Share via

Ingest keyvault ,application logs

Ponugoti Narendra 41 Reputation points
2021-05-31T02:03:12.407+00:00

We are planning to ingest azure Keyvault and application logs to Sumo logic .Can you Please specify what type of logs we will get from Kayvault and application logs ? what types of use cases we can implement to detect suspicious activities. Please help

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,436 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,557 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,287 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,883 questions
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,306 Reputation points Microsoft Employee
    2021-05-31T06:01:58.577+00:00

    @Ponugoti Narendra Thanks for reaching out.
    Once you have setup the path from Azure to Sumo logic, the key vault can provide Alerts, Input data errors , usage and diagnostic logs.

    • You can utilize it for various login scenarios.
    • Failed attempts
    • You can look for delete, purge or backup operations.

    We can tell with reference to Azure sentinel, what all visibility you can get from Key vault using same set of logs :
    https://techcommunity.microsoft.com/t5/azure-sentinel/visibility-of-azure-key-vault-activity-in-sentinel-azure-key/ba-p/2140751

    This gets enhanced when using Azure security center + Azure sentinel.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ponugoti Narendra 41 Reputation points
    2021-05-31T06:44:00.487+00:00

    What all Pre alerts configured in Azure security center for key vault .Do you have any specific set of use cases for Azure sentinel

    We don't have any web application firewall to monitor application logs. any use cases specific to applications??

    0 comments
  2. VipulSparsh-MSFT 16,306 Reputation points Microsoft Employee
    2021-05-31T13:13:29.94+00:00

    @Ponugoti Narendra Following are the inbuilt Alerts configured for Key vault under Azure Defender (part of Azure security Center). This table shows the alert type along with the MITRE tactics status.

    101095-image.png

    101096-image.png

    While security center makes you aware about that. Azure sentinel can help you visualize the problem and understand root cause and different entities involed, it also helps you automate the incident and response should there be any need.

    Azure Sentinel uses AI and Microsoft's threat intelligence stream to detect threats across your environment, correlate alerts into incidents, use deep investigation tools to find the scope and root cause and access powerful hunting search and query tools.

    It can build you complete network map for related involved entities and help in investigation :
    101134-image.png

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.