| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1111 - Response To Audit Processing Failures | ||
| Id | 21de687c-f15e-4e51-bf8d-f35c8619965b | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1111 / Microsoft Managed Control 1111 Category: Audit and Accountability Title: Response to Audit Processing Failures - Alerts Ownership: Customer, Microsoft Description: The information system: Alerts Service Engineer Operations personnel, Microsoft Azure Security if confirmed in the event of an audit processing failure; and Requirements: The Geneva Monitoring Agent (MA) is responsible for capturing log events and storing them in storage accounts specific to each service team. Incident Management (IcM) is an automated mechanism for scanning log storage and raising alerts when specific predefined criteria is met. IcM generates email notifications and creates a corresponding IcM ticket for action. IcM actively monitors Azure based on the filters and the thresholds identified within the rules defined by the Azure Security team and respective service teams. Key alerts include, but are not limited to, if AzSecPack is not installed, if audit data is not being received, and if the data decreases by a specific percentage, indicating an audit logging failure somewhere in the log pipeline. All alerts follow the incident management procedures, which include analysis to determine whether further action is necessary by either the service team or Security Response Team. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|