Risk Level: Low
Description:
This plugin ensures that at least one log profile exists for your Microsoft Azure account. Logging in Azure is essential to protecting your Azure cloud environment.
Recommended Action: Ensure that monitor has a log profile.
About the Service :
Azure Monitor can help you improve the availability and performance of your apps and services. It provides a complete solution for gathering, evaluating, and responding to telemetry from the cloud and on-premises settings. This data enables you to better understand how your apps are doing and to detect concerns that may harm them or the resources they rely on in the future.
Impact:
Without a log profile, an Azure subscription will lack the necessary information for a project report and will not be able to submit logs to understand all ongoing activities. The Activity log is sent to Azure storage or event hubs via log profiles, which is a legacy mechanism.
Steps to Reproduce( Using Azure CLI ) :
- Sign in to Azure CLI.
- Run the command: “ az monitor log-profiles list ”.
- If the output comes out as an empty screen and nothing is displayed, then there are no existing log profiles for your Microsoft Azure Account.
- Repeat steps no. 2 and 3 for other subscriptions in your Microsoft Azure accounts.
Steps for Remediation( Using Azure CLI ) :
- Sign in to Azure Management Console.
- Create a new log profile with a name of your choice using the following command :
az monitor log-profiles create --name <name> --categories "Delete" "Write" "Action" --enabled true --days <days> --service-bus-rule-id "/subscriptions/<YOUR SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>/providers/Microsoft.EventHub/namespaces/<Event Hub NAME SPACE>/authorizationrules/RootManageSharedAccessKey"
- Repeat steps no. 2-5 for other Microsoft Azure accounts which do not have any log profile..