I'm trying to figure out the best logs to enable when managing Azure resources in order to maintain strong security monitoring. Are there any industry standards or frameworks that suggest specific logs I should turn on?
3 Answers
Check out the Azure landing zones repository on GitHub. It outlines a solid structure for applying policies cleanly. Follow their architecture and recommendations since they’re based on industry standards. You’ll find useful insights into what logs to enable for different contexts.
The types of logs you need depend on your specific team's requirements, like those from your SOC or SIEM. Generally, make sure to enable Entra and Activity Logs at the very least. For specific resources, it’s best to configure logging via policy. Key Vault and Storage Accounts should definitely be prioritized, but keep an eye on transaction logs since they can get really big.
It's a good idea to enforce logging through policies. Azure offers some built-in options to automatically send diagnostic and audit logs to a log analytics workspace, which can help streamline the process.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures