AzPolicyAdvertizer

last sync: 2021-May-05 13:56:08 UTC

Azure Policy definition

Resource logs in App Services should be enabled

Name Resource logs in App Services should be enabled
Azure Portal

Id 91a78b24-f231-4a8a-8da9-02c35b2b6510

Version 1.0.0
details on versioning

Category App Service
Microsoft docs

Description Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-02-17 14:28:42	add	91a78b24-f231-4a8a-8da9-02c35b2b6510

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "Resource logs in App Services should be enabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit enabling of resource logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised.",
    "metadata": {
      "version": "1.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "requiredRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (days)",
          "description": "The required resource logs retention in days"
        },
        "defaultValue": "365"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/sites"
          },
          {
            "field": "kind",
            "notContains": "functionapp"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Insights/diagnosticSettings",
          "existenceCondition": {
            "count": {
            "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
              "where": {
                "anyOf": [
                  {
                    "allOf": [
                      {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                        "equals": "true"
                      },
                      {
                        "anyOf": [
                          {
                          "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
                            "equals": "0"
                          },
                          {
                          "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
                          "greaterOrEquals": "[parameters('requiredRetentionDays')]"
                          }
                        ]
                      },
                      {
                        "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
                        "equals": "true"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
                        "equals": "true"
                      },
                      {
                        "anyOf": [
                          {
                          "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                            "notEquals": "true"
                          },
                          {
                            "field": "Microsoft.Insights/diagnosticSettings/storageAccountId",
                            "exists": false
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            },
            "greaterOrEquals": 1
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "91a78b24-f231-4a8a-8da9-02c35b2b6510"
}