As great as it would be to live in a world where security monitoring is a matter of flipping a big switch that says “SECURITY” in bold letters ... we definitely don’t live in that world. Because when it comes to any cloud provider, including Azure, getting the right signal to security analysts isn’t as cut and dry as you’d hope.
But that doesn’t mean it’s impossible, either.
You just have to understand which sources of security signal to enable and how to make use of them in a way that empowers your SOC analysts to make quick, sound decisions.
That’s exactly where we’re hoping we can help.
We know that sorting through Azure’s hundreds of services (and the alerts and logs associated with them) is no easy feat, especially if you’re still getting to know the platform.
After reading this guide, you’ll have a better understanding of:
- The available sources of logging and alert data in Azure;
- How (and why and when) to use those logs;
- Other types of logging you’ll need to pair with those security signals to set your analysts up for success; and
- A few of the lessons we’ve learned setting up Azure security signal (Hint: You can use these to inform and tweak your own security monitoring activities!).