Source | Azure Portal | ||
Display name | Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting | ||
Id | 4cca950f-c3b7-492a-8e8f-ea39663c14f9 | ||
Version | 1.0.0 Details on versioning |
||
Category | Regulatory Compliance Microsoft Learn |
||
Description | Microsoft implements this Incident Response control | ||
Additional metadata |
Name/Id: ACF1373 / Microsoft Managed Control 1373 Category: Incident Response Title: Incident Reporting | Automated Reporting Ownership: Customer, Microsoft Description: The organization employs automated mechanisms to assist in the reporting of security incidents. Requirements: Azure automates incident reporting through use of Incident Management (IcM) connectors which trigger the creation of an incident via detection logic. Azure Security Monitoring (ASM) and SCUBA are the primary automated monitoring systems for security event reporting used within Azure. Any alerts or detections fired by ASM or SCUBA notify either the service team which owns the asset or the Security Response Team, depending on what is most appropriate, via IcM. |
||
Mode | Indexed | ||
Type | Static | ||
Preview | False | ||
Deprecated | False | ||
Effect | Fixed audit |
||
RBAC role(s) | none | ||
Rule aliases | none | ||
Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
Compliance | Not a Compliance control | ||
Initiatives usage | none | ||
History | none | ||
JSON compare | n/a | ||
JSON |
|