Azure Storage Table Logging Not Enabled
ID: azure-storage-table-logging-disabled
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config
Description
Section titled “Description”Ensure that Azure Storage Table service logging is enabled for read, write, and delete requests. The Azure Storage Table service stores structured NoSQL data in the cloud, providing a key/attribute store with a schema-less design. Storage logging is performed server-side and allows details for both successful and failed requests to be recorded in the associated storage account.
YAML Source
Section titled “YAML Source”id: azure-storage-table-logging-disabledinfo: name: Azure Storage Table Logging Not Enabled author: princechaddha severity: medium description: | Ensure that Azure Storage Table service logging is enabled for read, write, and delete requests. The Azure Storage Table service stores structured NoSQL data in the cloud, providing a key/attribute store with a schema-less design. Storage logging is performed server-side and allows details for both successful and failed requests to be recorded in the associated storage account. impact: | Failing to enable logging for the Azure Storage Table service can prevent tracking of successful and failed requests, impacting auditing and troubleshooting capabilities. remediation: | Enable logging for read, write, and delete requests in the Azure Storage Table service through the Azure portal or using the Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overview tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config
flow: | code(1); for (let AccountData of iterate(template.accountList)) { AccountData = JSON.parse(AccountData); set("name", AccountData.Name); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az storage account list --query '[*].{"Name":name}'
extractors: - type: json name: accountList internal: true json: - '.[]'
- engine: - sh - bash source: | az storage logging show --services t --account-name "$name" --output json
matchers: - type: word words: - '"delete": false' - '"read": false' - '"write": false' condition: and
extractors: - type: dsl dsl: - 'name + " has logging for read, write, delete not enabled"'# digest: 4a0a00473045022100d43341b6ed0d2768bc04ef8251e04b7f8d64a5bbe0f666146a2f6fd150fcf38a022007ba1b60438a19a01d8225a91d51b4814c6d758b1b56f68964875cc1b874fd36:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/storageaccounts/azure-storage-table-logging-disabled.yaml"