TF 0278 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Ensure activitys are captured for all locations

Property Value
Language terraform
Severity medium
Service monitor
Provider Azure
Vulnerability Type omission

Description

The log profile is configured to capture activity logs from only a subset of Azure regions, leaving events in other regions unmonitored. This incomplete coverage can result in important activities going unlogged.

Impact

Failure to log activities in all regions creates visibility gaps, allowing unauthorized or malicious actions in unmonitored regions to go undetected. This can hinder incident response, auditability, and compliance, increasing the risk of undetected breaches or policy violations.

Resolution

Enable capture for all locations