last sync: 2024-Mar-28 18:44:05 UTC

Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting | Regulatory Compliance - Incident Response

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting
Id 4cca950f-c3b7-492a-8e8f-ea39663c14f9
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Incident Response control
Additional metadata Name/Id: ACF1373 / Microsoft Managed Control 1373
Category: Incident Response
Title: Incident Reporting | Automated Reporting
Ownership: Customer, Microsoft
Description: The organization employs automated mechanisms to assist in the reporting of security incidents.
Requirements: Azure automates incident reporting through use of Incident Management (IcM) connectors which trigger the creation of an incident via detection logic. Azure Security Monitoring (ASM) and SCUBA are the primary automated monitoring systems for security event reporting used within Azure. Any alerts or detections fired by ASM or SCUBA notify either the service team which owns the asset or the Security Response Team, depending on what is most appropriate, via IcM.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC