Ensure that the Microsoft Azure storage container where the exported activity log files are saved is not publicly accessible from the Internet, in order to avoid exposing sensitive data and minimize security risks.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing public access to your Azure cloud activity logs can increase the attack surface and the opportunity for malicious activity, as attackers can identify weaknesses in your Azure account's use or configuration when they are able to access the activity log container anonymously.
Audit
To determine if the storage container that stores the activity logs is publicly accessible, perform the following actions:
Remediation / Resolution
To disable anonymous access to the storage container that stores your Microsoft Azure activity logs, perform the following actions:
References
- Azure Official Documentation
- Overview of Azure platform logs
- Azure Monitor activity log
- Configure anonymous public read access for containers and blobs
- Diagnostic settings in Azure Monitor
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az monitor diagnostic-settings subscription list
- az monitor diagnostic-settings subscription show
- az storage container show
- az storage container set-permission
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Publicly Accessible Activity Log Storage Container
Risk Level: High