Ensure that Azure Storage Blob service logging is enabled for read, write, and delete requests. The Storage Blob service provides scalable, cost-efficient objective storage in the Azure cloud. Storage logging is performed server-side and allows details for both successful and failed requests to be recorded in the associated storage account. These logs contain the following information about the individual requests: timing information such as start time, end-to-end latency, server latency, authentication details, concurrency information, and the size of the request/response.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By default, Azure Storage Blob service logging is disabled for read, write, and delete operations. Once enabled, the storage logging will provide detailed information about successful and failed requests made to the blob storage service. This information can be used to monitor individual requests and to diagnose issues with your blob data.
To determine if the Azure Storage Blob service logging is enabled, perform the following actions:
Remediation / Resolution
To enable logging for Azure Storage Blob service (read, write, and delete requests), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Logging for Azure Storage Blob Service
Risk level: Medium