Policy: Azure > CIS v3.0 > 06 - Logging & Monitoring > 06.02 - Monitoring using Activity Log Alerts

The recommendations provided in this section are intended to provide entry-level alerting for crucial activities on a tenant account. These recommended activities should be tuned to your needs. By default, each of these Activity Log Alerts tends to guide the reader to alerting at the "Subscription-wide" level which will capture and alert on rules triggered by all resources and resource groups contained within a subscription. This is not an ideal rule set for Alerting within larger and more complex organizations. While this section provides recommendations for the creation of Activity Log Alerts specifically, Microsoft Azure supports four different types of alerts: - Metric Alerts - Log Alerts - Activity Log Alerts - Smart Detection Alerts

All Azure services (Microsoft provided or otherwise) that can generate alerts are assigned a "Resource provider namespace" when they are registered in an Azure tenant. The recommendations in this section are in no way exhaustive of the plethora of available "Providers" or "Resource Types." The Resource Providers that are registered in your Azure Tenant can be located in your Subscription. Each registered Provider in your environment may have available "Conditions" to raise alerts via Activity Log Alerts. These providers should be considered for inclusion in Activity Log Alert rules of your own making. To view the registered resource providers in your Subscription(s), use this guide: - https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types

If you wish to create custom alerting rules for Activity Log Alerts or other alert types, please refer to Microsoft documentation: - https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule