Control: Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
The Azure Diagnostic Settings capture control/management activities performed on a subscription or Azure AD Tenant. By default, the Azure Portal retains activity logs only for 90 days. The Diagnostic Settings define the type of events that are stored or streamed and the outputs—storage account, log analytics workspace, event hub, and others. The Diagnostic Settings, if configured properly, can ensure that all logs are retained for longer duration. This section has recommendations for correctly configuring the Diagnostic Settings so that all logs captured are retained for longer periods.
Primary Policies
The following policies can be used to configure this control:
- 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
- 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
- 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
- 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group flow logs are captured and sent to Log Analytics
- 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
- 5.01 - Configuring Diagnostic Settings
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv2-0#/control/types/s0501
- tmod:@turbot/cis#/control/categories/cis
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/s0501"
Get Controls
Control Type URI
Category URI
GraphQL
CLI