services / Azure / Log Analytics workspace
An Azure Log Analytics workspace is the central data store and management resource for Azure Monitor logs, collecting and retaining telemetry/log data from agents, resources, and Microsoft Sentinel.
Monitoring/diagnostics asset; it concentrates security and operational telemetry, so tampering with or destroying it enables anti-forensic evasion, but it is scoped to a monitoring function rather than to primary production data or identity controls.
Microsoft.OperationalInsights/workspaces/regenerateSharedKey/action
Regenerates the specified shared key and returns the new key in the response (verified against the REST/SDK contract), so it both exfiltrates fresh credential material and invalidates the prior key, cutting off legitimate agents from ingesting data.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security