AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Audit enabling of diagnostic logs in Event Hub

Name

Audit enabling of diagnostic logs in Event Hub
Community-Policy GitHub

monitoring_event-hub-diagnostic-logs-audit

Version

n/a
details on versioning

Category

Event Hub
Microsoft docs

Description

Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised

Mode

Indexed

Type

Custom Community

Effect

Fixed
AuditIfNotExists

Used RBAC Role

none

Rule Aliases

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days	microsoft.insights	diagnosticSettings	properties.logs[*].retentionPolicy.days	false
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled	microsoft.insights	diagnosticSettings	properties.logs[*].retentionPolicy.enabled	false

Rule ResourceTypes

IF (1)
Microsoft.EventHub/namespaces

JSON