Skip to content
Nuclei Templates

Diagnostic Settings Categories on Azure Resources not configured

ID: azure-diagnostic-categories-misconfigured

Severity: medium

Author: princechaddha

Tags: cloud,devops,azure,microsoft,diagnostic,azure-cloud-config

Description

Section titled “Description”

Ensure that diagnostic settings are configured to log the appropriate activities from the Azure Monitor control/management plane. Proper configuration of diagnostic settings is crucial for effective monitoring and capturing essential management activities performed by resources on the Azure platform.

YAML Source

Section titled “YAML Source”
id: azure-diagnostic-categories-misconfigured
info:
  name: Diagnostic Settings Categories on Azure Resources not configured
  author: princechaddha
  severity: medium
  description: |
    Ensure that diagnostic settings are configured to log the appropriate activities from the Azure Monitor control/management plane. Proper configuration of diagnostic settings is crucial for effective monitoring and capturing essential management activities performed by resources on the Azure platform.
  impact: |
    Misconfigured diagnostic settings can lead to inadequate logging of control and management activities, increasing the risk of unnoticed malicious activities or misconfigurations.
  remediation: |
    Configure diagnostic settings for each Azure resource to log necessary activities from the control/management plane, ensuring that all important events are captured and reviewed regularly for anomalies.
  reference:
    - https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings
  tags: cloud,devops,azure,microsoft,diagnostic,azure-cloud-config


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az monitor diagnostic-settings subscription list --query 'value[*].{"name": name, "logs": logs}' --output json


    matchers:
      - type: word
        words:
          - '"enabled": false'


    extractors:
      - type: dsl
        dsl:
          - '"The configuration of the verified diagnostic setting for “Administrative”, “Security”, “Alert”, and “Policy” is not compliant."'
# digest: 4a0a0047304502210099c5a3283f6008b08b1f3e830f1d42e281224b93a07e0a9a2a9694b90e5f9f8202204e2b7c6a4dc46e526255772693148610bb3a4876a28d9f65e71e3af5a98ec2f7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/azure/monitor/azure-diagnostic-categories-misconfigured.yaml"

View on Github