Microsoft Azure Essentials Fundamentals of Azure Second Edition e-optimized 5x11 pdf

Using Storage Analytics to audit access

Download 8,71 Mb.

Pdf ko'rish

bet	131/260
Sana	16.09.2021
Hajmi	8,71 Mb.
	#176022

1 ... 127 128 129 130 131 132 133 134 ... 260

Bog'liq
9781509302963 Microsoft Azure Essentials Fundamentals of Azure 2nd ed pdf

AnonymousSuccess
SASSuccess
Success

Using Storage Analytics to audit access
You may want to see how people are accessing your storage account. Do all the requests use an SAS?
How many people are accessing the storage account using the actual storage account keys?
To check this, you can enable the logging in the Azure Storage Analytics and check the results after a
while. Enabling the logging tells the Azure Storage service to log all requests to the storage account.
(Note that at this time, only blobs, tables, and queues are supported.)
The logs are stored in a container called $logs in blob storage. They are stored by date and time,
collected by hour. If there is no activity, no logs are generated.
Here are the fields that are stored in the logs.

;;;;code>;;;;account-name>;;;;key>;;;;header>;;;;size>;;;;;time>;;;;
The fields in bold are the ones in which we are interested. So if you look at a log file, these are the
three cases we can look for:
1.
The blob is public, and it is accessed using a URL without an SAS. In this case, the request-status
will be Success'>AnonymousSuccess and the authentication type will be anonymous.
1.0;2015-11-
17T02:01:29.0488963Z;GetBlob;AnonymousSuccess;200;124;37;anonymous;;mystorage…
2.
The blob is private and was used with an SAS. In this case, the request-status is SASSuccess and
the authentication type is sas.
1.0;2015-11-16T18:30:05.6556115Z;GetBlob;SASSuccess;200;416;64;sas;;mystorage…
3.
The blob is private, and the storage key was used to access it. In this case, the request-status is
Success and the authentication type is authenticated.
1.0;2015-11-16T18:32:24.3174537Z;GetBlob;Success;206;59;22;authenticated;mystorage…
To view and analyze these log files, you can use the Microsoft Message Analyzer (free from Microsoft).
You can download the Message Analyzer here:
https://www.microsoft.com/download/details.aspx?id=44226
. The operating guide is here:
https://technet.microsoft.com/library/jj649776.aspx.

The Message Analyzer lets you search and filter the data. An example of when you might want to do
this is if you have your keys stored in Azure Key Vault and only one application has access to the
Azure Key Vault. In that case, you might search for instances where GetBlob was called and make sure
there aren’t any calls that were authenticated in any other way.

113
CHAPTER 4 | Azure Storage

Download 8,71 Mb.

Do'stlaringiz bilan baham:

1 ... 127 128 129 130 131 132 133 134 ... 260