Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Severity : High

Description: Exporting log activity for control plane activity allows for audited access to the Azure account with event data in the case of a security incident. Remediation Steps : Ensure that all activity is logged to the Event Hub or storage account for archiving.This control ensures that audit profile captures all the activities. The activity data is platform log that provides insight into subscription-level events. This includes information about the resources activity like modification to resource or its state like a VM is started. The log profile controls how the activity log is exported. The log profile is configured to collect logs for the categories write, delete and action. One subscription can have only one log profile. The log profile ensures that all the control/management plane activities performed on the subscription are exported.

Remediation Steps:

Perform following to configure retention period for recovery point :

  1. Login to Azure Portal usingĀ https://portal.azure.com.

  2. Navigate to All services.

  3. In All services, Select Monitor.

  4. In Monitor, Select Activity log.

  5. On the Activity log, Select Export activity log to open setup page.

  6. On the Diagnostic settings, select Diagnostic settings.

  7. On the Export activity log,

    1. Select required subscription from the Subscription list.

    2. Select required region from Regions dropdown list.

    3. Select Export to a storage account to export to storage account. IF logs should be written to event hub , Select Export to an event hub, then select Select a service bus namespace and choose the event hub namespace.

    4. Enter number of days to retain activity log data in the Retention day(s).

    5. Click Save.

Important:

Reference: