Risk Level: Low
Cloud Entity: Log Profile
CloudGuard Rule ID: D9.AZU.LOG.01
Covered by Spectral: Yes
Category: Global

GSL LOGIC

LogProfile should have properties.retentionPolicy.enabled='true' and properties.retentionPolicy.days>=365

REMEDIATION

From Portal

Go to Activity log
Select Export
Set Retention (days) is set to 365 or 0
Select Save

From TF
Set the 'enabled' and 'days' arguments under 'azurerm_monitor_log_profile' as below:

resource "azurerm_monitor_log_profile" "example" {
	retention_policy {
		..
		enabled = true
		days    = NUMBEROFDAYS
		..
	}
}

From Command Line
Run

az monitor log-profiles update --name LOGPROFILENAME --set retentionPolicy.days=365 retentionPolicy.enabled=true

References

Log Profile

The Azure activity log captures control/management activities performed on a subscription. By default, the Azure Portal retains activity logs only for 90 days. The Log Profile defines the type of events that are stored or streamed and the outputs—storage account and/or event hub. The Log Profile, if configured properly, can ensure that all activity logs are retained for longer duration.

Compliance Frameworks

AZU PCI-DSS 4.0
Azure CloudGuard Best Practices
Azure HITRUST v9.5.0
Azure ITSG-33
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset