Azure Monitor log profile does not capture all activities
Description
A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories Write, Delete and Action ensures that all control/management plane activities performed on the subscription are exported. We recommend you configure the log profile to export all activities from the control/management plane.
Code Example
go
resource "azurerm_monitor_log_profile" "example" {
...
categories = [
+ "Action",
+ "Delete",
+ "Write",
]
}Remediation
Azure Portal The Azure portal currently has no provision to check or set categories.*
CLI Command*
To update an existing default log profile, use the following command: `az monitor log-profiles update --name default` === Fix - Buildtime
Terraform
- Resource: azurerm_monitor_log_profile
- Arguments: categories
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0549 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | ARM, Terraform, Bicep, TerraformPlan |
| Checkov ID | CKV_AZURE_38 |