Security operations · 1 MIN READ · PETER SILBERMAN, MATTHEW KRACHT AND MICHAEL BARCLAY · JAN 19, 2021 · TAGS: Cloud security / MDR / Tech tools
Anyone who performs detection and response in the cloud knows that figuring out how to get the right signal for analysts to efficiently do their job is … challenging.
Running workloads in Microsoft Azure is no exception.
But once you get your head around what signals you should turn on and how you can use that data, alert and log data available natively in Azure can be a powerful tool to help you keep attackers out of your environment.
Our guidebook will help you get started on building your Azure detection and response strategy, not to mention figure out the difference between the numerous sources of security signal in Azure.
Download our brand new Azure guidebook: Building a detection and response strategy, where we’ll talk about:
- The available sources of logging and alert data in Azure;
- How to categorize each Azure Defender Service and understand what they do;
- Fields that Expel found most useful in triaging anomalous alerts; and
- A few of the lessons we’ve learned setting up Azure security signal (Hint: You can use these to inform and tweak your own security monitoring activities!).
We’ll walk you through the types of signal and logging sources that are available in Azure, share guidance on what signal you should consider turning on so your analysts get the information they need (and aren’t bogged down with information they don’t need), along with some considerations we’ve identified as we built out our own Azure detection and response strategy.
We hope so!