Azure Storage

Analyzer: Azure Storage

The Azure Storage Analyzer is designed to optimize and manage your Azure Storage infrastructure, including storage accounts, containers, and blobs. This Analyzer helps IT Operations (IT Ops) and Security Operations (Sec Ops) engineers gain visibility into their storage assets and provides insights that allow for improved performance, cost efficiency, and compliance. By leveraging this Analyzer, teams can monitor storage usage, detect misconfigurations, and ensure that storage infrastructure adheres to security best practices.

From a security perspective, it enables the identification of vulnerable or improperly configured storage containers, such as those that are public or lack encryption. From a compliance standpoint, it helps ensure that Azure Storage resources are correctly tagged and meet necessary regulatory requirements. In terms of operational observability, it provides ongoing monitoring and performance insights, which helps to optimize storage utilization, track trends, and improve overall efficiency.

Sightline: Storage Account

The Storage Account sightline focuses on giving a high-level overview of the Azure Storage accounts and their associated characteristics. It allows IT Ops and Sec Ops engineers to track usage, identify misconfigurations, and ensure that storage accounts are properly configured for optimal performance and security. This sightline provides value by highlighting areas where storage accounts may need attention, such as accounts hosting static sites or accounts with unusual access patterns.

Widgets:

• All Storage Accounts

• Storage Accounts Hosting Static Sites

• Users Access to Storage Accounts

• Groups Access to Storage Accounts

• Storage Account Location Distribution

Sightline: Azure Container

The Azure Container sightline provides detailed visibility into individual Azure Storage containers. It helps Sec Ops and IT Ops engineers identify trends, monitor security and compliance metrics, and track the usage of Azure Containers. The sightline is valuable for identifying containers that might require attention, such as those with missing tags, unversioned data, or containers that are not following proper encryption practices.

Widgets:

• All Containers

• Containers Without Tags

• Private Containers

• Empty Containers

• Unversioned Containers

• Containers with and without Tags

• Containers Replication Distribution

• Containers Default Encryption Scopes

• Azure Containers Size Trend

• Azure Containers Item Count Trend

Alerts

Empty Containers Count

The Empty Containers Count alert notifies Sec Ops and IT Ops engineers when the number of empty containers exceeds a defined threshold. Empty containers may indicate underutilized resources that could be removed to improve efficiency and reduce costs. From a security perspective, the presence of empty containers may also reveal unused assets that should be examined for possible vulnerabilities.

Azure Containers Size Trend

The Azure Containers Size Trend alert tracks the growth of container sizes over time. This alert is essential for IT Ops engineers to monitor storage usage patterns and anticipate resource scaling needs. For Sec Ops, it can help detect unexpected spikes that may indicate a security issue, such as data exfiltration attempts or unauthorized data growth.

Azure Containers Count Trend

The Azure Containers Count Trend alert monitors changes in the number of containers over time. A sudden increase in container counts could indicate potential misuse or configuration changes that need to be addressed. IT Ops teams can use this alert to detect anomalies in container provisioning, while Sec Ops teams may be alerted to potential misconfigurations or security concerns.

Unversioned Storage Containers Count

The Unversioned Storage Containers Count alert flags containers that are not using versioning. Without versioning, containers are vulnerable to data loss or overwrites. This alert is critical for Sec Ops engineers, as versioning is a fundamental best practice for maintaining data integrity and protecting against accidental or malicious data loss.

Total Count of Vulnerable Containers

The Total Count of Vulnerable Containers alert tracks containers that are potentially vulnerable due to configuration issues like lack of encryption or public access. This alert provides value to Sec Ops by highlighting security gaps that could expose sensitive data to unauthorized access or tampering. For IT Ops, it signals areas where containers may need reconfiguration to align with best practices.