Skip to main content

๐Ÿ’ผ 5 Logging and Monitoring

  • Contextual name: ๐Ÿ’ผ 5 Logging and Monitoring
  • ID: /frameworks/cis-azure-v1.5.0/05
  • Located in: ๐Ÿ’ผ CIS Azure v1.5.0

Descriptionโ€‹

This section covers security recommendations to follow to set logging and monitoring policies on an Azure Subscription.

Similarโ€‹

  • Internal
    • ID: dec-b-c54b5f52

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 5.1 Configuring Diagnostic Settings7
ย ย ย ย ๐Ÿ’ผ 5.1.1 Ensure that a 'Diagnostic Setting' exists - Level 1 (Manual)
ย ย ย ย ๐Ÿ’ผ 5.1.2 Ensure Diagnostic Setting captures appropriate categories - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible - Level 1 (Automated)
ย ย ย ย ๐Ÿ’ผ 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key - Level 2 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics - Level 2 (Manual)
ย ย ย ย ๐Ÿ’ผ 5.1.7 Ensure that logging for Azure AppService 'AppServiceHTTPLogs' is enabled. - Level 2 (Manual)
๐Ÿ’ผ 5.2 Monitoring using Activity Log Alerts10
ย ย ย ย ๐Ÿ’ผ 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution - Level 1 (Automated)
ย ย ย ย ๐Ÿ’ผ 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule - Level 1 (Automated)11
ย ย ย ย ๐Ÿ’ผ 5.2.9 Ensure that Activity Log Alert exists for Create or Update Public IP Address rule - Level 1 (Automated)
ย ย ย ย ๐Ÿ’ผ 5.2.10 Ensure that Activity Log Alert exists for Delete Public IP Address rule - Level 1 (Automated)
๐Ÿ’ผ 5.3 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it - Level 1 (Manual)