Azure Cloud Security Monitoring Tools:
Security monitoring involves the following native Azure tools and third party tools to monitor the security threats in cloud infrastructure and in software on device.
- Azure Security Center
- Azure Sentinel
- Azure Monitor
- Splunk
1. Azure Security Center
Azure Security Center is a unified security-management platform that provides Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP). Azure Security Center provides default security alerts with different severity for various Azure resources. This service receives necessary logs through Azure Defender for resources i.e. Azure Defender for Servers, SQL Servers, Storage, Kubernetes, Container registries, Key vaults, Resource Manager and DNS.
2. Azure Sentinel
Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. It receives necessary logs by integrating with individual services. i.e. Virtual Machines logs are received through MMA and for resources like Key Vaults, Kubernetes, Firewall, Storage, Database, logs are received through Sentinel data connectors. It also receives Security Center logs through Sentinel Connector to Defender and through Log Analytics. Azure Sentinel provides default azure workbook to assess the threats based on the logs received.
3. Azure Monitor
Azure Monitor service collects logs and metrics from various Azure resources. It receives logs through Microsoft Monitoring Agent (MMA) for Virtual Machines. Each Azure resource has a diagnostic setting which has the capability to send logs to Log Analytics Workspace.
4. Splunk
Splunk is a log management tool which provides tools and capabilities for Security Operations Center (SOC). This log management tool receives necessary events through Security Center, Sentinel and Azure Monitor for monitoring software and infrastructure.