last sync: 2024-Dec-05 18:53:22 UTC

Disconnections should be logged for PostgreSQL database servers.

Azure BuiltIn Policy definition

Source Azure Portal
Display name Disconnections should be logged for PostgreSQL database servers.
Id eb6f77b9-bd53-4e35-a23d-7f65d5f0e446
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description This policy helps audit any PostgreSQL databases in your environment without log_disconnections enabled.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DBforPostgreSQL/servers/configurations/value Microsoft.DBforPostgreSQL servers/configurations properties.value True False
Rule resource types IF (1)
Microsoft.DBforPostgreSQL/servers
Compliance
The following 9 compliance controls are associated with this Policy definition 'Disconnections should be logged for PostgreSQL database servers.' (eb6f77b9-bd53-4e35-a23d-7f65d5f0e446)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 4 Database Services Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_disconnections' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 4 Database Services Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_disconnections' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 4 Database Services Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_disconnections' on 'PostgreSQL Servers'. link 5
CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 4.3 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server Shared Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially. Enable `log_disconnections` on `PostgreSQL Servers`. Enabling `log_disconnections` helps PostgreSQL Database to `Logs end of a session`, including duration, which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance. link 5
New_Zealand_ISM 23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 New_Zealand_ISM_23.5.11.C.01 23. Public Cloud Security 23.5.11.C.01 Logging requirements n/a Agencies MUST ensure that logs associated with public cloud services are collected, protected, and that their integrity can be confirmed in accordance with the agency’s documented logging requirements. 19
NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 Access Control and Passwords 16.6.9 Events to be logged Customer n/a The events to be logged are key elements in the monitoring of the security posture of systems and contributing to reviews, audits, investigations and incident management. link 17
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 36
RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) Security Operations Centre (SOC) - 11.18 Shared n/a The SOC must be able to perform the following functions: (a) log collection and the implementation of an event correlation engine with parameter-driven use cases such as Security Information and Event Management (SIEM); (b) incident coordination and response; (c) vulnerability management; (d) threat hunting; (e) remediation functions including the ability to perform forensic artifact handling, malware and implant analysis; and (f) provision of situational awareness to detect adversaries and threats including threat intelligence analysis and operations, and monitoring indicators of compromise (IOC). This includes advanced behavioural analysis to detect signature-less and file-less malware and to identify anomalies that may pose security threats including at endpoints and network layers. link 11
SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Detect Anomalous Activity to Systems or Transaction Records Database Integrity n/a Ensure the integrity of the database records for the SWIFT messaging interface and act upon results link 12
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
[Preview]: Control the use of PostgreSql in a Virtual Enclave 5eaa16b4-81f2-4354-aef3-2d77288e396e VirtualEnclaves Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2019-10-03 22:58:00 add eb6f77b9-bd53-4e35-a23d-7f65d5f0e446
JSON compare n/a
JSON
api-version=2021-06-01
EPAC