Ensure that Storage Account has Microsoft Defender for Cloud enabled
Activating Microsoft Defender for a Storage account enables threat detection for this Storage account, providing threat intelligence, anomaly detection, and behavior analytics.
Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.MON.81
Covered by Spectral: No
Category: Storage
GSL LOGIC
StorageAccount should have advancedThreatProtectionEnabled = true
REMEDIATION
From Portal
- Sign in to the Azure portal (https://portal.azure.com/).
- Navigate to your storage account.
- In the storage account menu, in the Security + networking section, select Microsoft Defender for Cloud.
- On-upload Malware Scanning and Sensitive data threat detection are enabled by default. You can disable the features by unselecting them.
- Select Enable on storage account.
From TF
resource "azurerm_advanced_threat_protection" "example" {
target_resource_id = azurerm_storage_account.example.id
enabled = true
}
References
- https://learn.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=enable-storage-account
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/advanced_threat_protection
Azure Storage Account
An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.
Compliance Frameworks
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago