cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to block IPs trying to hit Key Vaults?

Jeff Walzer
Iron Contributor

‎Oct 20 2021 10:57 AM - edited ‎Oct 21 2021 03:48 AM

‎Oct 20 2021 10:57 AM - edited ‎Oct 21 2021 03:48 AM

How to block IPs trying to hit Key Vaults?

I have an alert - Mass secret retrieval from Azure Key Vault - for an external IP that is trying to access out key vaults over and over. When I check the Azure Key Vault Security workbook and look under the 'Analytics over Key Vault events' tab and then go to Event Analysis > Failed events > Activity by Caller IP, I see this IP at the top of the list basically launching continuous key vault requests.

 

How do I go about blocking this IP?

 

Thx

1,117 Views
1 Like
3 Replies
Reply
3 Replies
best response confirmed by Jeff Walzer (Iron Contributor)
Chandrasekhar_Arya

‎Oct 20 2021 05:48 PM

‎Oct 20 2021 05:48 PM

Solution

Re: How to block IPs trying to hit Kay Vaults?

Have you enabled firewall for key vault it's not enabled by default
Ref the below article https://docs.microsoft.com/en-us/azure/key-vault/general/network-security
1 Like
Reply
Jeff Walzer

‎Oct 21 2021 03:59 AM

‎Oct 21 2021 03:59 AM

Re: How to block IPs trying to hit Kay Vaults?

@Chandrasekhar_Arya - Thx again for the reply and info as I needed to allow access only from selected networks

0 Likes
Reply
Jeff Walzer

‎Jan 21 2022 07:41 AM

‎Jan 21 2022 07:41 AM

Re: How to block IPs trying to hit Kay Vaults?

@Chandrasekhar_Arya - what if I have a key vault that is part of a resource group that has no VNET defined (just an RG with app services) so I can't select the 'Selected networks' option under the Firewalls and virtual networks blade to choose it's local VNET/subnet?

What network should I look to select for a scenario like this?

Thx
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Jeff Walzer (Iron Contributor)
Chandrasekhar_Arya

‎Oct 20 2021 05:48 PM

‎Oct 20 2021 05:48 PM

Solution

Re: How to block IPs trying to hit Kay Vaults?

Have you enabled firewall for key vault it's not enabled by default
Ref the below article https://docs.microsoft.com/en-us/azure/key-vault/general/network-security

View solution in original post

1 Like
Reply