Azure-Monitor-Log-Profile-Archive-Data

Severity : High

Description: This control ensures that audit profile captures all the activities. The activity data is platform log that provides insight into subscription-level events. This includes information about the resources activity like modification to resource or its state like a VM is started. The log profile controls how the activity log is exported. The log profile is configured to collect logs for the categories write, delete and action. One subscription can have only one log profile. The log profile ensures that all the control/management plane activities performed on the subscription are exported.

Remediation Steps:

Perform following to configure retention period for recovery point :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to All services.

3. In All services, Select Monitor.

4. In Monitor, Select Activity log.

5. On the Activity log, Select Export activity log to open setup page.

6. On the Diagnostic settings, select Diagnostic settings.

7. On the Export activity log,

   1. Select required subscription from the Subscription list.

   2. Select required region from Regions dropdown list.

   3. Select Export to a storage account to export to storage account. IF logs should be written to event hub , Select Export to an event hub, then select Select a service bus namespace and choose the event hub namespace.

   4. Enter number of days to retain activity log data in the Retention day(s).

   5. Click Save.

Important:

Reference:

• Azure Foundations Benchmark v1.1.0 - 02-15-2019 : Recommendation #5.1.3

• Azure Activity log

• Azure monitor CLI commands