Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: Ensure Soft Delete is Enabled for Azure Containers and Blob Storage

Description

The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.storage_account_blob_and_container_soft_delete_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.storage_account_blob_and_container_soft_delete_enabled --share

SQL

This control uses a named query:

select
  sa.id as resource,
  case
    when
      blob_soft_delete_enabled and blob_container_soft_delete_enabled
      and blob_soft_delete_retention_days between 7 and 365
      and blob_container_soft_delete_retention_days between 7 and 365 then 'ok'
    else 'alarm'
  end as status,
  case
    when
      blob_soft_delete_enabled and blob_container_soft_delete_enabled
      and blob_soft_delete_retention_days between 7 and 365
      and blob_container_soft_delete_retention_days between 7 and 365 then
      sa.name || ' soft delete is enabled for azure containers and blob storage with retention days: blob=' || blob_soft_delete_retention_days || ', container=' || blob_container_soft_delete_retention_days || '.'
    when
      (not blob_soft_delete_enabled or blob_soft_delete_enabled is null) and (not blob_container_soft_delete_enabled or  blob_container_soft_delete_enabled is null) then sa.name || ' blob and azure container soft delete disabled.'
    when
      (not blob_soft_delete_enabled or blob_soft_delete_enabled is null) then sa.name || ' blob soft delete disabled.'
    when
      (not blob_container_soft_delete_enabled  or blob_container_soft_delete_enabled is null) then sa.name || ' azure container soft delete disabled.'
    when
      blob_soft_delete_retention_days < 7 or blob_soft_delete_retention_days > 365 then sa.name || ' blob soft delete retention days (' || blob_soft_delete_retention_days::text || ') is not between 7 and 365 days.'
    when
      blob_container_soft_delete_retention_days < 7 or blob_container_soft_delete_retention_days > 365 then
      sa.name || ' azure container soft delete retention days (' || blob_container_soft_delete_retention_days::text || ') is not between 7 and 365 days.'
  end as reason
  
  , sa.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_storage_account sa
  left join azure_subscription sub on sub.subscription_id = sa.subscription_id;

Tags

service = Azure/Storage