PSRule.Rules.Azure icon indicating copy to clipboard operation
PSRule.Rules.Azure copied to clipboard
verified publisher icon Azure

Diagnostic logs in Logic Apps should be enabled

Open BenjaminEngeset opened this issue 3 years ago • 1 comments

Rule request

Suggested rule change

Diagnostic logs in Logic Apps should be enabled.

To ensure you can recreate activity trails for investigation purposes when a security incident occurs or your network is compromised, enable logging.

This is actually an official Defender for Cloud recommendation.

Security pillar for this one.

Applies to the following

The rule applies to the following:

  • Resource type: [Microsoft.Logic/workflows]

Additional context

Diagnostic logs in Logic Apps should be enabled Template reference

BenjaminEngeset avatar Nov 15 '22 20:11 BenjaminEngeset

@bengeset96 I think we need to confirm which diagnostic logs are actually required from an audit perspective.

For Logic App consumption (Microsoft.Logic/workflows) I would be more inclined to make the a more operational monitoring then security since there is not a specific audit log for this resource.

The only log is Workflow runtime diagnostic events.

BernieWhite avatar Nov 18 '22 10:11 BernieWhite