Skip to main content

πŸ“ Azure Diagnostic Setting for Azure AppService HTTP logs is not enabled 🟒

  • Contextual name: πŸ“ Diagnostic Setting for Azure AppService HTTP logs is not enabled 🟒
  • ID: /ce/ca/azure/monitor/diagnostic-settings-for-appservice-http-logs
  • Located in: πŸ“ Azure Monitor

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY
    • RELIABILITY

Description​

Open File

Description​

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Rationale​

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Impact​

Log consumption and processing will incur additional cost.

Audit​

From Azure Portal​
  1. Go to App Services.

For each App Service:

  1. Under Monitoring, go to Diagnostic Settings.
  2. Ensure a diagnostic setting exists that logs HTTP logs to a destination aligned to your environment's approach to log consumption (event hub, storage account, etc. dependent on what is consuming the logs such as SIEM or other log aggregation utility).

Default Value​

Not configured.

References​

  1. https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
  2. https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-3-enable-logging-for-security-investigation

Remediation​

Open File

Remediation​

From Azure Portal​

  1. Go to App Services.

For each App Service:

  1. Under Monitoring, go to Diagnostic Settings.
  2. To update an existing diagnostic setting, click Edit setting against the setting. To create a new diagnostic setting, click Add diagnostic setting and provide a name for the new setting.
  3. Check the checkbox next to HTTP logs.
  4. Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).
  5. Click Save.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS Azure v2.1.0 β†’ πŸ’Ό 5.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled - Level 2 (Manual)1
πŸ’Ό CIS Azure v3.0.0 β†’ πŸ’Ό 6.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled (Manual)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Logging and Monitoring Configuration49