standard
turbot/azure_cis

Pipeline: 6.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled

Description

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Remediation

From Azure Portal

  1. Go to App Services.

For each App Service:

  1. Under Monitoring, go to Diagnostic settings.
  2. To update an existing diagnostic setting, click Edit setting against the setting. To create a new diagnostic setting, click Add diagnostic setting and provide a name for the new setting.
  3. Check the checkbox next to HTTP logs.
  4. Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).
  5. Click Save.

Default Value

Not configured.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run azure_cis.pipeline.cis_v300_6_1_6

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = azure_cis.pipeline.cis_v300_6_1_6
}

Params

NameTypeRequiredDescriptionDefault
database
connection.steampipe
YesDatabase connection string.connection.steampipe.default
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
YesThe verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default

Outputs

This pipeline has no outputs.

Tags

folder = CIS v3.0.0/6 Logging and Monitoring/6.1 Configuring Diagnostic Settings