services / Azure / Log Analytics workspace shared keys
An Azure Log Analytics workspace is the central data store and management resource for Azure Monitor logs, collecting and retaining telemetry/log data from agents, resources, and Microsoft Sentinel.
Monitoring/diagnostics asset; it concentrates security and operational telemetry, so tampering with or destroying it enables anti-forensic evasion, but it is scoped to a monitoring function rather than to primary production data or identity controls.
Microsoft.OperationalInsights/workspaces/listKeys/read
Despite the /read suffix this returns the workspace shared keys (credential material), so it is cryptographic exfiltration; the keys let an attacker authenticate as an agent and inject or forge log data into the workspace (impact:manipulation).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security