Resource Type: Azure > Monitor > Log Profile
The Log Profile resource type defines the settings for capturing and storing activity logs within your Azure environment, enabling users to monitor, audit, and analyze operations and security events for effective governance and compliance.
Resource Context
Log Profile is a part of the Monitor service.
Each Log Profile lives under a Subscription.
Controls
The primary controls for Azure > Monitor > Log Profile are:
It is also targeted by these controls:
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.2 Ensure that Activity Log Retention is set 365 days or greater (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.3 Ensure audit profile captures all the activities (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.4 Ensure the log profile captures activity logs for all regions including global (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) (Scored)
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/azure-monitor#/resource/types/logProfile
- tmod:@turbot/turbot#/resource/categories/managementTools
- turbot graphql resource --id "tmod:@turbot/azure-monitor#/resource/types/logProfile"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-monitor#/resource/types/logProfile';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-monitor#/resource/types/logProfile"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-monitor#/resource/types/logProfile' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query