capture-all-activities
Explanation
Log profiles should capture all categories to ensure that all events are logged
Possible Impact
Log profile must capture all activity to be able to ensure that all relevant information possible is available for an investigation
Suggested Resolution
Configure log profile to capture all activities
Insecure Example
The following example will fail the azure-monitor-capture-all-activities check.
resource "azurerm_monitor_log_profile" "bad_example" {
name = "bad_example"
categories = []
retention_policy {
enabled = true
days = 7
}
}
Secure Example
The following example will pass the azure-monitor-capture-all-activities check.
resource "azurerm_monitor_log_profile" "good_example" {
name = "good_example"
categories = [
"Action",
"Delete",
"Write",
]
retention_policy {
enabled = true
days = 365
}
}