DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

By DeepSource

Use Analyzer

Activity log retention is set to less than 365 days TF-S1037

Security

A log profile controls how the activity log is exported and retained. Since the average time to detect a breach is 210 days, the activity log should be retained for 365 days or more, providing time to respond to any incidents. It is recommended to set activity log retention for 365 days or greater.

Recommended

Retention policy is set to 365 days.

resource "azurerm_monitor_log_profile" "recommended-1" {
    name = "default"
    categories = ["Action", "Delete", "Write"]
    locations = ["westus", "global"]
    retention_policy {
    enabled = true
    days    = 365
    }
}

No retention is happening as the retention policy is disabled.

resource "azurerm_monitor_log_profile" "recommended-2" {
    name = "default"
    categories = ["Action", "Delete", "Write"]
    locations = ["westus", "global"]
    retention_policy {
    enabled = false
    days    = 0
    }
}