Ensure that the Microsoft Azure storage container where the exported activity log files are saved is not publicly accessible from the Internet in order to avoid exposing sensitive data and minimize security risks.
Allowing public access to your Azure cloud activity logs can increase the attack surface and the opportunity for malicious activity, as attackers can identify weaknesses in your Azure account's use or configuration when they are able to access the activity log container anonymously.
Audit
To determine if the storage container holding the activity logs is publicly accessible, perform the following actions:
Remediation / Resolution
To disable anonymous access to the Azure blob container that stores your Microsoft Azure activity logs, perform the following actions:
References
- Azure Official Documentation
- Overview of Azure Activity log
- Export Azure Activity log to storage or Azure Event Hubs
- Manage anonymous read access to containers and blobs
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az monitor log-profiles
- az monitor log-profiles list
- az storage container show
- az storage container set-permission
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check for Publicly Accessible Activity Log Storage Container
Risk level: High