Control: Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
The recommendations provided in this section are intended to provide entry-level alerting for crucial activities on a tenant account. These recommended activities should be tuned to your needs. By default, each of these Activity Log Alerts tends to guide the reader to alerting at the "Subscription-wide" level which will capture and alert on rules triggered by all resources and resource groups contained within a subscription. This is not an ideal rule set for Alerting within larger and more complex organizations. While this section provides recommendations for the creation of Activity Log Alerts specifically, Microsoft Azure supports four different types of alerts: - Metric Alerts - Log Alerts - Activity Log Alerts - Smart Detection Alerts
All Azure services (Microsoft provided or otherwise) that can generate alerts are assigned a "Resource provider namespace" when they are registered in an Azure tenant. The recommendations in this section are in no way exhaustive of the plethora of available "Providers" or "Resource Types." The Resource Providers that are registered in your Azure Tenant can be located in your Subscription. Each registered Provider in your environment may have available "Conditions" to raise alerts via Activity Log Alerts. These providers should be considered for inclusion in Activity Log Alert rules of your own making. To view the registered resource providers in your Subscription(s), use this guide: - https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types
If you wish to create custom alerting rules for Activity Log Alerts or other alert types, please refer to Microsoft documentation: - https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule
Primary Policies
The following policies can be used to configure this control:
- 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
- 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
- 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
- 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
- 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
- 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
- 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
- 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
- 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
- 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
- 5.02 - Monitoring using Activity Log Alerts
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv2-0#/control/types/s0502
- tmod:@turbot/cis#/control/categories/cis
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/s0502"
Get Controls