Ensure that the Microsoft Azure storage container where the exported activity log files are saved is not publicly accessible from the Internet, in order to avoid exposing sensitive data and minimize security risks.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing public access to your Azure cloud activity logs can increase the attack surface and the opportunity for malicious activity, as attackers can identify weaknesses in your Azure account's use or configuration when they are able to access the activity log container anonymously.
Audit
To determine if the storage container that stores the activity logs is publicly accessible, perform the following actions:
Remediation / Resolution
To disable anonymous access to the storage container that stores your Microsoft Azure activity logs, perform the following actions:
References
- Azure Official Documentation
- Overview of Azure platform logs
- Legacy collection methods
- Configure anonymous public read access for containers and blobs
- Diagnostic settings in Azure Monitor
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az monitor diagnostic-settings subscription list
- az monitor diagnostic-settings subscription show
- az storage container show
- az storage container set-permission