Azure Cosmos Table
Storage Access Key
Service Name: Azure Cosmos DB Table API
Service Description: Azure Cosmos DB Table API provides a NoSQL key-value store using the semi-structured table storage model. It's compatible with Azure Table Storage but offers premium capabilities like global distribution, dedicated throughput, single-digit millisecond latencies, and comprehensive SLAs.
Service Address: https://azure.microsoft.com/en-us/products/cosmos-db/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Azure Cosmos DB account level using Virtual Network Service Endpoints and IP firewall rules.
Secret Access Scope: Grants full read/write access to all data within the Azure Cosmos DB table storage account.
Secret Revokement URL: https://portal.azure.com/ (Navigate to your Cosmos DB account > Access keys > Regenerate keys)
Secret Example: DefaultEndpointsProtocol=https;AccountName=mycosmosaccount;AccountKey=VGhp c0lzQVNhbXBsZUtleUZvckNvc21vc0RCVGFibGVBUEk==;TableEndpoint=https://mycosmo saccount.table.cosmos.azure.com:443/;
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual operations on your Cosmos DB account
- Check Azure Monitor metrics for unexpected spikes in request units, storage usage, or API calls
- Examine the IP addresses that accessed your Cosmos DB account using diagnostic logs
- Look for unauthorized table creation, deletion, or data manipulation
- Monitor for unusual query patterns or data access from unfamiliar locations
Mitigation Instructions:
- Immediately regenerate the primary and secondary access keys in the Azure Portal
- Update all legitimate applications with the new access keys
- Enable advanced threat protection for your Cosmos DB account
- Implement network security using Virtual Network Service Endpoints to restrict access
- Configure IP firewall rules to allow only trusted IP addresses
- Consider implementing Azure Private Link for your Cosmos DB account
- Enable Azure Defender for Cosmos DB to detect potential threats
- Review and update RBAC permissions to enforce the Principle of Least Privilege.