I am new to Azure and currently doing security monitoring in azure security center. I have few questions that i would like to ask.
Currently there are syslogs coming in from machines and i am to create rules to fire an alert if it detects security events. so my questions are:
1. does azure come with pre defined default rule? if yes where are they and how can i enable/disable them.
I will forward this to one of the experts in this area
There is a new capability in Azure Security Center to turn every log query into security alert. See documentation here: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert and recorded demo here: https://youtu.be/e8iFCz5RM4g?t=1486.
About ingestion of security solutions, we do prefer using CEF over Syslog rather than simple Syslog though both are possible. CEF provides more structured format and indexing. See more details on CEF support here: https://docs.microsoft.com/en-us/azure/security-center/security-center-partner-integration.
Hope it helps,