daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/appservice/azure-appservice-backup-ret...

56 lines
2.2 KiB
YAML
Raw Blame History

id: azure-appservice-backup-retention-missing
info:
name: Azure App Service Backup Retention Not Configured
author: princechaddha
severity: medium
description: |
Ensure that your Microsoft Azure App Services applications have a sufficient daily backup retention period configured for scheduled backups, in order to follow security and regulatory requirements. Prior to running this rule by the Cloud Conformity engine, the backup retention period must be configured in the rule settings, on the Cloud Conformity account dashboard. A retention value of 0 will keep backup files indefinitely.
impact: |
Lack of a backup retention configuration can lead to non-compliance with security and regulatory requirements and potential data loss.
remediation: |
Configure the daily backup retention period for Azure App Services applications in the Cloud Conformity account dashboard to meet security and compliance requirements.
reference:
- https://docs.microsoft.com/en-us/azure/app-service/manage-backup
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
flow: |
code(1);
for (let AppServiceData of iterate(template.appServiceList)) {
AppServiceData = JSON.parse(AppServiceData);
set("name", AppServiceData.name);
set("resourceGroup", AppServiceData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az webapp list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
extractors:
- type: json
name: appServiceList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az webapp config backup show --webapp-name $name --resource-group $resourceGroup --query 'backupSchedule.retentionPeriodInDays' --output json
matchers:
- type: word
part: stderr
words:
- "Backup configuration not found"
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " does not have a backup retention period configured"'
# digest: 4a0a00473045022048f108dd37000e5b488a64ecf97df7765f4b05c718bd7ed75a228173559b35bd022100b7e8fab784136dc41746b0750183374c6652528f8a0d48a7da673e01bd6271e7:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink