Ensure that the Log Profile created for your Azure activity log has a retention period of 365 days or more, configured for reliability and compliance purposes. A Log Profile controls how the activity log is exported and retained within your Azure cloud account. The retention period represents the number of days to retain activity logs for a Microsoft Azure cloud subscription.
A retention period of 365 days or more should allow you to collect the necessary amount of activity log data useful to find any anomalies and potential security breaches. Because the average time to detect a breach is 210 days, your Azure activity log should be retained for 365 days or more in order to give you enough time to respond efficiently to any incidents.
To determine if your Azure Log Profile has a sufficient retention period configured for activity log data, perform the following actions:
Remediation / Resolution
To extend activity log data retention period for your Microsoft Azure account subscriptions, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Activity Log Retention
Risk level: Medium