last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Audit enabling of diagnostic logs in Event Hub

Name Audit enabling of diagnostic logs in Event Hub
Community-Policy GitHub
Id monitoring_event-hub-diagnostic-logs-audit
Version n/a
details on versioning
Category Event Hub
Microsoft docs
Description Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised
Mode Indexed
Type Custom Community
Effect Fixed
AuditIfNotExists
Used RBAC Role none
Rule Aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.days false
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.enabled false
Rule ResourceTypes IF (1)
Microsoft.EventHub/namespaces
JSON