Log Profile is not provisioned
Enable Log Profile for exporting activity logs
Cloudanix
AZURE Monitor Audit
Enable Log Profile for exporting activity logs
Ensure activity log retention is set for 365 days or greater
A log profile controls how the activity log is exported and retained. Since the average time to detect a breach is 210 days, the activity log should be retained for 365 days or more in order to have time to respond to any incidents.
Ensure log profile is configured to export all activities
A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories 'write', 'delete' and 'action' ensures that all the control/management plane activities performed on the subscription are exported.
Ensure log profile is configured for all regions
Configure the log profile to export activities from all Azure supported regions/locations including global.
Ensure Storage Account container containing the logs is not publicly accessible
Allowing public access to activity log content may aid an adversary in identifying weaknesses in the affected account's use or configuration.
Ensure Storage Account container containing the logs is encrypted with BYOK
Configuring the storage account with the activity log export container to use BYOK (Use Your Own Key) provides additional confidentiality controls on log data as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.
Ensure Activity Log Alert exists for Create Policy Assignment
Monitoring for create policy assignment events gives insight into changes done in 'azure policy - assignments' and may reduce the time it takes to detect unsolicited changes.
Ensure Activity Log Alert exists for Delete Policy Assignment
Monitoring for Delete policy assignment events gives insight into changes done in 'azure policy - assignments' and may reduce the time it takes to detect unsolicited changes.
Ensure Activity Log Alert exists for Create or Update Network Security Group
Monitoring for 'Create' or 'Update Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Delete Network Security Group
Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Create or Update Network Security Group Rule
Monitoring for 'Create' or 'Update Network Security Group Rule' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Delete Network Security Group Rule
Monitoring for 'Delete Network Security Group Rule' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Create or Update Security Solution
Monitoring for 'Create' or 'Update Security Solution' events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Delete Security Solution
Monitoring for 'Delete Security Solution' events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Create or Update SQL Server Firewall Rule
Monitoring for 'Create' or 'Update SQL Server Firewall Rule' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Delete SQL Server Firewall Rule
Monitoring for 'Delete SQL Server Firewall Rule' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Create or Update Security Policy
Monitoring for 'Create' or 'Update Security Policy' events gives insight into changes to security policy and may reduce the time it takes to detect suspicious activity.
Ensure Activity Log Alert exists for Delete Security Policy
Monitoring for 'Delete Security Policy' events gives insight into changes to security policy and may reduce the time it takes to detect suspicious activity.
Setup Alerts for Virtual Machine Events
Ensure that an Azure activity log alert is fired whenever 'Create Virtual Machine' or 'Update Virtual Machine' events are triggered in your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs. The matched condition is Whenever the Administrative Activity Log 'Create or Update Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'
Setup Alerts for Power Off Virtual Machine Events
Ensure that a Microsoft Azure activity log alert is fired whenever a 'Power Off Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition defined in the alert configuration is triggered. The alert condition that this conformity rule checks for is Whenever the Administrative Activity Log 'Power Off Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'
Setup Alerts for Delete Virtual Machine Events
Ensure that a Microsoft Azure activity log alert is fired whenever a 'Delete Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition specified in the alert configuration is triggered. The alert condition that this rule searches for is Whenever the Administrative Activity Log 'Delete Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'
Setup Alerts for Update Key Vault Events
Ensure that a Microsoft Azure activity log alert is fired whenever Update Key Vault event is triggered inside your Microsoft Azure cloud account.
Setup Alerts for Delete Key Vault Events
Ensure that a Microsoft Azure activity log alert is fired whenever Delete Key Vault event is triggered inside your Microsoft Azure cloud account.
Ready to see your graph?
Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.
Book a DemoCLOUDANIX
Insights from Cloudanix
Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.
Case Studies
Real-world success stories where Cloudanix helped organizations secure their cloud infrastructure. Watch how we made a difference across ind…
Read Case Studies
What is CSPM?
Understand what Cloud Security Posture Management (CSPM) is and how it automates security and compliance across cloud environments.
Read more
CASB, CSPM, SIEM: Cloud Security Essentials
Understand how CASB, CSPM, and SIEM work together to enhance your cloud security posture and ensure better governance.
Read the blog What is Cloud Audit?
In-depth assessment of cloud environment for security, compliance, and optimization. Identify vulnerabilities, ensure data protection, and o…
Read the blog Top 10 Challenges of CSPM
Cloud environments are getting more complex and dynamic day by day, making it difficult to gain complete visibility into all assets and thei…
Read the blog
Cloudanix docs
Cloudanix offers you a single dashboard to secure your workloads. Learn how to set up Cloudanix for your cloud platform from our documentati…
Take a look
Changelog
A complete history of changes, improvements, and fixes for Cloudanix. Subscribe to get notified about the latest updates.
View Changelog