| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis | ||
| Id | 845f6359-b764-4b40-b579-657aefe23c44 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1119 / Microsoft Managed Control 1119 Category: Audit and Accountability Title: Audit Review, Analysis, And Reporting | Central Review And Analysis Ownership: Customer, Microsoft Description: The information system provides the capability to centrally review and analyze audit records from multiple components within the system. Requirements: Due to the size and complexity of the Azure environment, Azure utilizes log event forwarding tools to record events across all Azure assets and utilizes monitoring tools to automatically correlate and analyze the events gathered by each logging tool. Log reviews cannot be conducted manually in the Azure environment due to the high volume of events. Instead, Azure implements automated methods to perform review, analysis, and reporting of logs. Azure implements tooling such as Azure Security Monitoring (ASM) and SCUBA to directly alert the appropriate personnel of security-relevant events in a variety of ways, including Service 360 (S360) notifications, Incident Management (IcM) tickets, and work items. These tools utilize audit policies and detections that report events to the Microsoft Operations Center (MOC), Security Response Team, and service teams as appropriate. The policies are tuned to alert on events of immediate concern. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|