Azure Container Registry Credential
Service Name: Azure Container Registry
Service Description: Azure Container Registry is a managed, private Docker registry service provided by Microsoft Azure. It allows you to build, store, and manage container images and artifacts in a private registry for all types of container deployments.
Service Address: https://azure.microsoft.com/en-us/products/container-registry/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the registry level using Azure network security features like service endpoints, private endpoints, and firewall rules.
Secret Access Scope: Grants access to push, pull, and manage container images within the specified Azure Container Registry.
Secret Revokement URL: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account
Secret Example: myregistryname:uEoIF92ADFmcmw2xOiF8g8QRP2dT4hgr
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual registry access patterns.
- Check for unexpected image pushes or pulls in the registry.
- Monitor for unauthorized access attempts or unusual IP addresses accessing the registry.
- Review Azure Monitor metrics for unusual spikes in registry operations.
- Check for modifications to registry permissions or network access rules.
Mitigation Instructions:
- Disable the admin user account if it's not required (recommended approach).
- Regenerate the admin password through the Azure portal.
- Navigate to your Azure Container Registry in the Azure portal.
- Go to "Access keys" under "Settings".
- Click "Regenerate" next to the password you want to reset.
- Update any applications or CI/CD pipelines using the old credentials.
- Consider implementing Azure AD authentication instead of admin credentials for better security.
- Enable Azure Defender for Container Registries to detect vulnerabilities.
- Implement network restrictions to limit registry access to specific networks.