last sync: 2020-Jul-13 14:14:30 UTC

Azure Policy

Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'

Policy DisplayName Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'
Policy Id 1a4e592a-6a6e-44a5-9814-e36264ca96e7
Policy Category Monitoring
Policy Description This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'",
    "metadata": {
      "version": "1.0.0",
      "category": "Monitoring"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Insights/logprofiles",
          "existenceCondition": {
            "allOf": [
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                  "notEquals": "Write"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                  "notEquals": "Delete"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                  "notEquals": "Action"
                }
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "1a4e592a-6a6e-44a5-9814-e36264ca96e7"
}