Azure Monitor

Key Vault Log Analytics Disabled

Risk Level: Low

Description: 

This plugin guarantees that Key Vault Log Analytics logs are transmitted to Azure Monitor correctly. When you enable Send to Log Analytics, you can be certain that all of your Key Vault logs will be appropriately monitored and handled. As a Key Management solution, Azure Key Vault may be utilized. Azure Key Vault makes it simple to generate and manage encryption keys for your data.

PingSafe strongly recommends sending all diagnostic logs for Key Vault from the Azure Monitor service to Log Analytics.

About the Service :

Azure Monitor can help you improve the availability and performance of your apps and services. It provides a complete solution for gathering, evaluating, and responding to telemetry from the cloud and on-premises settings. This data enables you to better understand how your apps are doing and to detect concerns that may harm them or the resources they rely on in the future.

Impact : 

We can use Azure key logs to keep track of how and when your key vaults are accessed. To safeguard your logs by limiting who can access them, it is recommended that you utilize standard Azure access control mechanisms in your storage account.

Steps to Reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Key Vaults.
  3. Next, move to Diagnostics Settings under Monitoring.
  4. Click on Edit settings in the diagnostic settings. Check if the Key Vaults Log Analytics is enabled or not in the diagnostic settings. IF allLogs or Audit is unchecked then the vulnerability exists.
  5. Follow the same steps for other security groups as well.

Steps for Remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Key Vaults.
  3. Next, move to Diagnostics Settings under Monitoring.
  4. Click on Edit settings in the diagnostic settings. Check if the Key Vaults Log Analytics is enabled or not in the diagnostic settings. If allLogs or Audit is unchecked then the vulnerability exists.
  5. Check either one of audit and allLogs. Now, the key vault log analytics is enabled.
  6. Follow the same steps for other security groups as well.

References :

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support