Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:security_operations_management [2022/06/27 18:07] – mmuze | azure:az-500:security_operations_management [2022/07/23 00:37] (current) – [Microsoft Defender for Cloud] mmuze | ||
|---|---|---|---|
| Line 22: | Line 22: | ||
| - | ====== Azure Monitor ====== | + | ====== Azure Monitor/ |
| **Azure Monitor** is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments. | **Azure Monitor** is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments. | ||
| + | |||
| + | * [[https:// | ||
| * By default the Activity Log keeps logs for 90 days. | * By default the Activity Log keeps logs for 90 days. | ||
| Line 44: | Line 46: | ||
| > These logs differ from the activity log. The **activity log** provides insight into the operations, such as creating a VM or deleting a logic app, that Azure Resource Manager performed on resources in your subscription using. The activity log is a subscription-level log. Resource-level **diagnostic logs** provide insight into operations that were performed within that resource itself, such as getting a secret from a key vault. | > These logs differ from the activity log. The **activity log** provides insight into the operations, such as creating a VM or deleting a logic app, that Azure Resource Manager performed on resources in your subscription using. The activity log is a subscription-level log. Resource-level **diagnostic logs** provide insight into operations that were performed within that resource itself, such as getting a secret from a key vault. | ||
| - | * activity logs represent events on the control plane | + | * activity logs represent events on the control/ |
| * diagnostic logs represent events on the data plane | * diagnostic logs represent events on the data plane | ||
| * // | * // | ||
| + | |||
| + | |||
| + | * Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you create a [[https:// | ||
| ====== Microsoft Defender for Cloud ====== | ====== Microsoft Defender for Cloud ====== | ||
| > Microsoft Defender for Cloud is your central location for setting and monitoring your organizations security posture. | > Microsoft Defender for Cloud is your central location for setting and monitoring your organizations security posture. | ||
| Line 61: | Line 66: | ||
| * The free tier does not include monitoring non-Azure resources; this requires the Enhance tier of the service. | * The free tier does not include monitoring non-Azure resources; this requires the Enhance tier of the service. | ||
| * **Example: | * **Example: | ||
| + | * **Azure Policy** provides most of the data Defender for Cloud uses | ||
| + | * A **Log Analytics Workspace** is used just for data coming from virtual machines | ||
| + | ===== Defender for Servers ===== | ||
| + | > Microsoft Defender for Servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they' | ||
| + | * [[https:// | ||
| + | * Alerts and vulnerability data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud | ||
| + | * There are two tiers Plan 1 and Plan 2. | ||
| + | * Defender for Servers also has features for just-in-time VM access, file integrity monitoring, ... | ||
| + | * For just-in-time VM access, JIT does not support VMs protected by Azure Firewalls controlled by Azure Firewall Manager. The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies. | ||
| ====== Security Center ====== | ====== Security Center ====== | ||