Our next-gen architecture is built to help you make sense of your ever-growing data.

Watch a 4-min demo video!

Quick Start Security for Azure Functions

thank you

Thank you!

We got your information.

Azure Functions
Azure Functions icon

Coralogix Extension For Azure Functions Includes:

Alerts - 4

Stay on top of Azure Functions key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Function Modified by IAM User

This alert triggers when an IAM user modifies an Azure function. Impact An attacker might modify a Azure function in order to maintain persistence or exfiltrate data being processed at runtime within an Azure environment. Mitigation Validate if the IAM user was authorized to perform the modification and if the action was legitimate. If not, revert the action and investigate further. MITRE Tactic: TA0042 MITRE Technique: T1584 MITRE Sub-Technique: 007

Function Was Deleted

This alert triggers when a Azure function is deleted. To delete a specific function version, use the Qualifier parameter. Otherwise, all versions and aliases are deleted. Impact Deleting a Azure function will immediately stop any ongoing executions and prevent any further invocations. It's important to ensure that there are no critical processes or dependencies relying on the function at the time of deletion. Mitigation Check if the action was legitimate. if not, investigate further for any malicious activities. Additionally, before deleting a Azure function, make sure to communicate with relevant stakeholders and check if there are any active processes that might be affected. You can also consider setting up alarms or notifications to alert you before deleting any important functions. MITRE Tactic: TA0040 MITRE Technique: T1485

Function Was Created

This alert triggers if new Azure Functions have been created which can be used to perform actions. Impact If a threat actor gains unauthorized access to your Azure account, they may create new Lambda functions for malicious purposes, such as running unauthorized code or executing denial-of-service (DoS) attacks. Mitigation Check if the action was legitimate and if the created function is not malicious. If not, investigate further. MITRE Tactic: TA0042 MITRE Technique: T1584 MITRE Sub-Technique: 007

Resource based Policy Modified by IAM User

This alert triggers when an Azure function resource-based policy is modified by an IAM user. Impact An attacker might modify an Azure function's resource-based policy in order to maintain persistence or allow its invocation from an external account. Mitigation Validate if the IAM user was authorized to perform the modification and if the action was legitimate. If not, revert the action and investigate further. MITRE Tactic: TA0042 MITRE Technique: T1584 MITRE Sub-Technique: 007

Integration

Learn more about Coralogix's out-of-the-box integration with Azure Functions in our documentation.

Read More
Schedule Demo

Enterprise-Grade Solution