Loading controls...
Control: 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible
Description
The storage account container containing the activity log export should not be publicly accessible.
Allowing public access to activity log content may aid an adversary in identifying weaknesses in the affected account's use or configuration.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu
- Search for
Storage Accountsto access Storage account blade - Click on the storage account name
- In Section
Blob ServiceclickContainers. It will list all the containers in next blade - Look for a record with container named as
insight-operational-logs. Click ... from right most column to openContext menu - Click
Access PolicyfromContext Menuand setPublic Access LeveltoPrivate (no anonymous access)
From Azure CLI
az storage container set-permission --name insights-operational-logs --account-name <Storage Account Name> --public-access offDefault Value
By default, public access is set to null (allowing only private access) for a container with activity log export.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v150_5_1_3Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v150_5_1_3 --shareSQL
This control uses a named query:
monitor_logs_storage_container_insights_operational_logs_not_public_accessible