Ensure log profile is configured to capture all activities

Error: Log profile is not configured to capture all activities

Bridgecrew Policy ID: BC_AZR_LOGGING_6
Checkov Check ID: CKV_AZURE_38
Bridgecrew Severity: CRITICAL
Prisma Cloud Severity: HIGH

Log profile is not configured to capture all activities

Description

A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories Write, Delete and Action ensures that all control/management plane activities performed on the subscription are exported.

We recommend you configure the log profile to export all activities from the control/management plane.

Fix - Runtime

Azure Portal

The Azure portal currently has no provision to check or set categories.

CLI Command

To update an existing default log profile, use the following command:
az monitor log-profiles update --name default

Fix - Buildtime

Terraform

  • Resource: azurerm_monitor_log_profile
  • Argument: categories
resource "azurerm_monitor_log_profile" "example" {
    ...
    categories = [
 +   "Action",
 +   "Delete",
 +   "Write",
    ]
}

Did this page help you?