Aqua CSPM

Key Vault Log Analytics Enabled

Quick Info

Plugin TitleKey Vault Log Analytics Enabled
CloudAZURE
CategoryMonitor
DescriptionEnsures Key Vault Log Analytics logs are being properly delivered to Azure Monitor
More InfoEnabling Send to Log Analytics ensures that all Key Vault logs are being properly monitored and managed.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs
Recommended ActionSend all diagnostic logs for Key Vault from the Azure Monitor service to Log Analytics.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Monitor.
  3. On the “Monitor - Overview” page scroll down the left navigation panel and click on “Diagnostics” under Settings.
  4. On the “Monitor - Diagnostics settings” page select the resource you want to verify for “Key Vault Log Analystics."
  5. Check the “Diagnostics Status” and if it’s set to “Disabled” then the “Key Vault Log Analytics” logs are not being properly delivered to Azure Monitor.
  6. Repeat steps number 2 - 5 to verify other resources in the account.
  7. Navigate to “Monitor” and click on the “Diagnostics” under “Settings” and select the resource on which “Key Vault Log Anaytics” needs to be enabled.
  8. On the “Diagnostics Settings” page click on the “Add diagnostic setting” option.
  9. On the “Diagnostics Settings” page enter the Name, click the checkbox for “Send to Log Analytics”, select an existing Log Analytics workspace, or create a workspace and to enable “Metric” click the checkbox under “Metric”. Click on the “Save” button at the top to make the changes.
  10. Repeat steps number 7 - 9 to send all diagnostic logs for Key Vault from the Azure Monitor service to Log Analytics.