Ensure that Azure Storage Blob service logging is enabled for read, write, and delete requests. The Storage Blob service provides scalable, cost-efficient objective storage in the Azure cloud. Storage logging is performed server-side and allows details for both successful and failed requests to be recorded in the associated storage account. These logs contain the following information about the individual requests: timing information such as start time, end-to-end latency, server latency, authentication details, concurrency information, and the size of the request/response.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
optimisation
By default, Azure Storage Blob service logging is disabled for read, write, and delete operations. Once enabled, the storage logging will provide detailed information about successful and failed requests made to the blob storage service. This information can be used to monitor individual requests and to diagnose issues with your blob data.
Audit
To determine if the Azure Storage Blob service logging is enabled, perform the following actions:
Remediation / Resolution
To enable logging for Azure Storage Blob service (read, write, and delete requests), perform the following actions:
References
- Azure Official Documentation
- Azure Storage analytics logging
- az storage logging
- LT-4: Enable logging for Azure resources
- Azure Command Line Interface (CLI) Documentation
- az
- az storage account list
- az storage logging
- az storage logging update