Monitoring Log Profile Without All Activities

• Query id: 89f84a1e-75f8-47c5-83b5-bee8e2de4168
• Query name: Monitoring Log Profile Without All Activities
• Platform: Ansible
• Severity: Medium
• Category: Observability
• URL: Github

Description

Monitoring log profile captures all the activities (Action, Write, Delete)
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    categories:
      - Write
      - Action
    retention_policy:
      enabled: False
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

- name: Create a log profile2
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    retention_policy:
      enabled: False
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
    - eastus
    - westus
    categories:
    - Write
    - Action
    - Delete
    retention_policy:
      enabled: false
      days: 1
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output