SOLVED

How to block IPs trying to hit Key Vaults?

Contributor

I have an alert - Mass secret retrieval from Azure Key Vault - for an external IP that is trying to access out key vaults over and over. When I check the Azure Key Vault Security workbook and look under the 'Analytics over Key Vault events' tab and then go to Event Analysis > Failed events > Activity by Caller IP, I see this IP at the top of the list basically launching continuous key vault requests.

 

How do I go about blocking this IP?

 

Thx

2 Replies
best response confirmed by Jeff Walzer (Contributor)
Solution
Have you enabled firewall for key vault it's not enabled by default
Ref the below article https://docs.microsoft.com/en-us/azure/key-vault/general/network-security

@Chandrasekhar_Arya - Thx again for the reply and info as I needed to allow access only from selected networks

www.000webhost.com