Skip to content

zt_vis_001 — Security-relevant resource has no diagnostic settings

Summary

Severity: High · Pillar: Visibility · Chain role: ENABLER

Description

Without diagnostic settings streaming to Log Analytics or Event Hub, resource activity is invisible to SOC tooling.

Mapping

Framework Control / Reference
NIST 800-53 AU-12
NIST 800-207 Tenet 5 - Integrity monitored
CIS Azure
MITRE ATT&CK Technique T1562.008
MITRE ATT&CK Tactic Defense Evasion
Zero-Trust Tenet Tenet 5
Framework tags nist-800-207, argus-zt

Source

Rule defined at policies/azure/zt/visibility/zt_vis_001.rego.

View on GitHub