microsoft.web.sites.backups.delete

​

Event Information

1. The “microsoft.web.sites.backups.delete” event in Azure for AzureWebService refers to the deletion of a backup for a web app hosted on Azure.
2. This event indicates that a backup of the web app has been permanently removed from the Azure platform.
3. It is important to monitor this event to ensure that backups are being managed properly and to track any potential data loss or recovery issues.

​

Examples

1. Unauthorized deletion: If security is impacted with microsoft.web.sites.backups.delete in Azure for AzureWebService, it could potentially allow unauthorized individuals to delete backups of the web application. This could lead to data loss and compromise the availability and integrity of the application.

2. Data exposure: If security is impacted with microsoft.web.sites.backups.delete in Azure for AzureWebService, it could result in the exposure of sensitive data stored within the backups. Attackers could potentially gain access to confidential information, such as customer data or intellectual property, leading to potential legal and reputational consequences.

3. Malicious activity: If security is impacted with microsoft.web.sites.backups.delete in Azure for AzureWebService, it could be exploited by malicious actors to cover their tracks after compromising the web application. By deleting backups, attackers can erase evidence of their activities, making it difficult for incident response teams to investigate and remediate the breach.

​

Remediation

​

Using Console

To remediate the issues for Azure AzureWebService using the Azure console, you can follow these step-by-step instructions:

1. Enable Azure Security Center:

   • Go to the Azure portal and search for “Security Center” in the search bar.
   • Select “Security Center” from the results and click on it.
   • In the Security Center dashboard, click on “Pricing & settings” in the left menu.
   • Choose the subscription and resource group where your AzureWebService is located.
   • Click on “Apply to all resources” to enable Security Center for all resources in the selected resource group.
   • Review the pricing tier options and select the appropriate tier for your needs.
   • Click on “Save” to enable Security Center.

2. Implement Network Security Groups (NSGs):

   • Go to the Azure portal and search for “Virtual machines” in the search bar.
   • Select “Virtual machines” from the results and click on it.
   • Find the virtual machine(s) associated with your AzureWebService.
   • Select the virtual machine and click on “Networking” in the left menu.
   • Under “Inbound port rules”, click on “Add inbound port rule” to add a new rule.
   • Configure the rule to allow only the necessary inbound traffic for your AzureWebService.
   • Repeat the above steps for all virtual machines associated with your AzureWebService.

3. Implement Azure Key Vault for secrets management:

   • Go to the Azure portal and search for “Key vaults” in the search bar.
   • Select “Key vaults” from the results and click on it.
   • Click on “Add” to create a new key vault.
   • Provide the necessary details like name, subscription, resource group, and region.
   • Configure access policies to grant necessary permissions to your AzureWebService.
   • Click on “Review + create” and then “Create” to create the key vault.
   • Once the key vault is created, you can store and manage secrets securely.

Note: The above steps are general guidelines and may vary depending on your specific Azure setup and requirements. It is recommended to refer to the official Azure documentation for detailed instructions and best practices.

​

Using CLI

To remediate the issue for Azure Web Service using Azure CLI, you can follow these steps:

1. Enable diagnostic logs:

   • Use the az webapp log config command to enable diagnostic logs for the Azure Web Service.
   • Specify the desired log level and retention days using the --web-server-logging and --detailed-error-messages parameters respectively.

2. Enable HTTPS Only:

   • Use the az webapp update command to enable HTTPS Only for the Azure Web Service.
   • Set the --https-only parameter to true to enforce HTTPS communication.

3. Enable Managed Service Identity (MSI):

   • Use the az webapp identity assign command to enable Managed Service Identity for the Azure Web Service.
   • This will provide the service with an automatically managed identity in Azure Active Directory, which can be used for authentication and authorization purposes.

Please note that the actual CLI commands may vary based on your specific Azure environment and requirements.

​

Using Python

To remediate the issues for Azure AzureWebService using Python, you can follow these steps:

1. Monitoring and Alerting:

   • Use the Azure Monitor service to set up monitoring and alerting for your Azure Web Service.
   • Create a metric alert to trigger an action when a specific condition is met, such as high CPU usage or low memory availability.
   • Use the Azure SDK for Python to programmatically create and manage alerts. Here’s an example script:

   from azure.mgmt.monitor import MonitorManagementClient
   from azure.identity import DefaultAzureCredential
   
   # Authenticate using DefaultAzureCredential
   credential = DefaultAzureCredential()
   
   # Create a MonitorManagementClient
   monitor_client = MonitorManagementClient(credential, subscription_id)
   
   # Define the alert rule parameters
   alert_rule_params = {
       'location': 'eastus',
       'name': 'High CPU Alert',
       'description': 'Alert triggered when CPU usage exceeds 80%',
       'severity': 2,
       'enabled': True,
       'condition': {
           'odata.type': 'Microsoft.Azure.Management.Monitor.Models.ThresholdRuleCondition',
           'dataSource': {
               'odata.type': 'Microsoft.Azure.Management.Monitor.Models.RuleMetricDataSource',
               'resourceUri': '/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Web/sites/{web_service_name}',
               'metricName': 'CpuPercentage',
               'operator': 'GreaterThan',
               'threshold': 80
           }
       },
       'actions': [
           {
               'odata.type': 'Microsoft.Azure.Management.Monitor.Models.RuleEmailAction',
               'sendToServiceOwners': True
           }
       ]
   }
   
   # Create the alert rule
   monitor_client.alert_rules.create_or_update(
       resource_group_name,
       web_service_name,
       alert_rule_name,
       alert_rule_params
   )
   

2. Security and Compliance:

   • Implement Azure Security Center to continuously monitor the security posture of your Azure Web Service.
   • Enable Azure Security Center’s Just-In-Time (JIT) VM Access feature to restrict access to your virtual machines.
   • Use the Azure SDK for Python to programmatically enable JIT VM Access. Here’s an example script:

   from azure.mgmt.security import SecurityCenterManagementClient
   from azure.identity import DefaultAzureCredential
   
   # Authenticate using DefaultAzureCredential
   credential = DefaultAzureCredential()
   
   # Create a SecurityCenterManagementClient
   security_center_client = SecurityCenterManagementClient(credential, subscription_id)
   
   # Enable JIT VM Access for the web service's virtual machines
   security_center_client.jit_network_access_policies.create_or_update(
       resource_group_name,
       web_service_name,
       'default',
       {
           'location': 'eastus',
           'virtualMachines': [
               {
                   'id': '/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Compute/virtualMachines/{vm_name}',
                   'ports': [
                       {
                           'number': 22,
                           'protocol': 'Tcp',
                           'allowedSourceAddressPrefixes': ['0.0.0.0/0']
                       }
                   ],
                   'protocols': ['Tcp']
               }
           ]
       }
   )
   

3. Cost Optimization:

   • Utilize Azure Cost Management and Billing to monitor and optimize the costs of your Azure Web Service.
   • Enable cost alerts to receive notifications when your spending exceeds a certain threshold.
   • Use the Azure SDK for Python to programmatically create cost alerts. Here’s an example script:

   from azure.mgmt.costmanagement import CostManagementClient
   from azure.identity import DefaultAzureCredential
   
   # Authenticate using DefaultAzureCredential
   credential = DefaultAzureCredential()
   
   # Create a CostManagementClient
   cost_management_client = CostManagementClient(credential, subscription_id)
   
   # Define the cost alert parameters
   cost_alert_params = {
       'name': 'High Cost Alert',
       'description': 'Alert triggered when monthly spending exceeds $1000',
       'enabled': True,
       'threshold': 1000,
       'time_grain': 'Monthly',
       'time_window': 'PT1H',
       'query': "cost > 1000"
   }
   
   # Create the cost alert
   cost_management_client.alerts.create_or_update(
       resource_group_name,
       'default',
       cost_alert_params
   )
   

Please note that the provided scripts are just examples and may require modifications based on your specific Azure environment and requirements.