Monitoring security
Azure manages and protects many aspects of your solutions for you; however, it is still crucial that you monitor for intrusion events either at the platform level or in your hosted applications.
To help you monitor and protect your environment, you can use the Azure Activity log.
Activity log
Every action you perform in Azure, either directly in the portal, via PowerShell, the Azure CLI, using DevOps pipelines, or even as a result of an automated task, is logged.
These logs can be viewed at the resource level, resource group level, or subscription level. The process is the same for them all, but the following is an example of how to view subscription events:
- Navigate to the Azure portal by opening https://portal.azure.com.
- In the left-hand menu, select or search for
Subscriptions. - Select the subscription you wish to view.
- In the left-hand menu, click Activity log.
As the following screenshot shows, you are presented with a list of events showing what happened, when, and who or what initiated it. Events are grouped by the operation name, and clicking on the operation will provide more granular details of the events:
Figure 1.27 – Azure Activity Logs
Above the events are a series of filters to set the level you wish to view, over what time span, and a severity setting.
The severity can be filtered by Critical, Warning, Error, and Informational.
You can also add additional filters by clicking the Add Filter button, which then allows you to filter by the following properties:
- Resource Group
- Resource
- Resource Type
- Operation
- Event Initiated By
- Event Category
To see more detail of a particular event, follow these steps:
- From the list of events, expand the Operation Name group by clicking on the arrow, as shown in the previous screenshot.
- Now click on the event to show the summary.
- Click JSON to see more details of the event. The following screenshot shows an example:
Figure 1.28 – Example event details in JSON
- If you want to be alerted whenever this event occurs, click New Alert Rule and then create the alert as before.
Using the Event viewer and creating relevant alerts will help identify inappropriate activities within Azure, either via the console or other methods.
Monitoring security is an important and critical activity to ensure the safety of your systems and data. In the following section, we look at another equally important task—keeping control of your costs.
