last sync: 2024-Jul-17 18:20:29 UTC

Public IP addresses should have resource logs enabled for Azure DDoS Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Public IP addresses should have resource logs enabled for Azure DDoS Protection
Id 752154a7-1e0f-45c6-a880-ac75a7e4f648
Version 1.0.1
Details on versioning
Category Monitoring
Microsoft Learn
Description Enable resource logs for public IP addressess in diagnostic settings to stream to a Log Analytics workspace. Get detailed visibility into attack traffic and actions taken to mitigate DDoS attacks via notifications, reports and flow logs.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Rule aliases THEN-ExistenceCondition (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs.enabled microsoft.insights diagnosticSettings properties.logs[*].enabled True False
Microsoft.Insights/diagnosticSettings/metrics.enabled microsoft.insights diagnosticSettings properties.metrics[*].enabled True False
Microsoft.Insights/diagnosticSettings/workspaceId microsoft.insights diagnosticSettings properties.workspaceId True False
Rule resource types IF (1)
Microsoft.Network/publicIPAddresses
Compliance
The following 1 compliance controls are associated with this Policy definition 'Public IP addresses should have resource logs enabled for Azure DDoS Protection' (752154a7-1e0f-45c6-a880-ac75a7e4f648)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found n/a n/a 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Deploy Diagnostic Settings to Azure Services Deploy-Diagnostics-LogAnalytics Monitoring Deprecated ALZ
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-12 18:35:06 change Patch (1.0.0 > 1.0.1)
2021-03-31 14:35:06 add 752154a7-1e0f-45c6-a880-ac75a7e4f648
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC