Small Activity Log Retention Period
- Query id: 2b856bf9-8e8c-4005-875f-303a8cba3918
- Query name: Small Activity Log Retention Period
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
Ensure that Activity Log Retention is set 365 days or greater
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_monitor_log_profile" "positive1" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 7
}
}
resource "azurerm_monitor_log_profile" "positive2" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
}
}
resource "azurerm_monitor_log_profile" "positive3" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = false
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_monitor_log_profile" "negative1" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 367
}
}
resource "azurerm_monitor_log_profile" "negative2" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 0
}
}