Merge pull request nccgroup#480 from nccgroup/enhancement/Azure-newRules

Enhancement/Azure New Rules

ScoutSuite/output/data/html/partials/azure/services.storageaccounts.storage_accounts.html

@@ -7,8 +7,9 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">Storage Account Name: <span id="storageaccounts.storage_accounts.{{@key}}.name">{{name}}</span></div>
-        <div class="list-group-item-text item-margin">HTTPS required: <span id="storageaccounts.storage_accounts.{{@key}}.https_traffic_enabled">{{https_traffic_enabled}}</span></div>
-        <div class="list-group-item-text item-margin">Public traffic: <span id="storageaccounts.storage_accounts.{{@key}}.public_traffic_allowed">{{ convert_bool_to_enabled public_traffic_allowed }}</span></div>
+        <div class="list-group-item-text item-margin">HTTPS required: <span id="storageaccounts.storage_accounts.{{@key}}.https_traffic_enabled">{{convert_bool_to_enabled https_traffic_enabled}}</span></div>
+        <div class="list-group-item-text item-margin">Public traffic: <span id="storageaccounts.storage_accounts.{{@key}}.public_traffic_allowed">{{convert_bool_to_enabled public_traffic_allowed }}</span></div>
+        <div class="list-group-item-text item-margin">Microsoft Trusted Services: <span id="storageaccounts.storage_accounts.{{@key}}.trusted_microsoft_services_enabled">{{convert_bool_to_enabled trusted_microsoft_services_enabled }}</span></div>
         <div class="list-group-item-text item-margin">Last access keys rotation:
             <span id="storageaccounts.storage_accounts.{{@key}}.access_keys_rotated">
                 {{#if access_keys_last_rotation_date }}

ScoutSuite/providers/azure/resources/storageaccounts/base.py

@@ -32,14 +32,19 @@ def _parse_storage_account(self, raw_storage_account):
         storage_account['name'] = raw_storage_account.name
         storage_account['https_traffic_enabled'] = raw_storage_account.enable_https_traffic_only
         storage_account['public_traffic_allowed'] = self._is_public_traffic_allowed(raw_storage_account)
-        storage_account['access_keys_last_rotation_date'] =\
+        storage_account['trusted_microsoft_services_enabled'] = \
+            self._is_trusted_microsoft_services_enabled(raw_storage_account)
+        storage_account['access_keys_last_rotation_date'] = \
             self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs)
 
         return storage_account['id'], storage_account
 
     def _is_public_traffic_allowed(self, storage_account):
         return storage_account.network_rule_set.default_action == "Allow"
 
+    def _is_trusted_microsoft_services_enabled(self, storage_account):
+        return storage_account.network_rule_set.bypass == "AzureServices"
+
     def _parse_access_keys_last_rotation_date(self, activity_logs):
         last_rotation_date = None
         for log in activity_logs:

ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json

@@ -0,0 +1,10 @@
+{
+    "dashboard_name": "Storage Accounts",
+    "description": "Trusted Microsoft Services Enabled",
+	"rationale": "<b>Description:</b><br><br><br><br><b>References:</b><ul><li>CIS Microsoft Azure Foundations v1.0.0 3.8</li></ul>",
+    "path": "storageaccounts.storage_accounts.id",
+    "conditions": [ "and",
+        [ "storageaccounts.storage_accounts.id.trusted_microsoft_services_enabled", "false", ""]
+    ],
+    "id_suffix": "trusted_microsoft_services_enabled"
+}

ScoutSuite/providers/azure/rules/rulesets/default.json

@@ -200,6 +200,12 @@
                 "enabled": true,
                 "level": "danger"
             }
+        ],
+        "storageaccount-trusted-microsoft-services.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
         ]
     }
 }