DOS1200

Enable Log Audit Events

DOS1200

AzureDevOps organization high builtIn

Description

Log Audit Events. Learn more: https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops#review-auditing-events https://learn.microsoft.com/en-us/azure/devops/organizations/audit/azure-devops-auditing

Recommendation

1. Go to Organization Settings. 
2. Click on Security -> Policies. 
3. Security policies. 
4. Turn 'On' the setting 'Log Audit Events'. 
5. Make sure you configure at least one stream under General -> Auditing -> Streams.

Policy Rule

{
  "target": "ADOOrganizationPolicy",
  "if": {
    "allOf": [
      {
        "resource": "ADOOrganizationPolicy",
        "property": "Policy.Name",
        "operator": "equals",
        "value": "Policy.LogAuditEvents"
      },
      {
        "resource": "ADOOrganizationPolicy",
        "property": "Policy.Value",
        "operator": "equals",
        "value": true
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS1190 DOS1210 »
Rule Details
  • Rule ID: DOS1200
  • Code: ADO_Organization_Policies_Security_Enable_Log_Audit_Events
  • Platform: AzureDevOps
  • Category: organization
  • Severity: high
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions