Azure SQL Server does not have default auditing policy configured
Description
Configuring a default auditing policy for your Azure SQL Server can help improve the security and management of your database. Auditing allows you to keep a record of events and activities that have occurred on your database, such as user logins, data changes, and other actions.
Runtime - Buildtime
Code Example
go
resource "azurerm_function_app" "pass2" {
name = "test-azure-functions"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
https_only = false
enable_builtin_logging = true
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.1
ftps_state = "AllAllowed"
http2_enabled = false
cors {
allowed_origins = ["*"]
}
}
}Remediation
Terraform
- Resource: azurerm_function_app
- Arguments: enable_builtin_logging
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0663 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_156 |