Skip to content

AZT605.1 - Resource Secret Reveal: Storage Account Access Key Dumping#

By accessing a Storage Account, an adversary may dump access keys pertaining to the Storage Account, which will give them full access to the Storage Account.

Resource

Azure Storage Account

Actions

  • Microsoft.Storage/storageAccounts/listkeys/action

Detections

Logs#

Data Source Operation Name Action Log Location
Resource TBD TBD Azure Activity Log

Queries#

|where OperationNameValue=="TBD"