standard
turbot/azure_compliance

Trigger: Detect & correct Storage Accounts with table service logging disabled

Detect Storage Accounts with table service logging disabled and then enable table service logging.

Query

with get_access_key as (
select
distinct on (id) id,
k ->> 'Value' as access_key
from
azure_storage_account,
jsonb_array_elements(access_keys) as k
order by
id
)
select
distinct concat(
sa.id,
' [',
sa.resource_group,
'/',
sa.subscription_id,
']'
) as title,
sa.id as id,
k.access_key as access_key,
sa.name,
sa.subscription_id,
sa._ctx ->> 'connection_name' as conn
from
azure_storage_account as sa,
get_access_key as k,
azure_subscription as sub
where
sub.subscription_id = sa.subscription_id
and k.id = sa.id
and (
not table_logging_write
or not table_logging_read
or not table_logging_delete
)

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Storage