Scribd Logo
Upload

Welcome to Scribd!

  • Log collection and analysis with Microsoft Azure

    Uploaded by

    Alan Guilherme
    55 views1 page

    Original Title

    microsoft-azure-map

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views1 page

    Log collection and analysis with Microsoft Azure

    Uploaded by

    Alan Guilherme

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Log collection supported with Logstash

    Activity logs

    Active Directory audit logs

    Active Directory sign-ins logs

    Azure Active Directory Domain Services (AADDS)

    Cloud security posture management (CSPM)

    Microsoft Defender for Cloud (ex


    Event Hub Cloud workload protection (CWP)
    Azure Security Center / ASC)

    Source: https://docs.microsoft.com/en-us/azure/
    security-center/defender-for-cloud-introduction

    Defender for Endpoint (ex Defender ATP / MDATP)

    Defender for Office 365 Exchange Online Protection EOP)

    Defender for Identity (ex Azure Advanced


    Threat Protection / Azure ATP)
    Microsoft 365 Defender

    Defender for Cloud Apps (ex Microsoft


    Cloud App Security / MCAS)

    Source: https://docs.microsoft.com/en-us/microsoft-
    365/security/defender/microsoft-365-defender

    Microsoft Azure
    Log analytics Used for storage by Microsoft Sentinel (SIEM)

    Author: mdecrevoisier
    Date: 2021.12.01
    Office 365 Service Communications API

    Azure Sentinel Management API

    Microsoft Defender for Endpoint API

    Microsoft Defender 365 Streaming API


    (forward to Event Hub or Azure Storage)

    Microsoft Graph API

    Log collection supported with Filebeat


    API
    Azure Active Directory

    Admin

    Exchange Mailbox

    Quarantaine

    SharePoint (includes OneDrive)

    Security & Compliance Center Alerts


    Security and Compliance
    Office 365 Management Activity API
    Office 365 alerts from Cloud App Security

    Defender for Office 365 alerts


    Defender for Office 365
    General Threat Investigation and Response events

    Office 365 automated investigation and


    response (AIR)

    [others]

    Data Loss Protection (DLP)

    You might also like