Application Insights Integration for Azure Function Apps

ID: azure-functionapp-appinsights-missing

Severity: high

Author: princechaddha

Tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config

Description

Ensure that the functions managed with Microsoft Azure Function App are configured to use Azure Monitor Application Insights. Application Insights is a robust APM solution designed to cater to the needs of both developers and DevOps experts. By enabling this service, you can effortlessly set up continuous monitoring for your serverless application. Application Insights excels at identifying performance irregularities and offers a suite of potent analytical tools to assist you in troubleshooting problems and gaining deep insights into user interactions with your application.

YAML Source

id: azure-functionapp-appinsights-missing
info:
  name: Application Insights Integration for Azure Function Apps
  author: princechaddha
  severity: high
  description: |
    Ensure that the functions managed with Microsoft Azure Function App are configured to use Azure Monitor Application Insights. Application Insights is a robust APM solution designed to cater to the needs of both developers and DevOps experts. By enabling this service, you can effortlessly set up continuous monitoring for your serverless application. Application Insights excels at identifying performance irregularities and offers a suite of potent analytical tools to assist you in troubleshooting problems and gaining deep insights into user interactions with your application.
  impact: |
    Without integration with Application Insights, Azure Function Apps may lack comprehensive monitoring, impacting the visibility and troubleshooting of performance issues.
  remediation: |
    Configure your Azure Function Apps to integrate with Application Insights to enable detailed monitoring and analytics capabilities.
  reference:
    - https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
  tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config

flow: |
  code(1);
  for (let AppData of iterate(template.functionApps)) {
    AppData = JSON.parse(AppData);
    set("name", AppData.name);
    set("resourceGroup", AppData.resourceGroup);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az functionapp list --query '[*].{name:name, resourceGroup:resourceGroup}' --output json

    extractors:
      - type: json
        name: functionApps
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az functionapp config appsettings list --name $name --resource-group $resourceGroup --query '[*].name' --output json

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "APPINSIGHTS_INSTRUMENTATIONKEY"
        negative: true

      - type: word
        part: body
        words:
          - "["

    extractors:
      - type: dsl
        dsl:
          - 'name + " does not have Application Insights integration enabled"'
# digest: 4b0a0048304602210082a64b233178e9ce47ccfceb680640f78708d5703000894d83f21e8a9d1a0e54022100ee286e0af191b5cffca3c962d83ed8ffb799ddb72dc6205a63ee8286750e3055:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "cloud/azure/functions/azure-functionapp-appinsights-missing.yaml"

View on Github