Oct 20 2021 10:57 AM - edited Oct 21 2021 03:48 AM
I have an alert - Mass secret retrieval from Azure Key Vault - for an external IP that is trying to access out key vaults over and over. When I check the Azure Key Vault Security workbook and look under the 'Analytics over Key Vault events' tab and then go to Event Analysis > Failed events > Activity by Caller IP, I see this IP at the top of the list basically launching continuous key vault requests.
How do I go about blocking this IP?
Thx
Oct 20 2021 05:48 PM
SolutionOct 21 2021 03:59 AM
@Chandrasekhar_Arya - Thx again for the reply and info as I needed to allow access only from selected networks
Jan 21 2022 07:41 AM
Oct 20 2021 05:48 PM
Solution