logo

Database

Traceability Loss - Azure

Description

The Azure configurations do not enable the log service with enough granularity. Omitting relevant information may hinder the detection of anomalous behaviors or security breaches.

Impact

Hinder the detection of security issues.

Recommendation

Configure the logs with the necessary granularity level to detect and identify potentially harmful behaviors by enabling logging for read, write and delete requests.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Details

https://docs.bridgecrew.io/docs/enable-requests-on-storage-logging-for-queue-service

Requirements

075 - Record exceptional events in logs376 - Register severity level377 - Store logs based on valid regulation378 - Use of log management system

Fixes

Azure

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

H

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

N

Integrity (VI)

L

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

U

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U