Ensures that there are no undesired old VM disk snapshots.
Risk Level: Medium
Description
This plugin checks that the Azure subscription does not contain any old or undesired disk snapshots. If the time span chosen as the threshold value is exceeded, the snapshot is considered old.
Configuration Parameters
Days Since Snapshot Creation: This parameter denotes the number of days since the creation of the snapshot, after which it must be deleted. An alert is generated if the snapshot is older than the specified number of days.
By default, the value is set to 30, therefore it will return a vulnerability if the disk snapshot is older than 30 days.
About the Service
Azure Virtual Machines:
Azure Virtual Machines (VM) are one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide. To know more, read here.
Impact
Monthly storage charges apply to the disk snapshots as long as they are present in your Azure subscription, whether or not they are used. As a result, SentinelOne CNS strongly recommends removing any outdated disk snapshots from your Azure directories to help reduce your billing charges.
Steps to Reproduce
Using Azure Console-
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s "Snapshots" using search bar. You can also use this link here to navigate directly if you’re already logged in.
- Check the Time created of the snapshot and verify if it is higher than the threshold value set. By default, it is 30 days. (This can be checked in your account by checking the above-mentioned configuration parameter). If it is, then the snapshot is old and must be removed from your project.
- Repeat step 4 for all the snapshots you want to investigate in the selected directory.
- If you have multiple directories, repeat steps 2 to 5 for each directory in your Azure Console.
Steps for Remediation
Follow the steps given below to make the necessary changes.
Using GCP Console-
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s "Snapshots" using search bar. You can also use this link here to navigate directly if you’re already logged in.
- In the list of snapshots displayed, select a snapshot you wish to re-configure. (In case you aren’t sure which one needs to be configured, follow the steps to reproduce listed above to determine which VM to choose.)
- From the top bar, click on the Delete button to delete the snapshot.
- Repeat steps 3 to 5 for all the VM want to reconfigure in the selected directory.
- If you have multiple directories, repeat steps 2 to 6 for each directory in your Azure Console.