Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Logging/ Configuration
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AzureHIPAAISO-27001NIST-800-53PCI-DSSSOC-2
- Snyk IDSNYK-CC-00688
- creditSnyk Research Team
Description
Configure the log profile to export activities from all Azure supported regions/locations, including global.
How to fix?
Set the locations attribute to include global and any other location storing resources.
Example configuration:
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Insights/logProfiles",
"apiVersion": "2016-03-01",
"name": "logprofile_allowed",
"location": "[resourceGroup().location]",
"properties": {
"locations": [
"global",
"*"
],
"categories": [
"AuditEvent",
"Administrative",
"ServiceHealth",
"Alert",
"Recommendation"
],
"retentionPolicy": {
"enabled": true,
"days": 30
}
}
}
]
}
Set the locations attribute to include global and any other location storing resources.
Example configuration:
resource "azurerm_monitor_log_profile" "valid" {
name = "default"
categories = ["Action", "Delete", "Write"]
locations = ["global", azurerm_resource_group.main.location]
storage_account_id = azurerm_storage_account.main.id
retention_policy {
enabled = false
}
}