DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Edited on

2 1

Create a logging and monitoring baseline

Logging and monitoring are a critical requirement when trying to identify, detect, and mitigate security threats. Having a proper logging policy can ensure you can determine when a security violation has occurred, but also potentially identify the culprit responsible. Azure Activity logs provide data about both external access to a resources and diagnostic logs, which provide information about the operation of that specific resource.

Ensure that a log profile exists

The Azure Activity Log provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. The Activity Log was previously known as Audit Logs or Operational Logs, since the Administrative category reports control-plane events for your subscriptions. There is a single Activity Log for each Azure subscription. It provides data about the operations on a resource from the outside. Diagnostic Logs are emitted by a resource and provide information about the operation of that resource. You must enable diagnostic settings for each resource.

  1. In the Azure Portal go to Monitor, then select Activity log.
  2. Click on Export to Event Hub.
  3. Configure the following settings then click Save.
    • Region: EastUS
    • Select: Export to Storage Account
    • Storage Account: Select your storage account and click OK
    • Retention: 90 days
  4. Select Save. Alt Text

Change activity log retention is set to 365 days or more

Setting the Retention (days) to 0 retains the data forever.

  1. Follow the steps listed above. Adjust the Retention days slider bar.

Create an activity log alert for "Creating, updating, or deleting a Network Security Group"

By default, no monitoring alerts are created when NSGs are created/updated/deleted. Changing or deleting a security group can allow internal resources to be accessed from improper sources, or for unexpected outbound network traffic.

  1. In to the Azure portal go to Monitor, then select Alerts.
  2. Select + New alert rule.
  3. In the Resource section click Select.
  4. Select your subscription and click Done.
  5. In the Condition section click Add.
  6. Search for Create or Update Network Security Group and select it.
  7. On the Configure signal logic blade, in the Event initiated by enter any and click Done. Alt Text
  8. In the Actions section click Create action group.
  9. On the Add action group blade enter the following details:
    • Action group name: NSG Alert
    • Short name: NSGAlert
    • Action Name: NSG Alert
    • Action type: Email/SMS/Push/Voice
  10. On the Email/SMS/Push/Voice blade check the email box and enter your email address and click OK. Alt Text
  11. On the Add action group blade click OK. Alt Text
  12. On the Create rule blade, in the Alert Details section enter the following details:
    • Alert rule name: NSG Alert
    • Save to resource group: myResourceGroup Alt Text
  13. Click Create alert rule

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay