AzTS

1.0.3

module/ConfigurationProvider/ControlConfigurations/Services/StreamAnalyticsJobs.json

                                {

  "FeatureName": "StreamAnalyticsJobs",

  "Reference": "",

  "IsMaintenanceMode": false,

  "Controls": [

    {

      "ControlID": "Azure_StreamAnalyticsJobs_Audit_Enable_Resource_Logs_MCSB",

      "Description": "[MCSB] Resource logs in Azure Stream Analytics must be enabled",

      "Id": "StreamAnalyticsJobs100",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "ControlScanSource": "MDC",

      "DisplayName": "[MCSB] Resource logs in Azure Stream Analytics must be enabled",

      "Category": "Monitoring must be correctly configured",

      "ControlRequirements": "Monitoring and auditing must be enabled and correctly configured according to prescribed organizational guidance",

      "Rationale": "Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes when a security incident occurs or when your network is compromised.",

      "Recommendation": "To enable resource logs in Stream Analytics Jobs please refer: https://learn.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-diagnostic-logs#send-diagnostics-to-azure-monitor-logs.",

      "Tags": [

        "Automated",

        "Baseline",

        "Audit",

        "StreamAnalyticsJobs"

      ],

      "AssessmentProperties": {

        "AssessmentNames": [

          "f11b27f2-8c49-5bb4-eff5-e1e5384bf95e"

        ],

        "AssessmentStatusMappings": [

          {

            "AssessmentStatusCode": "NotApplicable",

            "EffectiveVerificationResult": "Failed",

            "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*",

            "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed."

          }

        ]

      },

      "Enabled": false,

      "CustomTags": [

        "Daily",

        "MCSB"

      ]

    },

    {

      "ControlID": "Azure_StreamAnalytics_Audit_Enable_Diagnostic_Settings",

      "Description": "Enable Security Logging in Azure Stream Analytics",

      "Id": "StreamAnalyticsJobs110",

      "ControlSeverity": "Medium",

      "Automated": "Yes",

      "MethodName": "CheckDiagnosticsSettings",

      "DisplayName": "Enable Security Logging in Azure Stream Analytics",

      "Category": "Monitoring must be correctly configured",

      "ControlRequirements": "Monitoring and auditing must be enabled and correctly configured according to prescribed organizational guidance",

      "Rationale": "Diagnostic logs must be enabled as they provide details for investigation in case of a security breach for threats.",

      "Recommendation": "To Configure 'Diagnostic settings' for Stream Analytics, go to Azure Portal --> Your Stream Analytics Resource --> Diagnostic settings --> Enable Execution and Authoring Logs with a minimum retention period of 90 days.",

      "Tags": [

        "Automated",

        "Audit",

        "Diagnostics",

        "StreamAnalyticsJobs",

        "Baseline"

      ],

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "DiagnosticSettings"

        ]

      },

      "Enabled": true,

      "ControlSettings": {

        "DiagnosticForeverRetentionValue": "0",

        "DiagnosticMinRetentionPeriod": "90",

        "DiagnosticLogs": [

          "Execution",

          "Authoring"

        ]

      },

      "CustomTags": [

        "Daily",

        "TenantBaseline",

        "MSD",

        "TBv12",

        "SN:StreamAnalytics_Logging"

      ]

    }

  ]

}