Monitoring Log Profile Without All Activities
- Query id: 89f84a1e-75f8-47c5-83b5-bee8e2de4168
- Query name: Monitoring Log Profile Without All Activities
- Platform: Ansible
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Monitoring log profile captures all the activities (Action, Write, Delete)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Create a log profile
azure_rm_monitorlogprofile:
name: myProfile
location: eastus
locations:
- eastus
- westus
categories:
- Write
- Action
retention_policy:
enabled: False
days: 1
storage_account:
resource_group: myResourceGroup
name: myStorageAccount
register: output
- name: Create a log profile2
azure_rm_monitorlogprofile:
name: myProfile
location: eastus
locations:
- eastus
- westus
retention_policy:
enabled: False
days: 1
storage_account:
resource_group: myResourceGroup
name: myStorageAccount
register: output
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create a log profile
azure_rm_monitorlogprofile:
name: myProfile
location: eastus
locations:
- eastus
- westus
categories:
- Write
- Action
- Delete
retention_policy:
enabled: false
days: 1
storage_account:
resource_group: myResourceGroup
name: myStorageAccount
register: output