58 lines
2.6 KiB
YAML
58 lines
2.6 KiB
YAML
id: azure-appservice-insights-not-enabled
|
|
info:
|
|
name: Azure App Service Application Insights Not Enabled
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
Ensure that the Application Insights feature is enabled for all your Microsoft Azure App Services applications in order to provide advanced application monitoring. Application Insights is an extensible Application Performance Management (APM) service for developers and DevOps professionals available as monitoring feature within Azure cloud. The feature monitors your live App Services applications to automatically detect performance anomalies. It includes powerful analytics tools to help diagnose issues and understand what users do with your application. Application Insights can be enabled for apps on various platforms including .NET, Node.js, and Java EE, hosted on-premises, hybrid, or other public cloud platforms.
|
|
impact: |
|
|
Not enabling Application Insights may lead to a lack of vital application performance data and missed opportunities for optimizing application responsiveness and troubleshooting issues.
|
|
remediation: |
|
|
Enable Application Insights for Azure App Services applications through the Azure portal or by using the Azure CLI to ensure comprehensive monitoring and management of application performance.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
|
|
tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let AppServiceData of iterate(template.appServiceList)) {
|
|
AppServiceData = JSON.parse(AppServiceData);
|
|
set("name", AppServiceData.name);
|
|
set("resourceGroup", AppServiceData.resourceGroup);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: appServiceList
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp config appsettings list --name $name --resource-group $resourceGroup --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "APPLICATIONINSIGHTS_CONNECTION_STRING"
|
|
- "APPINSIGHTS_INSTRUMENTATIONKEY"
|
|
condition: and
|
|
negative: true
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'name + " in " + resourceGroup + " does not have Application Insights enabled"'
|
|
# digest: 490a0046304402201cc0d7288bd9db9b3382ac0a902fe358a4b77aff373a49cde740e4235919da6a02204c9716302a0f1c05ed6a128c65ed2ae3a95a3bd3d4231bd4fb090cfc510723fd:922c64590222798bb761d5b6d8e72950 |