Azure Storage
Overview
Critical
0High
0Medium
15Low
0Informational
0Security issues (15)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Medium | CIS 3.8 PCI DSS (Networking) HIPAA (Networking) | centralus | prevasioteststorageacc | Storage Account is configured to allow access to traffic from all networks (including Internet traffic). | To fulfill PCI requirements on segmenting networks using firewalls and HIPAA access controls that require data access to be restricted to known sources, configure your Storage Account to deny access to traffic from all networks by default. | More info | |
Medium | CIS 3.11 | centralus | prevasioteststorageacc | Storage Account Blob has Soft Delete data retention period configured to 7 days, while the recommended minimum is 31 days or more. | To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. | More info | |
Medium | CIS 3.12 | eastus | prevasiostorageaccount | Storage Account uses Microsoft managed key instead of BYOK (Bring Your Own Key). | For greater control, transparency and increasing security by having full control of the encryption keys, ensure your Storage Account data at rest is protected with a key from your own Azure Key Vault. | More info | |
Medium | CIS 3.9 | eastus | prevasiostorageaccount | Storage Account is configured not to allow trusted Azure services to access itself. | To allow trusted cloud services to access your Storage Account with the enabled firewall rules, add an exception so that the trusted Azure services can bypass your network rules and still access your Storage Account. | More info | |
Medium | CIS 3.15 PCI DSS (Old Protocols) | eastus | prevasiostorageaccount | Storage Account has TLS version 1.0, which is lower than the desired TLS version 1.2. | To comply with the industry standards, ensure your Storage Account uses TLS 1.2 or higher for all TLS connections. | More info | |
Medium | CIS 3.1 PCI DSS 4.2 HIPAA (Encryption) | eastus | prevasiostorageaccount | Storage Account allows insecure HTTP origin. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, ensures HTTPS-only traffic is allowed to Storage Account endpoints. | More info | |
Medium | CIS 3.11 | eastus | prevasiostorageaccount | Storage Account Blob has Soft Delete data retention period configured to 3 days, while the recommended minimum is 31 days or more. | To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. | More info | |
Medium | CIS 3.12 | eastus | sqlvan5orkhoarubfu | Storage Account uses Microsoft managed key instead of BYOK (Bring Your Own Key). | For greater control, transparency and increasing security by having full control of the encryption keys, ensure your Storage Account data at rest is protected with a key from your own Azure Key Vault. | More info | |
Medium | CIS 3.8 PCI DSS (Networking) HIPAA (Networking) | eastus | sqlvan5orkhoarubfu | Storage Account is configured to allow access to traffic from all networks (including Internet traffic). | To fulfill PCI requirements on segmenting networks using firewalls and HIPAA access controls that require data access to be restricted to known sources, configure your Storage Account to deny access to traffic from all networks by default. | More info | |
Medium | CIS 3.11 | eastus | sqlvan5orkhoarubfu | Storage Account Blob has no Soft Delete data retention period configured. | To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. | More info | |
Medium | HIPAA (Networking) | global | insights-logs-networksecuritygroupflowevent | Storage Blob Container is not immutable. | To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. | More info | |
Medium | HIPAA (Networking) | global | insights-operational-logs | Storage Blob Container is not immutable. | To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. | More info | |
Medium | HIPAA (Networking) | global | $web | Storage Blob Container is not immutable. | To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. | More info | |
Medium | HIPAA (Networking) | global | insights-operational-logs | Storage Blob Container is not immutable. | To fulfill HIPAA requirements on strict integrity of the stored data and its protection against corruption or malicious destruction, ensure that all Blob Containers that store critical data have an immutable blob storage policy attached. | More info | |
Medium | CIS 3.7 PCI DSS (Networking) HIPAA (Networking) | global | test-storage-container | Storage Blob Container allows public access. | To fulfill HIPAA and PCI DSS requirements on strict access controls to all data, ensure that all Blob Containers have anonymous public access disabled. | More info |
Storage Accounts (3)
Name | Resource group | Kind | Created | Status | Security issues |
---|---|---|---|---|---|
prevasioteststorageacc | DefaultResourceGroup-WUS2 | StorageV2 | Available | 2 Medium (details) | |
prevasiostorageaccount | MC_test-clust_group_test-cluster_westus2 | StorageV2 | Available | 5 Medium (details) | |
sqlvan5orkhoarubfu | prevasio-web-app_group | StorageV2 | Available | 3 Medium (details) |
Containers (5)
Blob container | Storage account | Last modified | Public access level | Lease state | Immutability policy | Legal hold | Security issues |
---|---|---|---|---|---|---|---|
insights-logs-networksecuritygroupflowevent | prevasiostorageaccount | None | Available | ⨉ | ⨉ | 1 Medium (details) | |
insights-operational-logs | prevasiostorageaccount | None | Available | ⨉ | ⨉ | 1 Medium (details) | |
$web | prevasioteststorageacc | None | Available | ⨉ | ⨉ | 1 Medium (details) | |
insights-operational-logs | prevasioteststorageacc | None | Available | ⨉ | ⨉ | 1 Medium (details) | |
test-storage-container | prevasioteststorageacc | Container | Available | ⨉ | ✓ | 1 Medium (details) |