Azure Monitor alarms are designed to inform the user of any anomalous activity as defined by the user. It could encompass different Azure services and alert on any measurable metric offered by Azure monitor. Impact Disabling of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the user from receiving alerts. Mitigation Verify that disabling the alert was intentional and authorized and investigate further if not. Take note of the disabling of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

Azure Monitor alarms are designed to inform the user of any anomalous activity as defined by the user. It could encompass different Azure services and alert on any measurable metric offered by Azure monitor Impact Unauthorized deletion of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the user from receiving alerts. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

A log group is a group of log streams that share the same retention, monitoring, and access control settings. A deletion of a log group should be validated. Impact A deletion of a log group can be an attacker evasion technique to hide malicious actions he has committed. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple log groups. MITRE Tactic: TA0005 MITRE Technique: T1562

When a rule is disabled in Azure Monitor, it means that the rule is no longer actively monitoring or triggering alerts based on the specified conditions. Impact Disabling of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the system from triggering required actions on different services. Mitigation Verify that disabling the alert was intentional and authorized and investigate further if not. Take note of the disabling of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

Azure Monitor is a comprehensive monitoring solution provided by Microsoft Azure for gaining insights into the performance and health of your applications, infrastructure, and networks across both on-premises and cloud environments. It offers a unified platform for monitoring Azure resources, applications, and workloads, enabling you to proactively identify and resolve issues to maintain optimal performance and reliability. Impact Unauthorized deletion of a rule can be an attacker evasion technique to hide his malicious activities by preventing the system from triggering required actions on different services. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

A log stream is a sequence of log events that share the same source. A deletion of a log stream should be validated. Impact A deletion of a log stream can be an attacker evasion technique to hide malicious actions he has committed. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple log streams. MITRE Tactic: TA0005 MITRE Technique: T1562