Monitor log profile does not have activity logs for global services and all regions Affecting Monitor service in Azure

Snyk CCSS

Logging / Configuration

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure HIPAA ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00688
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Configure the log profile to export activities from all Azure supported regions/locations, including global.

How to fix?

Set the locations attribute to include global and any other location storing resources.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "resources": [
        {
            "type": "Microsoft.Insights/logProfiles",
            "apiVersion": "2016-03-01",
            "name": "logprofile_allowed",
            "location": "[resourceGroup().location]",
            "properties": {
                "locations": [
                    "global",
                    "*"
                ],
                "categories": [
                    "AuditEvent",
                    "Administrative",
                    "ServiceHealth",
                    "Alert",
                    "Recommendation"
                ],
                "retentionPolicy": {
                    "enabled": true,
                    "days": 30
                }
            }
        }
    ]
}

ARM

Microsoft.Insights logprofiles

Terraform

Resource: azurerm_monitor_log_profile

References

Managing legacy log profiles