Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Azure Monitor

Azure Monitor
Azure Monitor icon

Out-of-the-Box Security For Azure Monitor Includes:

Alerts - 7

Stay on top of Azure Monitor key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

No Logs From Azure Monitor

This rule detects if there are no logs in the last 12 hours for Azure monitor in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

An Alarm Has Been Disabled

Azure Monitor alarms are designed to inform the user of any anomalous activity as defined by the user. It could encompass different Azure services and alert on any measurable metric offered by Azure monitor. Impact Disabling of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the user from receiving alerts. Mitigation Verify that disabling the alert was intentional and authorized and investigate further if not. Take note of the disabling of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

An Alarm Has Been Deleted

Azure Monitor alarms are designed to inform the user of any anomalous activity as defined by the user. It could encompass different Azure services and alert on any measurable metric offered by Azure monitor Impact Unauthorized deletion of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the user from receiving alerts. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

A Log Group Has Been Deleted

A log group is a group of log streams that share the same retention, monitoring, and access control settings. A deletion of a log group should be validated. Impact A deletion of a log group can be an attacker evasion technique to hide malicious actions he has committed. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple log groups. MITRE Tactic: TA0005 MITRE Technique: T1562

A Rule Has Been Disabled

When a rule is disabled in Azure Monitor, it means that the rule is no longer actively monitoring or triggering alerts based on the specified conditions. Impact Disabling of an alarm can be an attacker evasion technique to hide his malicious activities by preventing the system from triggering required actions on different services. Mitigation Verify that disabling the alert was intentional and authorized and investigate further if not. Take note of the disabling of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

A Rule Has Been Deleted

Azure Monitor is a comprehensive monitoring solution provided by Microsoft Azure for gaining insights into the performance and health of your applications, infrastructure, and networks across both on-premises and cloud environments. It offers a unified platform for monitoring Azure resources, applications, and workloads, enabling you to proactively identify and resolve issues to maintain optimal performance and reliability. Impact Unauthorized deletion of a rule can be an attacker evasion technique to hide his malicious activities by preventing the system from triggering required actions on different services. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple alarms altogether. MITRE Tactic: TA0005 MITRE Technique: T1562

A Log Stream Has Been Deleted

A log stream is a sequence of log events that share the same source. A deletion of a log stream should be validated. Impact A deletion of a log stream can be an attacker evasion technique to hide malicious actions he has committed. Mitigation Verify that the deletion was intentional and authorized and investigate further if not. Take note of deletion of multiple log streams. MITRE Tactic: TA0005 MITRE Technique: T1562

Documentation

Learn more about Coralogix's out-of-the-box integration with Azure Monitor in our documentation.

Read More
Schedule Demo