Skip to content
Nuclei Templates

Azure Monitor Diagnostic Settings for Subscription Activity Log Export Check

ID: azure-monitor-diagnostic-unrestricted

Severity: medium

Author: princechaddha

Tags: cloud,devops,azure,microsoft,monitor,azure-cloud-config

Description

Section titled “Description”

Ensure that Azure Monitor Diagnostic Settings are configured to export activity logs for the selected Microsoft Azure subscription. This helps in maintaining a record of all operational actions which are crucial for security and operational auditing.

YAML Source

Section titled “YAML Source”
id: azure-monitor-diagnostic-unrestricted
info:
  name: Azure Monitor Diagnostic Settings for Subscription Activity Log Export Check
  author: princechaddha
  severity: medium
  description: |
    Ensure that Azure Monitor Diagnostic Settings are configured to export activity logs for the selected Microsoft Azure subscription. This helps in maintaining a record of all operational actions which are crucial for security and operational auditing.
  impact: |
    Not having diagnostic settings configured to export activity logs can lead to a lack of visibility into operational actions within the subscription, increasing the risk of undetected malicious activities or misconfigurations.
  remediation: |
    Configure Azure Monitor Diagnostic Settings to export activity logs. Refer to the Azure documentation on how to set up diagnostic settings for activity log export.
  reference:
    - https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
  tags: cloud,devops,azure,microsoft,monitor,azure-cloud-config


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az monitor diagnostic-settings subscription list --query 'value[*].id' --output json


    matchers:
      - type: word
        words:
          - '[]'


    extractors:
      - type: dsl
        dsl:
          - '"Azure Monitor Diagnostic Settings for Subscription Activity Log Export are not configured."'
# digest: 4a0a00473045022014d2afe58bb4a187acb33961c47d8ea3a7a5b4ce4f95441247c802c6216be9df022100de89117ba583753296ad5d8b3317251c4acd742c9bd5b00d7bda8c7e756d7947:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/azure/monitor/azure-monitor-diagnostic-unrestricted.yaml"

View on Github