Login
      Contents x
      Microsoft Azure Ingest Details
      • 23 Aug 2024
      • 1 Minute to read
      • PDF
      Contents

      Microsoft Azure Ingest Details

      • Updated on 23 Aug 2024
      • 1 Minute to read
      • PDF
      Article summary

      Red Canary ingests Azure Activity Logs and Defender for Cloud Alerts from Azure environments. Additionally, Red Canary integrates with Azure to scan the environment regularly to discover new subscriptions and resources.

      Red Canary collects three different types of logs from Azure:

      • Azure Entra ID Logs are collected for the entire tenant and your subscriptions. These logs include:

        • ADFSSignInLogs

        • AuditLogs

        • ManagedIdentitySignInLogs

        • NonInteractiveUserSignInLogs

        • ServicePrincipalRiskEvents

        • ServicePrincipalSignInLogs

        • SignInLogs

        • UserRiskEvents

      • Azure Activity Logs are management and control plane data collected at the subscription level. These logs include:

        • AzureActivity

      • Azure Resource Logs are logs generated by activity on a specific resource collected at the subscription level. These logs include:

        • StorageLogs

        • KeyVaultActivityLogs

      In addition, Red Canary collects Azure Defender for Cloud Alerts. When Defender for Cloud is enabled on a subscription, each Azure subscription produces its own Defender for Cloud Alerts. Red Canary then collects the Defender for Cloud alerts across an Azure environment and associates those alerts with the source subscription.

      For more information on how data is transferred from an Azure environment to Red Canary, see How Microsoft Azure Works with Red Canary.

      Finally, Red Canary integrates with Azure to scan your environment regularly to discover new subscriptions and resources. This integration is established via access policy and enables Red Canary to read your Azure environment. This policy does not allow write access. The policies used can be found in this publicly hosted Bicep file used during integration onboarding.

      Note: You may experience a potential increase in Azure costs depending on the volume of new logs exported to your Log Analytics workspace as part of the MDR for Azure integration.

      • Affected Logs: Log Analytics Workspace, Log Analytics Data Export, Platform Logs (Storage Diagnostic Settings)

      • For more information, see Pricing - Azure Monitor

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout