-
Notifications
You must be signed in to change notification settings - Fork 0
Functions
functions is the serverless workload triage command for Azure Functions posture, hosting,
deployment, and identity cues.
Use it when you need to know which function apps deserve review before you start opening settings, code, or trigger detail.
- Which serverless workloads matter first?
- Which function apps combine reachability, identity, or sensitive runtime context in a way that matters now?
- Which function app should change what you inspect next?
azurefox functions --output tableFor saved structured output:
azurefox functions --output json| function app | hostname | runtime | identity | deployment | posture |
|---|---|---|---|---|---|
func-orders |
func-orders.azurewebsites.net |
`PYTHON | 3.11; functions=~4` | SystemAssigned, UserAssigned; user-assigned=1 |
storage=plain-text; kv-refs=1 |
- when serverless workloads may be more important than they first appear
- when you need to rank function apps before deeper config, dependency, or trigger review
- when managed identity, Key Vault-backed settings, or sensitive runtime context make one function app stand out
- visible workload reachability
- managed identity presence
azure_webjobs_storage_value_type=plain-text- Key Vault-backed settings and runtime or hosting cues that imply operational importance
Serverless apps can be easy to overlook while still holding meaningful access to data, storage, queues, or other Azure services.
A function app with a visible hostname, managed identity, or sensitive runtime context may become a
strong foothold or pivot even if it looks smaller than a VM or web app. functions helps you
surface those workloads early.
- visible workload reachability
- managed identity or other strong Azure adjacency
- runtime, hosting, storage, or deployment cues that suggest operational importance
- enough reason in the row to make the next follow-up obvious
- If you see
azure_webjobs_storage_value_type=plain-text, go next to Tokens-Credentials because it ranks that function as a direct credential surface rather than just a serverless workload. - If you see one or more Key Vault-backed settings, go next to Keyvault because it shows the secret store boundary behind that function configuration.
- If you see system- or user-assigned identities on the function app, go next to Managed-Identities because it shows whether the function is also an Azure token path.
- Prioritize function apps that combine reachability with Azure identity or secret-bearing configuration.
- Treat serverless workloads as first-class investigation targets, not hidden implementation detail.
- Use the storage, Key Vault, and identity cues to decide which supporting boundary to inspect next.
functions is a serverless workload triage command.
It should rank the function apps that most deserve follow-up first. It is not code retrieval, trigger-payload analysis, or deep runtime forensics.
- Home
- Getting Started
- Platform Notes
- Running Against The Proof Lab
- Understanding Output
- Command Guides
Core
Identity
Config
Secrets
Storage
Resource
Compute
Investigations
- Axios - Post Exposure Azure Triage
- FAQ / Known Limits (coming soon)