Network misconfigurations

Azure virtual machine allows direct public Elasticsearch service access


Elasticsearch is using port numbers 9200 and 9300. Those ports are open on your virtual machine and allows all incoming traffic from the Internet. In order to keep security best practices and decrease the risk for malicious activities, you should restrict access to be only from allowed IP addresses.
  • Recommended Mitigation

    Configure networking rule to allow incoming Elasticsearch traffic from allowed IP addresses only.