Diagnostic Logs in XYZ Should be Enabled

Description:

With Azure diagnostic logs, you can view core analytics and save them into one or more destinations including:

• Azure Storage account

• Log Analytics workspace

• Azure Event Hubs

A wide variety of services found below support the use of diagnostic logs in order to further troubleshoot, audit, and keep records of all ongoing activity. It's important to enable this to ensure that, if something were to happen, the information is available for the particular service.

Solution/Reference: 

Full instructions to perform this for a variety of services can be found here: 

Azure Stream Analytics: https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-job-diagnostic-logs

Key Vault: https://docs.microsoft.com/en-us/azure/key-vault/general/howto-logging & https://docs.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault

Batch Accounts: https://docs.microsoft.com/en-us/azure/batch/batch-diagnostics

Event Hub: https://docs.microsoft.com/en-us/azure/event-hubs/monitor-event-hubs-reference#resource-logs

Service Bus: https://docs.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus-reference#resource-logs

Virtual Machine Scale Sets: https://medium.com/microsoftazure/adding-diagnostic-extensions-to-an-existing-azure-vm-scale-set-a5a5f6320b2c

Logic Apps: https://docs.microsoft.com/en-us/azure/logic-apps/healthy-unhealthy-resource#:~:text=Check%20diagnostic%20logging%20setting&text=On%20the%20Security%20Center%20dashboard,the%20table%20of%20security%20controls.