| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts | ||
| Id | a450eba6-2efc-4a00-846a-5804a93c6b77 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1693 / Microsoft Managed Control 1693 Category: System and Information Integrity Title: Information System Monitoring | System-Generated Alerts Ownership: Customer, Microsoft Description: The information system alerts personnel defined in the Incident Response plan when the following indications of compromise or potential compromise occur: criteria defined in the Incident Response plan. Requirements: Due to the size and complexity of the Azure environment, Azure utilizes event forwarding and monitoring tools to record events across Azure and correlate the events gathered by each logging tool. Log review cannot be conducted manually in the Azure environment due to the high volume of events. Instead, Azure implements automated methods to perform review, analysis, and reporting of logs. Azure Security Monitoring (ASM) and Scuba are used to do direct alerting using Incident Management (IcM) tickets on security-relevant events. These tools utilize event audit policies and detections that report events to the Security Response Team and service teams as appropriate. Once processed, the Security Response Team reviews and analyzes alerts generated by the automated review of audit records in real time. Events that meet a pattern of a known attack methodology are delivered to the appropriate service teams via IcM or email. These teams review and analyze the activities detailed in the alerts in accordance with Troubleshooting Guides (TSGs) attached to the ticketed alert. The alerting system provides 24/7 response capability. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|