Forum Discussion
Azure Security baseline for Defender for Cloud
Hi,
Looking for some help with this.
LT-4 for the Azure Security baseline for Defender For Cloud -
https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/security-center-security-baseline
says "Microsoft Defender for Cloud also produces security audit logs for the local administrator accounts. Enable these local admin audit logs"
What are these audit logs - does this refer to auditing the SecurityAdmin role or something else ? How do you enable these logs ?
Thanks, R
2 Replies
- Hi,
This point applies to collecting logs from Azure Resources not directly from Defender for Cloud. Here you have a link describing what data you can and you should collect:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components- understood. thanks for your response.
