- CNS Policies
- Azure Knowledge Base
- Azure Monitor
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
Log Profile No Retention Policy
Risk Level: Low
Description:
This plugin enforces a log retention policy for Log Profiles. To aid in the investigation of previous security incidents and for compliance considerations, log retention rules should be configured with appropriate retention. The retention period represents the number of days to retain activity logs for a Microsoft Azure cloud subscription.
Recommended Action: Create a retention policy for log profiles.
About the Service :
Azure Monitor can help you improve the availability and performance of your apps and services. It provides a complete solution for gathering, evaluating, and responding to telemetry from the cloud and on-premises settings. This data enables you to better understand how your apps are doing and to detect concerns that may harm them or the resources they rely on in the future.
Impact:
The unavailability of the log retention period will lead to an insufficient amount of necessary activity log data and we may face difficulty in finding any anomalies and potential security breaches.
Steps to Reproduce( Using Azure CLI ) :
- Sign in to Azure CLI.
- Run the command: “ az monitor log-profiles list ”.
- In the output check the retention policy, if enabled is set to false, the vulnerability exists.
- Repeat steps no. 2-3 for other subscriptions in your Microsoft Azure accounts.
Steps for Remediation( Using Azure CLI ) :
- Sign in to Azure Management Console.
- Update the log profile for recommended retention period using the following command :
az monitor log-profiles update --name MyLogProfile --set retentionPolicy.days=<number_of_days>
- Repeat steps no. 2-3 for other misconfigured log profiles.