Azure Monitor

CDN Profile Log Analytics Disabled

Risk Level: Low

Description: 

This plugin guarantees that CDN Profile Log Analytics logs are transmitted to Azure Monitor correctly. When you enable Send to Log Analytics, all CDN Profile logs are appropriately monitored and controlled. Diagnostics logs enable you to export basic use metrics from your CDN endpoint to a variety of sources, allowing you to consume them in a customizable manner.

PingSafe strongly recommends ensuring that diagnostic logging is enabled for each CDN profile.


About the Service :

Azure Monitor can help you improve the availability and performance of your apps and services. It provides a complete solution for gathering, evaluating, and responding to telemetry from the cloud and on-premises settings. This data enables you to better understand how your apps are doing and to detect concerns that may harm them or the resources they rely on in the future.

Impact : 

Diagnostics logs enable you to export basic use metrics from your CDN endpoint to a variety of sources, allowing you to consume them in a customizable manner. With CDN Profile Log Analytics, we can export many sorts of data.

Steps to reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s CDN.
  3. Next, move to Diagnostics Settings under Monitoring.
  4. Click on Edit settings in the diagnostic settings. Check if the CDN Profile Log Analytics is enabled or not in the diagnostic settings. IF allLogs is unchecked then the vulnerability exists.
  5. Follow the same steps for other security groups as well.

Steps for Remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s CDN.
  3. Next, move to Diagnostics Settings under Monitoring.
  4. Click on Edit settings in the diagnostic settings. Check if the CDN Profile Log Analytics is enabled or not in the diagnostic settings. IF allLogs is unchecked then the vulnerability exists.
  5. Check the allLogs box and click on Save.
  6. Follow the same steps for other security groups as well.

References :

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support