Native Integrations

Azure monitoring with ManageEngine Log360

Overview

Microsoft Azure is the foundation for many modern cloud infrastructures, housing critical applications, data, and user identities. ManageEngine Log360, a unified SIEM solution, integrates seamlessly with Azure to centralize, correlate, and analyze log data. This integration empowers security teams with visibility, compliance-ready reporting, and proactive threat detection, all within a unified console, ensuring the security and integrity of your Azure cloud.

How Log360 collects and analyzes Azure logs

Log360 collects Azure logs by leveraging Azure Monitor's robust capabilities. It connects to your Azure subscriptions securely, pulling audit logs that are essential for comprehensive security monitoring.

  • Azure activity logs: These logs capture control plane events, such as resource creation, updates, and deletions. Log360 subscribes to these logs to track administrative operations and significant changes.
  • Microsoft Entra ID sign-in logs: Log360 also collects sign-in attempts, providing information on successful and failed logins, user identities, client IPs, and device details.

Once ingested, Log360 intelligently parses these logs using its extensive knowledge of Azure log formats. The events are then normalized and indexed, making them highly searchable and ready for efficient correlation. Key metadata, such as resource IDs, user principal names, IP addresses, operation names, and event statuses, is extracted and mapped to Log360's security event taxonomy, enabling both granular investigation and high-level threat correlation.

Monitoring and analytics capabilities

With Azure logs onboarded, Log360 provides layered monitoring and analytics through:

  • Azure event overviews: Aggregate and monitor all Azure-generated log types in a unified view. Filter logs by subscription, resource group, resource type, user, and operation to assess Azure health quickly, activity trends, and potential threats.
  • Azure resource management: Monitor the creation, deletion, and modification of Azure resources as well as their access , including VMs, storage accounts, databases, and network components, ensuring traceability of all resource changes.
  • Microsoft Entra ID account management: Track admin user creation, role changes, password resets, and unauthorized configuration attempts within Microsoft Entra ID.
  • Network security group (NSG) flow log analysis: Analyze NSG flow logs to visualize network traffic, identify anomalous connections, detect port scans, and uncover potential data exfiltration attempts by understanding allowed and denied traffic patterns.
  • Long-term archival and compliance: Retain normalized Azure logs for extended periods to meet stringent compliance mandates, such as the GDPR, HIPAA, ISO 27001, and the PCI DSS, providing readily available audit trails.

Critical Azure events monitored

Log360 continuously audits a range of critical Azure event categories:

  • Microsoft Entra ID authentication events: Successful and failed sign-ins, risky sign-ins flagged by Microsoft Entra ID Protection, administrative role assignments, and application consent grants
  • Azure resource activity events: Creation, deletion, or modification of virtual machines, storage accounts, network resources (e.g., VNETs, subnets, or public IPs), and databases
  • Azure policy and RBAC changes: Modifications to Azure policies, role-based access control (RBAC) assignments, and custom role definitions
  • Network security events: NSG rule changes, suspicious network flows (e.g., unexpected outbound connections), and firewall policy alterations
  • Storage account access: Unauthorized access attempts, public blob access, and key regeneration events on Azure storage accounts
  • System and health events: Service health alerts, resource health issues, and diagnostic setting changes that could impact log collection
  • Security center alerts: Ingestion and correlation of security alerts generated by Microsoft Defender for Cloud for unified threat visibility.

Key benefits

  • Centralized visibility: View Azure logs alongside logs from on-premises Active Directory (AD), firewalls, and other cloud and network devices within a single, integrated interface.
  • Faster threat detection: Quickly identify and respond to cloud-specific attacks, like compromised Microsoft Entra ID accounts, unauthorized resource access, data exfiltration, and suspicious network activity.
  • Comprehensive audit trail of Azure activity: Gain accountability with detailed reports on all Azure resource changes, administrative actions, access attempts, and policy modifications.
  • Regulatory compliance: Meet audit requirements with prebuilt and custom reports mapped to common compliance standards like the GDPR, HIPAA, and ISO 27001.
  • Simplified investigation: Use incident timelines, contextual log views, and powerful search capabilities to investigate Azure security incidents with minimal effort and accelerate root cause analysis.

Addressing key Azure security challenges

Challenge How Log360 solves it
Lack of centralized log storage and analysis Log360 aggregates diverse Azure logs (e.g., activity, diagnostic, and Microsoft Entra ID) and stores them in a secure, searchable repository.
Limited visibility into real-time cloud threats Live dashboards, customizable alerts, and real-time correlation rules help detect anomalies and threats as they occur across your Azure environment.
Difficulty correlating Azure logs with other IT logs Log360 correlates logs from Azure with on-premises AD, firewalls, and other systems for comprehensive threat detection and context.
Inadequate audit trails for resource and identity changes Dedicated reports track every Azure resource modification, RBAC change, Microsoft Entra ID login, and administrator activity.
Time-consuming compliance reporting for Azure Out-of-the-box Azure-specific reports mapped to various compliance standards (e.g., the GDPR or HIPAA) simplify compliance efforts.
High noise in security alerts from disparate Azure services Severity-based filtering, alert tuning, and correlation rules reduce false positives, allowing security teams to prioritize real threats.
Detecting unusual user behavior and insider threats UUEBA that leverages machine learning identifies anomalous activity patterns within Microsoft Entra ID and resource access.
Monitoring and securing Azure network traffic NSG flow log analysis provides deep insights into network traffic, allowing detection of suspicious connections and data movement.
Ensuring the integrity of Azure audit configurations Log360 monitors changes to Azure diagnostic settings and audit policies, alerting on any attempts to tamper with logging mechanisms.

Visualize your Azure data

Want to see detailed examples? Explore Azure monitoring capabilities and use cases within Log360.

Get started

Ready to secure your Azure cloud with Log360?

Gain complete visibility, detect threats faster, and simplify compliance across your entire Azure environment.

Explore ManageEngine Log360  
Details
  • Category IT Operations
Support

  support@log360.com

  Get technical assistance

Relevant resources

 Azure log management

 Azure compliance

Talk to our security experts

Have questions about Log360’s integration capabilities or need technical guidance?

 
 
Home »

Awards & recognition

ManageEngine named in 2024 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

  Editor's choice  
  7th time in the MQ in 2024  
  Major player in 2024  
  Integrated cloud security Innovator  
  Technical excellence in SIEM  
  Market leader most innovative  

Gartner® Magic Quadrant™ for SIEM 2024

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link