Hi,
Recently, I built the Azure Solution Architect Map aimed at helping Architects finding their way in Azure. Given the unexpected success and the very positive feedback I received, I decided...
Updated Feb 23, 2021
Version 10.0
Blog Post
Hello fn6Dragon
I guess there is no black or white answer here. It all depends on what your company has in terms of existing tools and whether or not they want to leverage Cloud-native solutions. In terms of incident detection/response, Azure Sentinel is now pushed by Microsoft although at the time of writing (08/2019) it is still in preview and still need to gain in maturity. Now, if you already have a SIEM like QRadar, you can send all your service logs to Event Hub directly and plug QRadar to Event Hub since it has a connector to it. This is valid for PaaS & FaaS, for VMs, you need indeed some agent to be installed (depending on the underlying OS). to collect the logs, send them to Azure Monitor & integrate with QRadar or other similar tools.
Best Regards