An entity was observed enabling public access to a given Storage Account.
Possible Root Causes
Unauthorized Modification: An attacker may be scanning and modifying storage account configurations to enable data exfiltration.
IT Misconfiguration: An authorized administrator may have unintentionally altered security settings, weakening the storage account's security posture and increasing the risk of data loss.
Legitimate Administrative Action: An administrator or automated task is making authorized modifications to access controls on a storage account.
Business Impact
Malicious or unintentional weakening of security controls around storage accounts can lead to data loss.
Steps to Verify
Investigate the Initiating Account: Review the account or entity that made the change for other signs of malicious activity.
Check for Data Loss: Investigate whether any unauthorized data access or exfiltration has occurred.
Validate Public Access: Determine if the storage account in question is authorized for public access based on security policies.
If Malicious Actions or High-Risk Configurations Are Suspected:
Revert the configuration to restrict public access.
Disable credentials associated with the alert to prevent further unauthorized modifications.
Conduct a comprehensive investigation to determine the extent of potential exposure and assess the scope of impacted resources.
Azure Suspect Public Storage Account Change
Possible root causes
Malicious Detection
Benign Detection
Azure Suspect Public Storage Account Change
Example scenarios
Azure Suspect Public Storage Account Change
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.