standard
turbot/azure_compliance

Trigger: Detect & correct Storage account containers insights activity logs not encrypted with CMK

Detect Storage account containers insights activity logs not encrypted with CMK and then enable encryption using CMK.

Query

select
concat(
a.id,
' [',
a.subscription_id,
'/',
a.resource_group,
']'
) as title,
a.id as id,
a.name,
a.resource_group,
a.subscription_id,
a._ctx ->> 'connection_name' as conn
from
azure_storage_container c,
azure_storage_account a
where
c.name = 'insights-activity-logs'
and c.account_name = a.name
and a.encryption_key_source <> 'Microsoft.Keyvault';

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Monitor