Ensure that diagnostic settings are configured to log the appropriate activities from the Azure Monitor control/management plane. Proper configuration of diagnostic settings is crucial for effective monitoring and capturing essential management activities performed by resources on the Azure platform.
PoC代码[已公开]
id: azure-diagnostic-categories-misconfigured
info:
name: Diagnostic Settings Categories on Azure Resources not configured
author: princechaddha
severity: medium
description: |
Ensure that diagnostic settings are configured to log the appropriate activities from the Azure Monitor control/management plane. Proper configuration of diagnostic settings is crucial for effective monitoring and capturing essential management activities performed by resources on the Azure platform.
impact: |
Misconfigured diagnostic settings can lead to inadequate logging of control and management activities, increasing the risk of unnoticed malicious activities or misconfigurations.
remediation: |
Configure diagnostic settings for each Azure resource to log necessary activities from the control/management plane, ensuring that all important events are captured and reviewed regularly for anomalies.
reference:
- https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings
tags: cloud,devops,azure,microsoft,diagnostic,azure-cloud-config
self-contained: true
code:
- engine:
- sh
- bash
source: |
az monitor diagnostic-settings subscription list --query 'value[*].{"name": name, "logs": logs}' --output json
matchers:
- type: word
words:
- '"enabled": false'
extractors:
- type: dsl
dsl:
- '"The configuration of the verified diagnostic setting for “Administrative”, “Security”, “Alert”, and “Policy” is not compliant."'
# digest: 4a0a0047304502210099c5a3283f6008b08b1f3e830f1d42e281224b93a07e0a9a2a9694b90e5f9f8202204e2b7c6a4dc46e526255772693148610bb3a4876a28d9f65e71e3af5a98ec2f7:922c64590222798bb761d5b6d8e72950