π‘οΈ Azure Diagnostic Setting for Azure AppService HTTP logs is not enabledπ’βͺ
- Contextual name: π‘οΈ Diagnostic Setting for Azure AppService HTTP logs is not enabledπ’βͺ
- ID:
/ce/ca/azure/monitor/diagnostic-settings-for-appservice-http-logs - Tags:
- βͺ Impossible policy
- π’ Policy with categories
- π’ Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY,RELIABILITY
Descriptionβ
Descriptionβ
Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.
Rationaleβ
Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.
Impactβ
Log consumption and processing will incur additional cost.
Auditβ
From Azure Portalβ
Go to
App Services.For each
App Service:Under
Monitoring, go toDiagnostic Settings.Ensure a diagnostic setting exists that logs
HTTP logsto a destination aligned to your environment's approach to log consumption (event hub, storage account, etc. dependent on what is consuming the logs such as SIEM or other log aggregation utility).From Azure Policyβ
If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.
- Policy ID: 91a78b24-f231-4a8a-8da9-02c35b2b6510 - Name: 'App Service apps should have resource logs enabled'
... see more
Remediationβ
Remediationβ
From Azure Portalβ
Go to
App Services.For each App Service:
Under
Monitoring, go toDiagnostic Settings.To update an existing diagnostic setting, click
Edit settingagainst the setting. To create a new diagnostic setting, clickAdd diagnostic settingand provide a name for the new setting.Check the checkbox next to
HTTP logs.Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).
Click
Save.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ CIS Azure v2.1.0 β πΌ 5.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled - Level 2 (Manual) | 1 | no data | |||
| πΌ CIS Azure v3.0.0 β πΌ 6.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled (Manual) | 1 | no data | |||
| πΌ CIS Azure v4.0.0 β πΌ 7.1.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled (Automated) | 1 | no data | |||
| πΌ Cloudaware Framework β πΌ Logging and Monitoring Configuration | 65 | no data |