Ensure that Microsoft Azure Storage Queue service logging is enabled for read, write and delete requests. The Storage Queue cloud service stores messages that can be read by any user that has access to your storage account. A queue can contain an unlimited number of messages, each of which can be up to 64KB in size. The Azure Storage Queue service logging records details for both successful and failed requests made to the queues, as well as end-to-end latency, server latency, and authentication information.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Azure Storage Queue logs contain detailed information about successful and failed requests made to your storage queues for read, write and delete operations. This information can be used to monitor individual requests and to diagnose issues with the Storage Queue service within your Microsoft Azure account.
Audit
To determine if your storage account access keys are periodically regenerated (by default, every 90 days), perform the following actions:
Remediation / Resolution
To enable detailed storage logging for read, write and delete requests within Azure Storage Queue service settings, perform the following actions:
References
- Azure Official Documentation
- Storage Analytics
- Azure Storage analytics logging
- Monitor a storage account in the Azure portal
- Azure Storage analytics logging
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az storage account list
- az storage logging show
- az storage logging update