diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html
index 4d1352845..d39754fa7 100755
--- a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html
+++ b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html
@@ -10,6 +10,7 @@ Information
Public Traffic: {{convert_bool_to_enabled public_traffic_allowed }}
HTTPS Required: {{convert_bool_to_enabled https_traffic_enabled}}
Microsoft Trusted Services: {{convert_bool_to_enabled trusted_microsoft_services_enabled }}
+ Access Key Usage: {{convert_bool_to_enabled shared_key_access_allowed}}
Last Access Key Rotation:
{{#if access_keys_last_rotation_date }}
diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
index 83812511c..855c535df 100755
--- a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
+++ b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
@@ -45,6 +45,8 @@ def _parse_storage_account(self, raw_storage_account):
storage_account['trusted_microsoft_services_enabled'] = \
self._is_trusted_microsoft_services_enabled(raw_storage_account)
storage_account['bypass'] = raw_storage_account.network_rule_set.bypass
+ # The default value (null) is equivalent to True
+ storage_account['shared_key_access_allowed'] = raw_storage_account.allow_shared_key_access != False
storage_account['access_keys_last_rotation_date'] = \
self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs)
storage_account['encryption_key_source'] = raw_storage_account.encryption.key_source
diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json
index da580f77e..c35755525 100755
--- a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json
+++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json
@@ -21,18 +21,26 @@
"dashboard_name": "Storage Accounts",
"path": "storageaccounts.subscriptions.id.storage_accounts.id",
"conditions": [
- "or",
+ "and",
[
- "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date",
- "equal",
- "None"
+ "storageaccounts.subscriptions.id.storage_accounts.id.shared_key_access_allowed",
+ "true",
+ ""
],
[
- "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date",
- "olderThan",
+ "or",
[
- "_ARG_0_",
- "days"
+ "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date",
+ "equal",
+ "None"
+ ],
+ [
+ "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date",
+ "olderThan",
+ [
+ "_ARG_0_",
+ "days"
+ ]
]
]
],
diff --git a/requirements.txt b/requirements.txt
index eb8c8cdda..c2041cd46 100755
--- a/requirements.txt
+++ b/requirements.txt
@@ -35,7 +35,7 @@ azure-identity==1.5.0
## for resources
azure-mgmt-resource==15.0.0
-azure-mgmt-storage==16.0.0
+azure-mgmt-storage==17.0.0
azure-mgmt-monitor==2.0.0
azure-mgmt-sql==1.0.0
azure-mgmt-security==1.0.0