Logging, Monitoring, and Threat Detection
Following best practices is not enough. The threat landscape changes every day and adversaries find new ways to gain access to our resources. Monitoring the safeguards we have put in place is vital to maintaining our security posture. In this chapter, we will see how to monitor our resources and see how effective our security measures are in preventing and detecting threats. We will learn how Azure Monitor works and how to configure logging, retention, and notifications. Finally, we will explore some features of Defender for Cloud and Microsoft Sentinel that can further help us protect our resources and mitigate threats even in real time.
In this chapter, we’re going to cover the following main topics:
- Enabling logging and configuring data retention for Azure services
- Securing resources with Microsoft Defender
- Exploring threat management with Sentinel
By the end of this chapter, we will be able to set up alerts...