Overview
Azure logs provide unique and crucial visibility into the activities and resources in an organization's Azure environment.
As Cloud environments are vastly different from regular on-prem environments, many classic security products and auditing and logging mechanisms do not exist anymore in the Cloud environment as they were, which makes the multiple logging mechanisms of Azure all the more important for defending an organization's Azure environment.
Supported data types
Hunters supports integration with the following data types from Azure logs:
- Azure Activity Logs - Azure Activity Logs provide a record of management events for resources in an Azure subscription, including information about operations such as creating, updating, and deleting resources.
- Azure Audit - Azure Audit logs and tracks all operations performed on Azure resources, making this data available for auditing and compliance purposes.
- Azure Signin Logs - Azure Sign-In Logs are logs that provide information about authentication events in Azure Entra ID, including the date and time, user identity, status, and client used, and can be used for monitoring and compliance purposes.
- Azure NSG Flow Logs - Azure NSG Flow Logs are logs that provide information about network traffic to and from resources in an Azure virtual network and can be used for security, troubleshooting, and compliance purposes.
- Microsoft Purview Logs - Microsoft Purview logs provide detailed records of activities related to data governance and compliance across an organization's data estate.
- Azure Kubernetes Service Logs - Azure Kubernetes Service (AKS) is a managed container orchestration service provided by Microsoft Azure that simplifies the deployment, management, and operations of Kubernetes.
- Azure Application Gateway Firewall Logs - Azure Application Gateway Firewall is a web application firewall (WAF) that provides centralized protection for your web applications from common threats and vulnerabilities.