Microsoft implements this System and Information Integrity control
Name/Id: ACF1702 / Microsoft Managed Control 1702 Category: System and Information Integrity Title: Information System Monitoring | Indicators Of Compromise Ownership: Customer, Microsoft Description: The information system discovers, collects, distributes, and uses indicators of compromise. Requirements: The Microsoft Threat Intelligence Center (MSTIC) collects and uses indicators of compromise from US-CERT, industry partners, and other external sources. Indicators of compromise are also discovered from audit logs. These indicators of compromise are distributed to Azure Security personnel and are used to improve the Security Logging and Monitoring (SLAM) analysis process.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups