Azure Events
Azure Security Events
Section titled “Azure Security Events”Microsoft Azure specific security events, detections, and incident response procedures. These events are typically sourced from Azure Activity Logs, Azure AD Sign-in Logs, Azure Security Center, and other Azure native logging services.
Common Azure Attack Patterns
Section titled “Common Azure Attack Patterns”- Azure AD Compromise: Unauthorized authentication or privilege escalation
- Resource Group Manipulation: Unauthorized resource creation or modification
- Storage Account Exposure: Blob storage misconfigurations or data access
- Virtual Machine Compromise: Unauthorized VM access or lateral movement
- Azure Function Abuse: Serverless function exploitation for persistence
Azure-Specific Log Sources
Section titled “Azure-Specific Log Sources”- Azure Activity Log: Resource management operations
- Azure AD Sign-in Logs: Authentication and authorization events
- Azure Security Center: Security alerts and recommendations
- Azure Monitor: Application and infrastructure telemetry
- Azure Sentinel: SIEM and threat detection
Events Related to Azure
Section titled “Events Related to Azure”No events found for this cloud provider.