Skip to main content

Subscription Does Not Contain Proper Diagnostic Settings Categories

Overview

A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.

Remediation from Azure Portal:

  1. Go to Azure Monitor
  2. Click Activity log
  3. Click on Export Activity Logs
  4. Select the Subscription from the dropdown menu
  5. Click on Add diagnostic setting
  6. Enter a name for your new Diagnostic Setting
  7. Check the following categories: Administrative, Alert, Policy, and Security
  8. Choose the destination details according to your organization's needs.

Vendor

Azure

Cloud Service

Monitor

CIS Azure v2.0.0 5.1.2

References

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic- settings, https://docs.microsoft.com/en-us/azure/azure-monitor/samples/resource-manager-diagnostic-settings, https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-3-enable-logging-for-security-investigation, https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest, https://learn.microsoft.com/en-us/powershell/module/az.monitor/new-azsubscriptiondiagnosticsetting?view=azps-9.2.0

Severity

2

Item Types

Custom::Microsoft::Subscription