| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts | ||
| Id | 4c090801-59bc-4454-bb33-e0455133486a | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1114 / Microsoft Managed Control 1114 Category: Audit and Accountability Title: Response To Audit Processing Failures | Real-Time Alerts Ownership: Customer, Microsoft Description: The information system provides an alert in real time to appropriate service team personnel, security engineering teams when the following audit failure events occur: events defined by each service team such as hardware, software failures, nearing storage capacity. Requirements: The Geneva Monitoring Agent (MA) is responsible for capturing log events and storing them in storage accounts specific to each service team. Incident Management (IcM) is an automated mechanism for scanning log storage and raising alerts when specific predefined criteria is met. IcM generates email notifications and creates a corresponding IcM ticket for action. IcM actively monitors Azure based on the filters and the thresholds identified within the rules defined by the Azure Security team and respective service teams. Key alerts include, but are not limited to, if AzSecPack is not installed, if audit data is not being received, and if the data decreases by a specific percentage, indicating an audit logging failure somewhere in the log pipeline. All alerts follow the incident management procedures, which include analysis to determine whether further action is necessary by either the service team or Security Response Team. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|