💼 6.1.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it (Manual)
- ID:
/frameworks/cis-azure-v6.0.0/06/01/04
Description
Resource Logs capture activity to the data access plane while the Activity log is a subscription-level
log for the control plane. Resource-level diagnostic logs provide insight into operations that were
performed within that resource itself; for example, reading or updating a secret from a Key Vault.
Currently, 95 Azure resources support Azure Monitoring (See the more information section for a complete list),
including Network Security Groups, Load Balancers, Key Vault, AD, Logic Apps, and CosmosDB. The content
of these logs varies by resource type.
A number of back-end services were not configured to log and store Resource Logs for certain activities or
for a sufficient length. It is crucial that monitoring is correctly configured to log all relevant
activities and retain those logs for a sufficient length of time. Given that the mean time to detection
in an enterprise is 240 days, a minimum retention period of two years is recommended.
While an automated assessment procedure exists for this recommendation, the assessment status remains manual.
Determining whether resource logging should be enabled for specific resources depends on the context and
requirements of each organization and environment.
Similar
- Sections
/frameworks/cis-azure-v5.0.0/06/01/04
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)