last sync: 2024-Apr-24 17:46:58 UTC

Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'
Id 1a4e592a-6a6e-44a5-9814-e36264ca96e7
Version 1.0.0
Details on versioning
Category Monitoring
Microsoft Learn
Description This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Insights/logProfiles/categories[*] microsoft.insights logprofiles properties.categories[*] false
Rule resource types IF (1)
The following 11 compliance controls are associated with this Policy definition 'Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'' (1a4e592a-6a6e-44a5-9814-e36264ca96e7)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Logging and Monitoring Configure central security log management Customer Ingest logs via Azure Monitor to aggregate security data generated by endpoint devices, network resources, and other security systems. Within Azure Monitor, use Log Analytics Workspace(s) to query and perform analytics, and use Azure Storage Accounts for long-term/archival storage. Alternatively, you may enable and on-board data to Azure Sentinel or a third-party SIEM. How to onboard Azure Sentinel: How to collect platform logs and metrics with Azure Monitor: How to collect Azure Virtual Machine internal host logs with Azure Monitor: How to get started with Azure Monitor and third-party SIEM integration: n/a link 6
CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 5 Logging and Monitoring Ensure audit profile captures all the activities Shared The customer is responsible for implementing this recommendation. The log profile should be configured to export all activities from the control/management plane. link 5
CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Audit and Accountability Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. Shared Microsoft and the customer share responsibilities for implementing this requirement. This requirement ensures that the contents of the audit record include the information needed to link the audit event to the actions of an individual to the extent feasible. Organizations consider logging for traceability including results from monitoring of account usage, remote access, wireless connectivity, mobile device connection, communications at system boundaries, configuration settings, physical access, nonlocal maintenance, use of maintenance tools, temperature and humidity, equipment delivery and removal, system component inventory, use of mobile code, and use of Voice over Internet Protocol (VoIP). link 15
CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 System and Information Integrity Identify unauthorized use of organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. System monitoring includes external and internal monitoring. System monitoring can detect unauthorized use of organizational systems. System monitoring is an integral part of continuous monitoring and incident response programs. Monitoring is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Output from system monitoring serves as input to continuous monitoring and incident response programs. Unusual/unauthorized activities or conditions related to inbound and outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements. link 11
hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 12 Audit Logging & Monitoring 1212.09ab1System.1-09.ab 09.10 Monitoring Shared n/a All applicable legal requirements related to monitoring authorized access and unauthorized access attempts are met. 3
hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 12 Audit Logging & Monitoring 1219.09ab3System.10-09.ab 09.10 Monitoring Shared n/a The information system is able to automatically process audit records for events of interest based on selectable criteria. 4
RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 n/a Manage and analyse audit logs in a systematic manner so as to detect, understand or recover from an attack. 4
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 39
RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services Security of Digital Services - 10.66 Shared n/a A financial institution must implement robust technology security controls in providing digital services which assure the following: (a) confidentiality and integrity of customer and counterparty information and transactions; (b) reliability of services delivered via channels and devices with minimum disruption to services; (c) proper authentication of users or devices and authorisation of transactions; (d) sufficient audit trail and monitoring of anomalous transactions; (e) ability to identify and revert to the recovery point prior to incident or service disruption; and (f) strong physical control and logical control measures link 32
SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Detect Anomalous Activity to Systems or Transaction Records Logging and Monitoring n/a Record security events and detect anomalous actions and operations within the local SWIFT environment. link 34
SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 6. Detect Anomalous Activity to Systems or Transaction Records Record security events and detect anomalous actions and operations within the local SWIFT environment. Shared n/a Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. link 52
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated BuiltIn
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History none
JSON compare n/a