Revised documentation to reflect Azure Defender log collection change
This commit is contained in:
Jimmy Fitzsimmons
Родитель
ec4d254add
Коммит
e866687576
|
|
@ -51,7 +51,7 @@ Identifier | Description | Measures
|
|||
1501 | Operating systems for workstations, servers and ICT equipment that are no longer supported by vendors with patches or updates for security vulnerabilities are updated or replaced with vendor-supported versions. | Windows All<br>Azure Monitor Workbook surfaces a summary report of all VM instances and the OS version they use.
|
||||
1405 | A centralised logging facility is implemented and systems are configured to save event logs to the centralised logging facility as soon as possible after each event occurs. | Deployed virtual machines send logs to Azure Monitor Logs workspace.
|
||||
0584 | For any system requiring authentication, logon, failed logon and logoff events are logged. | Windows All<br>1. Azure Image Builder customisation enables advanced audit logging with Logon subcategory.<br>2. Azure Monitor Logs is configured to collect all security logs.
|
||||
0582 | The following events are logged for operating systems:<br>• access to important data and processes<br>• application crashes and any error messages<br>• attempts to use special privileges<br>• changes to accounts<br>• changes to security policy<br>• changes to system configurations<br>• Domain Name System (DNS) and Hypertext Transfer Protocol requests<br>• failed attempts to access data and system resources<br>• service failures and restarts<br>• system startup and shutdown<br>• transfer of data to and from external media<br>• user or group management<br>• use of special privileges. | Windows All<br>Azure Monitor Logs is configured to collect all security logs.
|
||||
0582 | The following events are logged for operating systems:<br>• access to important data and processes<br>• application crashes and any error messages<br>• attempts to use special privileges<br>• changes to accounts<br>• changes to security policy<br>• changes to system configurations<br>• Domain Name System (DNS) and Hypertext Transfer Protocol requests<br>• failed attempts to access data and system resources<br>• service failures and restarts<br>• system startup and shutdown<br>• transfer of data to and from external media<br>• user or group management<br>• use of special privileges. | Windows All<br>Azure Defender is configured to collect Common security logs.<br><br>_Note: Setting Azure Defender to "Common" may not all Events IDs necessary to identify the events described in the guideline. Consider Azure Defender event collection setting and adding additional Azure Monitor Data Collection Rules as necessary._
|
||||
0521 | IPv6 functionality is disabled in dual-stack network devices and ICT equipment unless it is being used. | Windows All<br>Azure Monitor Workbook surfaces all Windows systems which are attached to IPv4-only virtual networks, but do not have IPv6 disabled.
|
||||
1428 | Unless explicitly required, IPv6 tunnelling is disabled on all network devices and ICT equipment. | Windows All<br>1. Azure Monitor Logs Change Tracking solution is enabled. Change tracking is enabled for HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters. Azure Monitor Workbook surfaces Windows systems without IPv6 tunnel protocols disabled.
|
||||
1311 | SNMP version 1 and 2 are not used on networks. | Windows All<br>Azure Image Builder customisation disables the snmptrap service.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче