One of the most common questions I encounter is, "Where do the Azure logs go?" Surprisingly, the responses vary from "I have no clue" to "I think we get some of the alerts in the SIEM." This ambiguity highlights a crucial gap in many organizations' understanding of their Azure environment's logging infrastructure Effective log collection is the cornerstone of robust cloud security and compliance practices. Without clear visibility into your Azure logs and a well-defined strategy for collecting and analyzing them, you could be leaving your organization vulnerable to threats and compliance violations. To address this challenge, it's essential to establish clear log collection tiers and standards across your Azure tenant. These tiers define the types of logs to collect, their significance, and the level of detail required for each.
I would highly recommend creating useful analytics queries and hunting rules that actually use your logs so your SOC can alert. And lastly I think threat modeling on custom apps and ingesting those logs is equally important to ingest as tier 2. The latter requires some more effort and understanding of the actual apps though
0 Comments
Leave a Reply. |
Author
Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker.
Al Rousan has over 8 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products. Top 10 Microsoft Azure Blogs
Archives
September 2023
Categories
All
|