Issue
Which data sources are collected with the MDR for Azure integration?
Resolution
Azure integrations can be configured by customers at the Management Group or Subscription level within an Azure tenant.
The following data sources are collected with this integration via Log Analytics Workspace:
- Azure Activity Logs
- Entra ID Audit & Signin Logs
- KeyVault Diagnostics Logs
- Storage Logs
- Defender for Cloud alerts (currently existing)
Why it matters:
- We tie directly into your Azure Audit logs to monitor suspicious login attempts as well as user behavior and activity to identify threats.
- We ingest alert data from Microsoft Defender for Cloud to identify and spot vulnerabilities and risks due to misconfigurations. We then correlate that data with the activity and behavioral data to provide additional context and determine what is likely an accident and what is a sign of something malicious indicating a possible threat.
Comments
0 comments
Please sign in to leave a comment.