Ensure that Activity Log Retention is set 365 days or greater
Ensure activity log retention is set for 365 days or greater.
Risk Level: Low
Cloud Entity: Log Profile
CloudGuard Rule ID: D9.AZU.LOG.01
Covered by Spectral: Yes
Category: Global
GSL LOGIC
LogProfile should have properties.retentionPolicy.enabled='true' and properties.retentionPolicy.days>=365
REMEDIATION
From Portal
- Go to Activity log
- Select Export
- Set Retention (days) is set to 365 or 0
- Select Save
From TF
Set the 'enabled' and 'days' arguments under 'azurerm_monitor_log_profile' as below:
resource "azurerm_monitor_log_profile" "example" {
retention_policy {
..
enabled = true
days = NUMBEROFDAYS
..
}
}
From Command Line
Run
az monitor log-profiles update --name LOGPROFILENAME --set retentionPolicy.days=365 retentionPolicy.enabled=true
References
- https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
- https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile
Log Profile
The Azure activity log captures control/management activities performed on a subscription. By default, the Azure Portal retains activity logs only for 90 days. The Log Profile defines the type of events that are stored or streamed and the outputs���storage account and/or event hub. The Log Profile, if configured properly, can ensure that all activity logs are retained for longer dur
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated about 1 year ago