Azure Storage

Overview
Critical
0
High
0
Medium
15
Low
0
Informational
0
Security issues (15)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Medium CIS 3.8 PCI DSS (Networking) HIPAA (Networking) centralus prevasioteststorageacc Storage Account is configured to allow access to traffic from all networks (including Internet traffic). To fulfill PCI requirements on segmenting networks using firewalls and HIPAA access controls that require data access to be restricted to known sources, configure your Storage Account to deny access to traffic from all networks by default. More info
Medium CIS 3.11 centralus prevasioteststorageacc Storage Account Blob has Soft Delete data retention period configured to 7 days, while the recommended minimum is 31 days or more. To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. More info
Medium CIS 3.12 eastus prevasiostorageaccount Storage Account uses Microsoft managed key instead of BYOK (Bring Your Own Key). For greater control, transparency and increasing security by having full control of the encryption keys, ensure your Storage Account data at rest is protected with a key from your own Azure Key Vault. More info
Medium CIS 3.9 eastus prevasiostorageaccount Storage Account is configured not to allow trusted Azure services to access itself. To allow trusted cloud services to access your Storage Account with the enabled firewall rules, add an exception so that the trusted Azure services can bypass your network rules and still access your Storage Account. More info
Medium CIS 3.15 PCI DSS (Old Protocols) eastus prevasiostorageaccount Storage Account has TLS version 1.0, which is lower than the desired TLS version 1.2. To comply with the industry standards, ensure your Storage Account uses TLS 1.2 or higher for all TLS connections. More info
Medium CIS 3.1 PCI DSS 4.2 HIPAA (Encryption) eastus prevasiostorageaccount Storage Account allows insecure HTTP origin. To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, ensures HTTPS-only traffic is allowed to Storage Account endpoints. More info
Medium CIS 3.11 eastus prevasiostorageaccount Storage Account Blob has Soft Delete data retention period configured to 3 days, while the recommended minimum is 31 days or more. To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. More info
Medium CIS 3.12 eastus sqlvan5orkhoarubfu Storage Account uses Microsoft managed key instead of BYOK (Bring Your Own Key). For greater control, transparency and increasing security by having full control of the encryption keys, ensure your Storage Account data at rest is protected with a key from your own Azure Key Vault. More info
Medium CIS 3.8 PCI DSS (Networking) HIPAA (Networking) eastus sqlvan5orkhoarubfu Storage Account is configured to allow access to traffic from all networks (including Internet traffic). To fulfill PCI requirements on segmenting networks using firewalls and HIPAA access controls that require data access to be restricted to known sources, configure your Storage Account to deny access to traffic from all networks by default. More info
Medium CIS 3.11 eastus sqlvan5orkhoarubfu Storage Account Blob has no Soft Delete data retention period configured. To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. More info
Medium HIPAA (Networking) global insights-logs-networksecuritygroupflowevent Storage Blob Container is not immutable. To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. More info
Medium HIPAA (Networking) global insights-operational-logs Storage Blob Container is not immutable. To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. More info
Medium HIPAA (Networking) global $web Storage Blob Container is not immutable. To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. More info
Medium HIPAA (Networking) global insights-operational-logs Storage Blob Container is not immutable. To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. More info
Medium CIS 3.7 PCI DSS (Networking) HIPAA (Networking) global test-storage-container Storage Blob Container allows public access. To fulfill HIPAA and PCI DSS requirements on strict access controls to all data, ensure that all Blob Containers have anonymous public access disabled. More info
Storage Accounts (3)
Name Resource group Kind Created Status Security issues
prevasioteststorageaccDefaultResourceGroup-WUS2StorageV2 Available 2 Medium (details)
prevasiostorageaccountMC_test-clust_group_test-cluster_westus2StorageV2 Available 5 Medium (details)
sqlvan5orkhoarubfuprevasio-web-app_groupStorageV2 Available 3 Medium (details)
Containers (5)
Blob container Storage account Last modified Public access level Lease state Immutability policy Legal hold Security issues
insights-logs-networksecuritygroupfloweventprevasiostorageaccount None Available 1 Medium (details)
insights-operational-logsprevasiostorageaccount None Available 1 Medium (details)
$webprevasioteststorageacc None Available 1 Medium (details)
insights-operational-logsprevasioteststorageacc None Available 1 Medium (details)
test-storage-containerprevasioteststorageacc Container Available 1 Medium (details)