Skip to main content

More Info:

Configure the log profile to export activities from all Azure supported regions/locations including global.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

HIPAA, ISO27001, GDPR, PCIDSS

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration “Ensure log profile is configured for all regions” for Azure using the Azure console, you can follow the below steps:
  1. Log in to the Azure portal using your credentials.
  2. From the left-hand side menu, select “Log Analytics workspaces”.
  3. Select the workspace you want to configure for all regions.
  4. Click on “Advanced settings” under the “Settings” section of the left-hand side menu.
  5. Under “Data”, select “Log profiles”.
  6. Click on “Add” to create a new log profile.
  7. In the “Add log profile” window, enter a name for the log profile.
  8. Under the “Regions” section, select “All regions”.
  9. Under the “Categories” section, select the categories of logs you want to collect.
  10. Under the “Destination” section, select the destination where you want to send the logs.
  11. Click on “OK” to save the log profile.
By following these steps, you will remediate the misconfiguration “Ensure log profile is configured for all regions” for Azure using the Azure console.

To remediate the misconfiguration “Ensure log profile is configured for all regions” for AZURE using AZURE CLI, you can follow the below steps:Step 1: Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.Step 2: Run the following command to list all the available regions in your AZURE subscription:
az account list-locations --query [*].name
Step 3: Run the following command to create a log profile for each region:
for region in $(az account list-locations --query [*].name -o tsv); do az monitor log-profiles create --locations $region --categories Write --enabled true --days 30 --name default; done
This command will create a log profile named “default” for each region and enable it for 30 days.Step 4: Verify that the log profiles have been created for all regions by running the following command:
az monitor log-profiles list --query [*].locations
This command will list all the locations where the log profiles have been created.Step 5: Finally, you can validate the remediation by ensuring that the log profiles are configured for all regions.
To remediate the misconfiguration “Ensure log profile is configured for all regions” in Azure using Python, follow these steps:
  1. Import the necessary libraries:
from azure.mgmt.monitor import MonitorManagementClient
from azure.common.credentials import ServicePrincipalCredentials
  1. Set the required Azure credentials:
credentials = ServicePrincipalCredentials(
    client_id='<client-id>',
    secret='<client-secret>',
    tenant='<tenant-id>'
)
  1. Initialize the MonitorManagementClient:
client = MonitorManagementClient(
    credentials=credentials,
    subscription_id='<subscription-id>'
)
  1. Get a list of all the regions:
regions = [region.name for region in client.locations.list()]
  1. For each region, check if a log profile exists:
for region in regions:
    log_profile = client.log_profiles.get(
        resource_group_name='<resource-group-name>',
        name='<log-profile-name>',
        location=region
    )
    
    if not log_profile:
        # If the log profile doesn't exist, create it
        client.log_profiles.create_or_update(
            resource_group_name='<resource-group-name>',
            log_profile_name='<log-profile-name>',
            parameters={
                'location': region,
                'categories': {
                    'write': True,
                    'delete': True
                }
            }
        )
  1. Save the Python script and run it to remediate the misconfiguration.
Note: Replace the placeholders <client-id>, <client-secret>, <tenant-id>, <subscription-id>, <resource-group-name>, and <log-profile-name> with the actual values.

Additional Reading: