": {
                "locations": [
                    "global",
                    "*"
                ],
                "categories": [
                    "AuditEvent",
                    "Administrative",
                    "ServiceHealth",
                    "Alert",
                    "Recommendation"
                ],
                "retentionPolicy": {
                    "enabled": true,
                    "days": 30
                }
            }
        }
    ]
}