For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-08w.md. A documentation index is available at /llms.txt.

Ensure that logging for Azure Key Vault is Enabled

azure.security

Description

This rule checks if Azure Key Vault has a diagnostic setting enabled using the vault’s embedded diagnostic_settings. At least one diagnostic setting must have at least one log category with enabled: true. Diagnostic settings allow you to send logs and metrics to Azure Monitor, Azure Storage, or Azure Event Hubs.

Remediation

To enable diagnostic settings for Azure Key Vault, see Enable Key Vault logging.