Our next-gen architecture is built to help you make sense of your ever-growing data.

Watch a 4-min demo video!

Quick Start Security for Azure Audit

thank you

Thank you!

We got your information.

Azure Audit
Azure Audit icon

Coralogix Extension For Azure Audit Includes:

Alerts - 8

Stay on top of Azure Audit key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Managed Cluster Agent Pool Configuration Audit Trail

The Managed Cluster Agent Pool Configuration Audit Trail are a crucial component of container orchestrators, such as Kubernetes, and managing their configuration is vital for optimizing performance, ensuring scalability, and maintaining the security of containerized applications. Impact The implementation of a Managed Cluster Agent Pool Configuration Audit Trail has various positive impacts on an organization's containerized environment, operations, and security Mitigation Mitigating security threats on a Managed Cluster Agent Pool Configuration Audit Trail involves implementing measures to protect the audit trail data, prevent unauthorized access, and respond effectively to potential threats. Here are steps to mitigate security threats on the audit trail: Encryption and secure storage Access control Audit trail integrity check MITRE Tactic: TA0005 MITRE Technique: T1497

Container Service Managed Cluster List Credential

The "Container Service Managed Cluster List Credential" use case involves the establishment of an audit log to track and record activities related to listing administrative credentials for a managed cluster within a container service, such as Azure Kubernetes Service (AKS) or a similar platform. Impact The impact of implementing a Container Service Managed Cluster List Credential Audit has several implications for the security, compliance, and operational aspects of managing containerized environments. Mitigating security threats on a Container Service Managed Cluster List Credential involves implementing measures to protect the audit trail data, prevent unauthorized access, and respond effectively to potential threats. Here are steps to mitigate security threats on the audit trail: Encryption and secure storage Access control Audit trail integrity check Mitre tactic : T1082 Mitre technique: T1562

Application URI Configuration Changes

Detects when a configuration change is made to an applications URI. URIs for domain names that no longer exist (dangling URIs), not using HTTPS, wildcards at the end of the domain, URIs that are no unique to that app, or URIs that point to domains you do not control should be investigated. Impact An adversary may perform configuration changes to impact users affect the usual operations in their target's environment. Mitigation Verify whether the Application identity, and/or hostname should be making changes in your environment. Access of Application by unfamiliar users or hosts should be investigated. MITRE Tactic: TA0005 MITRE Technique: T1087

App Granted Privileged Delegated Or App Permissions

Detects when administrator grants either application permissions (app roles) or highly privileged delegated permissions Impact If Wrong permission was provided against RBAC Policy can lead to Data misconfiguration . Mitigation Validate that the action was approved, investigate further and revert changes if not. MITRE Tactic: TA0005 MITRE Technique: T1562

Azure diagnostic setting deleted or disabled

Trigger for deletion of diagnostic settings, potentially disrupting centralized logging and metrics in Azure. Impact Disrupt centralized logging and metrics in Azure. Mitigation Check the diagnostic setting in and validate with the user to confirm the legitimacy of the removal. MITRE tactic : TA0005 MITRE technique : T1562

App Granted Microsoft Permissions

Detects when an application is granted delegated or app role permissions for Microsoft Graph, Exchange, Share point etc . Impact If Wrong permission was provided against RBAC Policy can lead to Data misconfiguration . Mitigation Validate that the action was approved, investigate further and revert changes if not. MITRE Tactic: TA0005 MITRE Technique: T1562

Added Credentials to Existing Application

Detects when a new credential is added to an existing application. Any additional credentials added outside of expected processes could be a malicious actor using those credentials. Impact Some potential impact can be Security and compliance risk , credential in transit and password exposure . Mitigation Validate that the action was approved, investigate further and revert changes if not. MITRE Tactic: TA0003 MITRE Technique: T1078

Users Added to Global or Device Admin Roles

Monitor and alert for users added to device admin roles. Impact An admin can perform many sensitive operations in the system, an adversary obtaining admin access is a worst-case scenario that should be avoided. Mitigation Validate that the action was approved, investigate further and revert changes if not. MITRE Tactic: TA0003 MITRE Technique: T1078

Integration

Learn more about Coralogix's out-of-the-box integration with Azure Audit in our documentation.

Read More
Schedule Demo