| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration | ||
| Id | 7fbfe680-6dbb-4037-963c-a621c5635902 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1117 / Microsoft Managed Control 1117 Category: Audit and Accountability Title: Audit Review, Analysis, And Reporting | Process Integration Ownership: Customer, Microsoft Description: The organization employs automated mechanisms to integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. Requirements: Audit review, analysis, and reporting processes are automated using Geneva Monitoring, Azure Security Monitoring (ASM), SCUBA, and other tools. ASM and SCUBA analyze event distribution to identify spikes in event traffic and aggregate analysis such as anomaly detection, filtering and whitelisting rules, specific event alert triggers, and more. ASM can generate summary reports using predefined queries. Geneva Monitoring applies correlation logic and intelligence to the audit log events. All detection systems can generate alerts automatically. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|