|   Trend Micro Cloud One™
Open menu

Activity Log All Activities

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Last updated: 04 February 2020
Risk level: Medium (should be achieved)

Ensure that the Log Profile created for your Azure cloud activity log is configured to collect logs for all the control & management activity categories, i.e. "Write", "Delete" and "Action" for security and compliance purposes. A Log Profile controls how the activity log is exported and retained within your Microsoft Azure cloud account.

Security

By configuring your account Log Profile to collect logs for "Write", "Delete" and "Action" event categories ensures that all the control and management activities performed on your Azure subscription are exported. These logs can be extremely useful for security and compliance auditing.

Note: When the Azure Log Profile is created using Microsoft Azure Management Console (Azure Portal), by default it is configured to export all activity log event categories. However, when the Log Profile is created using the Azure Command Line Interface (CLI), the user can explicitly choose which of the event categories to export.

Audit

To determine if your Azure Log Profile is configured to export logs for all activities, perform the following actions:

Note: Verifying Azure Log Profile configuration for event categories to export using Microsoft Azure Management Console is not currently supported.

Using Azure CLI

01 Run monitor log-profiles list command (Windows/macOS/Linux) using custom query filters to get the name of the event categories to export, configured for the Log Profile available in the current Azure subscription. If there is no Log Profile currently available, follow the steps outlined in this conformity rule to create one. Each Azure subscription has only one Log Profile:

az monitor log-profiles list 
	--query '[*].categories[]'

02 The command output should return the requested configuration information, i.e. the activity log event categories to export:

[
  "Action"
]

If the monitor log-profiles list command output does not return an array with all activity log event categories, i.e. "Write", "Delete" and "Action", the configuration of the Log Profile created to export activity logs within the selected Microsoft Azure subscription is not compliant.

03 Repeat step no. 1 and 2 for each subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To configure your Microsoft Azure Log Profiles to export logs for all activities (i.e. "Write", "Delete" and "Action"), perform the following actions:

Note: Configuring Azure Log Profile to export logs for all available activities using Microsoft Azure Management Console is not currently supported.

Using Azure CLI

01 Run monitor log-profiles list command (Windows/macOS/Linux) using custom query filters to get the name of the Log Profile available in the current Azure subscription. Each Microsoft Azure subscription has only one Log Profile:

az monitor log-profiles list
	--query '[*].name'

02 The command output should return the name of the requested Azure Log Profile:

[
  "cc-activity-log-profile"
]

03 Run monitor log-profiles update command (Windows/macOS/Linux) using the name of the Azure Log Profile returned at the previous step as identifier parameter to configure the selected profile to export logs for all the activities/operations performed within the current Microsoft Azure subscription, i.e. "Write", "Delete" and "Action" (the command does not produce an output):

az monitor log-profiles update
	--name cc-activity-log-profile
	--set categories=["Delete","Write","Action"]

04 Repeat steps no. 1 – 3 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Jul 29, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Activity Log All Activities

Risk level: Medium