turbot/azure_compliance
Loading controls...

Control: 5.1.7 Ensure that logging for Azure AppService 'AppServiceHTTPLogs' is enabled.

Description

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Remediation

From Azure Portal

  1. Go to App Services
  2. For each App Service:
  3. Go to Diagnostic Settings
  4. Click Add Diagnostic Setting
  5. Check the checkbox next to 'AppServiceHTTPLogs'
  6. Configure destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v150_5_1_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v150_5_1_7 --share

SQL

This control uses a named query:

manual_control

Tags