Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests

The Storage Table storage is a service that stores structure NoSQL data in the cloud, providing a key/attribute store with a schema less design. Storage Logging happens server-side and allows details for both successful and failed requests to be recorded in the storage account. These logs allow users to see the details of read, write, and delete operations against the tables. Storage Logging log entries contain the following information about individual requests: Timing information such as start time, end-to-end latency, and server latency, authentication details , concurrency information and the sizes of the request and response messages.

Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.LOG.16
Covered by Spectral: No
Category: Storage

GSL LOGIC

StorageAccount should have tableServiceProperties.classicDiagnosticSettings.logging.read=true and tableServiceProperties.classicDiagnosticSettings.logging.write=true and blobServiceProperties.classicDiagnosticSettings.logging.delete=true

REMEDIATION

From Portal

  1. Go to Storage Accounts.
  2. Select the specific Storage Account.
  3. Click the Diagnostics settings (classic) blade from Monitoring (classic) section.
  4. Set the Status to On, if set to Off.
  5. Select Table properties.
  6. Select Read, Write and Delete options under the Logging section to enable Storage Logging for Table service.
  7. Click Save.

From Command Line
Run

az storage logging update --account-name STORAGEACCOUNT NAME --account-key STORAGEACCOUNT KEY --services t --log rwd --retention 90

References

  1. https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging
  2. https://docs.microsoft.com/en-us/cli/azure/storage/logging?view=azure-cli-latest#az-storage-logging-update

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset