Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.MON.81
Covered by Spectral: No
Category: Storage

GSL LOGIC

StorageAccount should have advancedThreatProtectionEnabled = true

REMEDIATION

From Portal

Sign in to the Azure portal (https://portal.azure.com/).
Navigate to your storage account.
In the storage account menu, in the Security + networking section, select Microsoft Defender for Cloud.
On-upload Malware Scanning and Sensitive data threat detection are enabled by default. You can disable the features by unselecting them.
Select Enable on storage account.

From TF

resource "azurerm_advanced_threat_protection" "example" {
	target_resource_id = azurerm_storage_account.example.id
	enabled            = true
}

References

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

CloudGuard Azure All Rules Ruleset