nuclei-templates/cloud/azure/monitor/azure-monitor-diagnostic-un...

id: azure-monitor-diagnostic-unrestricted
info:
  name: Azure Monitor Diagnostic Settings for Subscription Activity Log Export Check
  author: princechaddha
  severity: medium
  description: |
    Ensure that Azure Monitor Diagnostic Settings are configured to export activity logs for the selected Microsoft Azure subscription. This helps in maintaining a record of all operational actions which are crucial for security and operational auditing.
  impact: |
    Not having diagnostic settings configured to export activity logs can lead to a lack of visibility into operational actions within the subscription, increasing the risk of undetected malicious activities or misconfigurations.
  remediation: |
    Configure Azure Monitor Diagnostic Settings to export activity logs. Refer to the Azure documentation on how to set up diagnostic settings for activity log export.
  reference:
    - https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
  tags: cloud,devops,azure,microsoft,monitor,azure-cloud-config

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az monitor diagnostic-settings subscription list --query 'value[*].id' --output json

    matchers:
      - type: word
        words:
          - '[]'

    extractors:
      - type: dsl
        dsl:
          - '"Azure Monitor Diagnostic Settings for Subscription Activity Log Export are not configured."'
# digest: 4a0a0047304502201beeae0368ad9e358c55f3337c6dd75d5eada2f2798fce3a719f2339273598f2022100955f605f5e73592c777ded6e85b113ea06416b64118eca587907422e873072e0:922c64590222798bb761d5b6d8e72950
monitor and keyvault templates 2024-07-18 13:25:33 +00:00			`id: azure-monitor-diagnostic-unrestricted`
			`info:`
			`name: Azure Monitor Diagnostic Settings for Subscription Activity Log Export Check`
			`author: princechaddha`
			`severity: medium`
			`description: \|`
			`Ensure that Azure Monitor Diagnostic Settings are configured to export activity logs for the selected Microsoft Azure subscription. This helps in maintaining a record of all operational actions which are crucial for security and operational auditing.`
			`impact: \|`
			`Not having diagnostic settings configured to export activity logs can lead to a lack of visibility into operational actions within the subscription, increasing the risk of undetected malicious activities or misconfigurations.`
			`remediation: \|`
			`Configure Azure Monitor Diagnostic Settings to export activity logs. Refer to the Azure documentation on how to set up diagnostic settings for activity log export.`
			`reference:`
			`- https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log`
			`tags: cloud,devops,azure,microsoft,monitor,azure-cloud-config`

			`self-contained: true`
			`code:`
			`- engine:`
			`- sh`
			`- bash`
			`source: \|`
			`az monitor diagnostic-settings subscription list --query 'value[*].id' --output json`

			`matchers:`
			`- type: word`
			`words:`
			`- '[]'`

			`extractors:`
			`- type: dsl`
			`dsl:`
			`- '"Azure Monitor Diagnostic Settings for Subscription Activity Log Export are not configured."'`
chore: sign templates 🤖 2024-09-12 05:59:14 +00:00			`# digest: 4a0a0047304502201beeae0368ad9e358c55f3337c6dd75d5eada2f2798fce3a719f2339273598f2022100955f605f5e73592c777ded6e85b113ea06416b64118eca587907422e873072e0:922c64590222798bb761d5b6d8e72950`