Description
This policy identifies Azure Databricks Workspaces that are not configured to deliver diagnostic logging for the following categories: accounts, clusters, notebook, jobs, workspace.
Azure Databricks Diagnostic Logging provides visibility into system operations, user activities, and security events within a Databricks workspace. Enabling diagnostic logs allows organizations to:
- Detect security threats by capturing access events, job executions, and cluster activities.
- Maintain compliance with regulatory frameworks such as SOC 2, HIPAA, and GDPR.
- Monitor operational performance and proactively troubleshoot issues.
Rationaleโ
Diagnostic logging delivers critical visibility into security and operational activities within Databricks workspaces. It ensures auditability for forensic investigations and supports compliance requirements that mandate continuous logging and monitoring of cloud resources.
Impactโ
- Logs consume storage and may require additional monitoring solutions, potentially increasing operational overhead and costs.
- Incomplete or misconfigured logging may result in missing critical events, reducing visibility and monitoring effectiveness.
Auditโ
This policy flags an Azure Databricks Workspace as INCOMPLIANT if the related Azure Diagnostic Setting is not configured with the following log categories:
accountsclustersnotebookjobsworkspace
Referencesโ
- Audit log delivery for Azure Databricks
- Configure log data retention in Azure Monitor
- Databricks audit logs (China)
- Supported Microsoft Databricks workspace logs
Additional Informationโ
- Diagnostic logging requires the Azure Databricks Premium plan.
- Alert rules should be reviewed and updated regularly to address evolving security threats and operational needs.