Azure Web PubSub Key
Service Name: Azure Web PubSub
Service Description: Azure Web PubSub is a real-time messaging service that enables you to build real-time web applications with WebSockets. It simplifies the process of adding real-time communications to web applications by managing WebSocket connections for you and providing a simple publish-subscribe model for sending messages to connected clients.
Service Address: https://azure.microsoft.com/en-us/services/web-pubsub/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level through Azure networking features like Private Endpoints, Service Endpoints, and Network Security Groups.
Secret Access Scope: Grants access to publish and subscribe to messages in Azure Web PubSub service instances, manage client connections, and administer the service.
Secret Revokement URL: https://portal.azure.com/ (Navigate to your Web PubSub resource > Access keys > Regenerate keys)
Secret Example: Endpoint=https://mypubsub.webpubsub.azure.com;AccessKey=xJGOPsRUz8h5hLPeCv mXyzB7Ggv+VKJqz+JZIKFOeJg=;Version=1.0;
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual operations on your Web PubSub resource
- Check Azure Monitor metrics for unexpected spikes in connection or message counts
-
Examine IP addresses that have connected to your Web PubSub service
-
Review client connection patterns for anomalies
- Check for unauthorized client groups or unauthorized message publishing
Mitigation Instructions:
- Immediately regenerate the Web PubSub access key in the Azure Portal
- Navigate to your Web PubSub resource in the Azure Portal
- Select "Keys" from the left navigation menu
- Click "Regenerate" for the compromised key
- Update your applications with the new key
- Consider implementing role-based access control (RBAC) for more granular permissions
- Enable diagnostic logs for better monitoring and auditing
- Configure network security rules to restrict access to trusted networks only
- Review and update your application's authentication mechanisms