Alerts or detections come in many forms—some are good and some are not—and security operations center (SOC) analysts are responsible for the initial investigation into these anomalies. What’s more, when it comes to cloud-based resources, we may not have the luxury of logging everything that happens on a host operating system.
Microsoft Azure helps provide quite a bit of data to assist with the initial investigation, as well as some initial response actions. If you are a tier-one or -two analyst, you probably don’t have the ability to perform a full investigation, which is typically completed by your incident response or digital forensics team. With this in mind, I would like to introduce Swimlane’s new Microsoft Azure Use Case for just this situation.