6.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled

Information

Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.

Rationale:

Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.

Impact:

Log consumption and processing will incur additional cost.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remediate from Azure Portal

Go to App Services.

For each App Service:

Under Monitoring, go to Diagnostic settings.

To update an existing diagnostic setting, click Edit setting against the setting. To create a new diagnostic setting, click Add diagnostic setting and provide a name for the new setting.

Check the checkbox next to HTTP logs.

Configure a destination based on your specific logging consumption capability (for example Stream to an event hub and then consuming with SIEM integration for Event Hub logging).

Click Save.

Default Value:

Not configured.

See Also

https://workbench.cisecurity.org/benchmarks/16820

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, CSCv7|7.6

Plugin: microsoft_azure

Control ID: 9f60653478b0e0bca8b0c8c29232551d51713eae626c9657d811b334351a646a