Skip to content

Azure Service Bus

Shared Access Key

Service Name: Azure Service Bus

Service Description: Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics. Service Bus is used to decouple applications and services from each other, providing reliable message transfer between applications and services.

Service Address: https://azure.microsoft.com/en-us/services/service-bus/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the network level using Azure Virtual Network service endpoints and firewall rules.

Secret Access Scope: Grants access to send and receive messages from Azure Service Bus namespaces, queues, and topics based on the assigned permissions (Send, Listen, Manage).

Secret Revokement URL: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas-overview#revoke-keys

Secret Example: SharedAccessSignature sr=https%3A%2F%2Fmyservicebus.servicebus.windows.net%2F&sig=pD1FVEJAHDPGKPVzizo6dVCTY4oqBuzWNMNBPWnttsSs%3D&se=1699887484&skn=RootManageSharedAccessKey

Suspicious Activity Investigation Instructions:

  • Review Azure Service Bus metrics and logs in Azure Monitor for unusual message patterns or volume spikes.
  • Check Azure Activity Logs for unauthorized access attempts or configuration changes to your Service Bus namespace.
  • Examine IP addresses that have accessed your Service Bus namespace for unfamiliar locations.
  • Review the permissions assigned to the shared access key to ensure they're appropriate.
  • Monitor for unusual message processing patterns that could indicate unauthorized use.

Mitigation Instructions:

  • Immediately regenerate the shared access key in the Azure Portal under your Service Bus namespace > Shared access policies.
  • Update all legitimate applications with the new key.
  • Consider implementing more granular access policies with minimum required permissions.
  • Enable Azure Private Link for your Service Bus namespace to restrict network access.
  • Implement Azure AD authentication instead of shared access signatures when possible.
  • Set up Azure Monitor alerts to detect unusual activity patterns.
  • Review and update network security groups and firewall rules to restrict access to trusted networks.