Skip to main content

More Info:

Allowing public access to activity log content may aid an adversary in identifying weaknesses in the affected account’s use or configuration.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, HITRUST

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the misconfiguration in Azure, you can follow these steps:
  1. Open the Azure portal and navigate to the storage account that contains the container with the logs.
  2. Click on the “Containers” tab on the left-hand side of the screen.
  3. Select the container that contains the logs.
  4. Click on the “Access policy” tab on the top of the screen.
  5. Under the “Public access level” section, select “Private (no anonymous access)”.
  6. Click on the “Save” button at the top of the screen to save the changes.
  7. Verify that the container is no longer publicly accessible by trying to access it from a different browser or device.
By following these steps, you have successfully remediated the misconfiguration and ensured that the storage account container containing the logs is no longer publicly accessible.

To remediate the issue of a publicly accessible Storage Account container containing logs in Azure, you can follow the steps below using Azure CLI:
  1. Log in to your Azure account using the Azure CLI command az login.
  2. Once you have successfully logged in, you can list all the storage accounts in your subscription using the command az storage account list.
  3. Identify the storage account that contains the publicly accessible container and copy its resource group and name.
  4. Use the following command to update the access level of the container to private: az storage container set-permission --account-name <storage_account_name> --account-key <storage_account_key> --name <container_name> --public-access off Replace <storage_account_name> with the name of the storage account, <storage_account_key> with the account key of the storage account, and <container_name> with the name of the container that contains the logs.
  5. Verify that the access level of the container has been updated to private by running the command az storage container show --account-name <storage_account_name> --account-key <storage_account_key> --name <container_name>. If the access level is set to private, you have successfully remediated the issue.
By following these steps, you can remediate the issue of a publicly accessible Storage Account container containing logs in Azure using Azure CLI.
To remediate the misconfiguration in Azure using Python, you can follow these steps:
  1. Import the required modules:
from azure.storage.blob import BlobServiceClient, PublicAccess
from azure.core.exceptions import ResourceExistsError
  1. Connect to the Azure Storage Account using the connection string:
connection_string = "<your_connection_string>"
blob_service_client = BlobServiceClient.from_connection_string(connection_string)
  1. Get the container name that contains the logs:
container_name = "<your_container_name>"
container_client = blob_service_client.get_container_client(container_name)
  1. Set the PublicAccess level to ‘None’:
try:
    container_client.set_access_policy(PublicAccess.NONE)
    print("Public access has been removed from the container.")
except ResourceExistsError:
    print("The container already has PublicAccess.NONE.")
  1. Verify that the PublicAccess level has been set to ‘None’:
container_properties = container_client.get_container_properties()
print("Public access level: ", container_properties.public_access)
This will ensure that the Storage Account container containing the logs is not publicly accessible.

Additional Reading: