Storage

Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2. Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility. This check will warn if the minimum TLS is not set to TLS1_2.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

Some Microsoft services that interact with storage accounts operate from networks that can’t be granted access through network rules. To help this type of service work as intended, allow the set of trusted Microsoft services to bypass the network rules
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

Storage Analytics logs detailed information about successful and failed requests to a storage service. This information can be used to monitor individual requests and to diagnose issues with a storage service. Requests are logged on a best-effort basis.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

Detected a Storage that was not configured to deny action by default. Add default_action = "Deny" in your resource block.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-16: CWE CATEGORY: Configuration
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration

Detected a Storage that was not configured to deny action by default. Add enable_https_traffic_only = true in your resource block.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures