Azure Security Monitoring

Monitoring Azure logs for security reasons is crucial to maintaining the integrity and security of your Azure environment. Azure logs contain a wealth of information about user activity, and system events, that can help identify and address potential security issues, and compliance violations.

By monitoring your Azure logs, we can detect and investigate potential security breaches and attacks, and identify patterns of behavior that may indicate a threat. In addition, many regulatory frameworks, such as PCI DSS, HIPAA, and GDPR, require organizations to maintain audit logs and regularly monitor them for security and compliance purposes. By monitoring your Azure logs, you can meet these regulatory requirements.

Our security analysts provide comprehensive Microsoft Azure monitoring capabilities through our cloud-native SIEM, giving real-time visibility into your Azure environment. We can detect and investigate security events, such as unauthorized access, failed logins, and suspicious network activity, allowing you to respond to potential security incidents quickly.

Azure SIEM Integration

Once you start your FoxTech SOC subscription, we’ll provide your dedicated SIEM collection URL.

To set this up in Azure:

1. First create an Azure Storage Account for storing the exported log files:

Resource Group: FoxTech-SOC-RG
Storage name: foxtechsoc

  • Standard performance
  • Region: UK South
  • Local redundant storage
 

2. Now set allowed access to Storage Account:

Add SOC IP Address:

  1. Goto Storage Account: foxtechsoc
  2. Security + networking > Networking
  3.  Firewall: Add customer-specific log collector IP to firewall
 

3. Export logs to storage account:

  1. Portal.azure.com
  2. Monitor > Activity Log > Export Activity Logs
  3. Select Subscription to monitor
  4. Add Diagnostics setting
    a. Set name to: “FoxTech-SOC”
    b. Select all categories
    c. Archive to a storage account
    d. Select the storage account created earlier: “foxtechsoc”
 

4. Enable Lifecycle management to purge old logs from the Storage Account

  1. Storage Account: foxtech-soc
  2. Add a rule:
  3. If blob was last modified more than 14 days ago, then Delete the blob
 

5. Collect the Storage Access Keys, and provide these to us to collect the logs.