standard
turbot/azure_compliance

Trigger: Detect & correct Storage Accounts with blob service logging disabled

Detect Storage Accounts with blob service logging disabled and then enable blob service logging.

Query

with get_access_key as (
select
distinct on (id) id,
k ->> 'Value' as access_key
from
azure_storage_account,
jsonb_array_elements(access_keys) as k
order by
id
)
select
concat(
sa.id,
' [',
sa.subscription_id,
'/',
sa.resource_group,
']'
) as title,
sa.id as id,
k.access_key as access_key,
sa.name,
sa.subscription_id,
sa._ctx ->> 'connection_name' as conn
from
azure_storage_account as sa,
get_access_key as k,
azure_subscription as sub
where
sub.subscription_id = sa.subscription_id
and k.id = sa.id
and (
not (sa.blob_service_logging ->> 'Read') :: boolean
or not (sa.blob_service_logging ->> 'Write') :: boolean
or not (sa.blob_service_logging ->> 'Delete') :: boolean
)

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Storage