Monitor log profile should have activity logs for global services and all regions¶
Description¶
Configure the log profile to export activities from all Azure supported regions/locations including global. This rule is evaluated against all resource locations that Fugue has permission to scan.
Remediation Steps¶
Azure Portal¶
Note this rule applies to the legacy experience for Azure Activity log.
Navigate to Activity log.
Select Diagnostics setting.
Click Looking for the legacy experience? Click here to launch the ‘Export activity log’ blade.
From the Regions drop-down, check Select all.
Click Save.
Azure CLI¶
To enable activity logs for global services and all regions:
az monitor log-profiles update --name default
Azure Resource Manager¶
Ensure that a Microsoft.Insights/logprofiles resource contains the following, where
locations
includesglobal
and the regions of all declared resources:
{
"properties": {
"locations": [
"global"
]
}
}
Example Configuration¶
{
"type": "Microsoft.Insights/logprofiles",
"apiVersion": "2016-03-01",
"properties": {
"locations": [
"global"
]
}
}
Terraform¶
Ensure that an azurerm_monitor_log_profile contains the following:
locations
= [<list of every Azure region storing resources and “global”>]
Example Configuration¶
resource "azurerm_monitor_log_profile" "example" {
name = "default"
locations = [
"centralus",
"eastus",
"northcentralus",
"southcentralus",
"westus",
"francecentral",
"germanynorth",
"swedencentral",
"global",
# All regions containing Azure resources
]
# other required fields here
}