iCompaas Support

Profile Applicability:

• Level 2

Description:
 Storage Logging captures and records all requests made to the Azure Blob service, including read, write, and delete operations. Enabling this logging provides essential data for monitoring access patterns, troubleshooting issues, and performing security audits.

Rationale:
 Activating Storage Logging helps detect unauthorized or suspicious activities, supports forensic investigations, and meets compliance requirements by maintaining comprehensive access logs.

Impact:

Pros:

• Increases visibility into blob service operations.
  

• Facilitates security monitoring and compliance auditing.
  

• Assists in troubleshooting performance and operational issues.
  

Cons:

• Can lead to increased storage usage and associated costs due to log retention.
  

• Requires ongoing management of logging and retention policies.
  

Default Value:
 Storage Logging is disabled by default and must be enabled explicitly.

Pre-requisites:

• Azure Storage Account with Blob service enabled.
  

• Appropriate permissions to configure logging settings.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to the Storage Account.
   

3. Under Monitoring, select Diagnostic settings or Storage Logging.
   

4. Confirm that logging is enabled for the Blob service with Read, Write, and Delete operations selected.
   

Using Azure CLI:

1. Check logging settings for blob service:
   

   # az storage logging show --account-name <storage-account-name> --services b

2. Verify logging for r (read), w (write), and d (delete) is enabled.
   

Implementation Plan

Using Azure Portal:

1. Enable logging for the Blob service with Read, Write, and Delete operations selected.
   

2. Configure the retention period according to policy.
   

3. Save and verify the settings.
   

Using Azure CLI:

1. Enable logging with all operations and set retention days:
   

   # az storage logging update --services b --log rwd --retention-days <days> --account-name <storage-account-name>

2. Confirm logging is configured properly.
   

Backout Plan

Using Azure Portal:

1. Disable logging if necessary.
   

2. Assess impact on monitoring and auditing capabilities.
   

Using Azure CLI:

Disable logging:

# az storage logging update --services b --log '' --retention-days 0 --account-name <storage-account-name>

References:

• Azure Storage Analytics Logging
• Monitor Azure Storage