Alerts or detections come in many forms—some are good and some are not—and security operations center (SOC) analysts are responsible for the initial investigation into these anomalies. What’s more, when it comes to cloud-based resources, we may not have the luxury of logging everything that happens on a host operating system.
Microsoft Azure helps provide quite a bit of data to assist with the initial investigation, as well as some initial response actions.
Continue reading