- CNS Policies
- Azure Knowledge Base
- Storage Accounts
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
Blobs Soft Deletion Disabled
Risk Level: Low
Description
The plugin triggers when the soft deletion is not enabled for the blob container. The soft delete feature will allow the users to retrieve the deleted blobs within a set time period before it is permanently deleted. This ensures any critical information can be restored if deleted accidentally.
About the Service
Storage Accounts: An azure storage account is used to store the customer’s data objects such as files, queues, shares, etc. The storage accounts ensure high availability for the clients and allot a unique namespace for the storage data and are accessible from anywhere around the world using HTTP or HTTPS protocols.
Impact
If the soft delete for blob is disabled, then the original or unintentionally deleted blobs cannot be retrieved back. This may cause a serious impact if any business-critical information is deleted accidentally.
Steps to Reproduce
- Login to azure portal.
- Click on Storage accounts for Services.
- Select any one of the provided accounts to check for the policy.
- From the navigation bar, select Data protection from Data management.
- If the Enable soft delete for blob is not selected go to the Steps for remediation section.
Steps for Remediation
- Log in to the Azure portal.
- Click on Storage accounts for Services.
- Select any one of the provided accounts to check for the policy.
- From the navigation bar, select Data protection from Data management.
- To Enable soft delete for blob select the checkbox and mention the number of days to keep the deleted blobs, by default value is 7 days.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support