last sync: 2025-Jul-01 17:24:08 UTC

Resource logs in Azure Databricks Workspaces should be enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Resource logs in Azure Databricks Workspaces should be enabled
Id 138ff14d-b687-4faa-a81c-898c91a87fa2
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]
Category Azure Databricks
Microsoft Learn
Description Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Assessment(s) Assessments count: 1
Assessment Id: a59cd763-dbb7-4918-a5e5-b933705c8f74
DisplayName: Resource logs in Azure Databricks Workspaces should be enabled
Description: Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised.
Remediation description: To enable Azure Databricks diagnostics on a premium workspace: 1. Navigate to your Azure Databricks Workspace and open the Diagnostic settings blade. 2. Select "Add diagnostic setting". 3. Specify a name for the diagnostic settings. 4. Select one or more categories of logs to collect. 5. Configure the log destination. 6. Select "Save".
Categories: Data
Severity: Medium
User impact: Low
Implementation effort: Low
Threats: AccountBreach, DataExfiltration, DataSpillage, MaliciousInsider, ThreatResistance
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (5)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs.enabled microsoft.insights diagnosticSettings properties.logs[*].enabled True False
Microsoft.Insights/diagnosticSettings/logs[*] microsoft.insights diagnosticSettings properties.logs[*] True False
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.days True False
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.enabled True False
Microsoft.Insights/diagnosticSettings/storageAccountId microsoft.insights diagnosticSettings properties.storageAccountId True False
Rule resource types IF (1)
Compliance
The following 10 compliance controls are associated with this Policy definition 'Resource logs in Azure Databricks Workspaces should be enabled' (138ff14d-b687-4faa-a81c-898c91a87fa2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Logging and Threat Detection Enable logging for security investigation Shared **Security Principle:** Enable logging for your cloud resources to meet the requirements for security incident investigations and security response and compliance purposes. **Azure Guidance:** Enable logging capability for resources at the different tiers, such as logs for Azure resources, operating systems and applications inside in your VMs and other log types. Be mindful about different type of logs for security, audit, and other operation logs at the management/control plane and data plane tiers. There are three types of the logs available at the Azure platform: - Azure resource log: Logging of operations that are performed within an Azure resource (the data plane). For example, getting a secret from a key vault or making a request to a database. The content of resource logs varies by the Azure service and resource type. - Azure activity log: Logging of operations on each Azure resource at the subscription layer, from the outside (the management plane). You can use the Activity Log to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. There is a single Activity log for each Azure subscription. - Microsoft Entra logs: Logs of the history of sign-in activity and audit trail of changes made in the Microsoft Entra ID for a particular tenant. You can also use Microsoft Defender for Cloud and Azure Policy to enable resource logs and log data collecting on Azure resources. **Implementation and additional context:** Understand logging and different log types in Azure: https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview Understand Microsoft Defender for Cloud data collection: https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection Enable and configure antimalware monitoring: https://docs.microsoft.com/azure/security/fundamentals/antimalware#enable-and-configure-antimalware-monitoring-using-powershell-cmdlets Operating systems and application logs inside in your compute resources: https://docs.microsoft.com/azure/azure-monitor/agents/data-sources#operating-system-guest n/a link 16
K_ISMS_P_2018 2.10.1 K_ISMS_P_2018_2.10.1 K ISMS P 2018 2.10.1 2.10 Establish Procedures for Managing the Security of System Operations Shared n/a Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. 455
K_ISMS_P_2018 2.10.2 K_ISMS_P_2018_2.10.2 K ISMS P 2018 2.10.2 2.10 Establish Protective Measures for Administrator Privileges and Security Configurations Shared n/a Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. 431
K_ISMS_P_2018 2.11.1 K_ISMS_P_2018_2.11.1 K ISMS P 2018 2.11.1 2.11 Establish Procedures for Managing Internal and External Intrusion Attempts Shared n/a Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. 82
K_ISMS_P_2018 2.11.3 K_ISMS_P_2018_2.11.3 K ISMS P 2018 2.11.3 2.11 Collect, Monitor, and Analyze Data and Network Traffic Shared n/a Collect, monitor, and analyze data and network traffic to respond to internal or external infringement attempts in a timely manner. 45
K_ISMS_P_2018 2.11.5 K_ISMS_P_2018_2.11.5 K ISMS P 2018 2.11.5 2.11 Establish Procedures to Respond and Recover from Incidents Shared n/a Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. 82
K_ISMS_P_2018 2.9.2a K_ISMS_P_2018_2.9.2a K ISMS P 2018 2.9.2a 2.9.2a Establish Procedures for Information System Failures Shared n/a Establish procedures to detect, record, analyze, report, and respond to information system failures. 63
K_ISMS_P_2018 2.9.4 K_ISMS_P_2018_2.9.4 K ISMS P 2018 2.9.4 2.9 Maintain Logs and Establish Log Management Procedures Shared n/a Maintain log records for servers, applications, security systems, and networks. Define log types, access permissions, retention periods, and storage methods to ensure secure retention and prevent forgery, alteration, theft, and loss. 61
NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 LT. Logging and Threat Detection Risk analysis & information system security policies n/a Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed. In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation. 24
U.15.1 - Events Logged U.15.1 - Events Logged 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn true
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn unknown
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-05-22 17:43:18 change Patch (1.0.0 > 1.0.1)
2022-12-21 17:43:51 add 138ff14d-b687-4faa-a81c-898c91a87fa2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC