Skill

detecting-azure-storage-account-misconfigurations

From asi

Audits Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using azure-mgmt-storage Python SDK. Useful for cloud security audits and incident investigations.

Python

Azure

security

infrastructure

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Azure Storage accounts are a frequent target for attackers due to misconfigured public access, long-lived SAS tokens, missing encryption, and outdated TLS versions. This skill uses the azure-mgmt-storage Python SDK with StorageManagementClient to enumerate all storage accounts in a subscription, inspect their security properties, list blob containers for public access settings, and generate a r...

SKILL.md

Similar Skills

detecting-azure-storage-account-misconfigurations

5.9k

Audits Azure Blob/ADLS storage accounts for public access, weak SAS tokens, missing encryption, HTTPS/TLS issues using azure-mgmt-storage Python SDK. Outputs risk-scored JSON report.

3 files

cybersecurity-skills

detecting-misconfigured-azure-storage

Detects misconfigured Azure Storage accounts including public blob containers, missing encryption, permissive SAS tokens, disabled logging, and network violations using Azure CLI, PowerShell, and Defender for Storage. For security audits and compliance.

asi

detecting-azure-storage-account-misconfigurations

Audits Azure Blob and ADLS storage accounts for public access exposure, weak/long SAS tokens, missing encryption, disabled HTTPS-only traffic, and outdated TLS using azure-mgmt-storage Python SDK.

3 files

cybersecurity-skills-zh

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

detecting-azure-storage-account-misconfigurations

From asi

Detecting Azure Storage Account Misconfigurations

Overview

When to Use

When investigating security incidents that require detecting azure storage account misconfigurations

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.9+ with azure-mgmt-storage, azure-identity

Azure service principal with Reader role on target subscription

Environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID

Key Detection Areas

Public blob access — allow_blob_public_access enabled on storage account or individual containers set to Blob/Container access level

HTTPS enforcement — enable_https_traffic_only disabled, allowing unencrypted HTTP traffic

Minimum TLS version — accounts accepting TLS 1.0 or TLS 1.1 instead of minimum TLS 1.2

Encryption at rest — storage service encryption not enabled or missing customer-managed keys

Network rules — default action set to Allow instead of Deny, exposing storage to all networks

SAS token risks — account-level SAS with overly broad permissions or excessive lifetime

Output

JSON report with per-account findings, severity ratings (Critical/High/Medium/Low), and remediation recommendations aligned with CIS Azure Benchmark controls.