Ensure Activity Log alerts are configured
Description
Azure Activity Log alerts should notify on critical operations like policy changes and resource deletions.
⚠️ Risk Impact
Without alerting, unauthorized administrative actions go undetected.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected Azure accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Create Activity Log alerts in Azure Monitor for security-relevant operations.
💀 Real-World Attack Scenario
An attacker with compromised admin credentials deleted all Azure Diagnostic Settings and Activity Log exports within the first 5 minutes of access. Without Activity Log alerts, the logging disruption was not detected for 3 weeks, during which the attacker created persistent backdoor access and exfiltrated data.
💰 Cost of Non-Compliance
Organizations without security alerting have 277-day average dwell time vs 23 days with alerting. Cost differential: $2.7M. SOC 2 CC7.2 requires continuous monitoring and alerting.
📋 Audit Questions
- 1.What Activity Log alerts are configured?
- 2.Who receives alerts for policy and RBAC changes?
- 3.Are alerts configured for Diagnostic Settings deletion?
- 4.What is the response SLA for security alerts?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Creating alerts but not configuring Action Groups with appropriate notification channels
- ⛔Alerting only on resource deletion but not on RBAC changes or diagnostic setting modifications
- ⛔Alert fatigue from overly broad alerting rules
📈 Business Value
Activity Log alerts provide real-time detection of administrative changes, reducing dwell time by 91% and enabling immediate incident response.
⏱️ Effort Estimate
2-4 hours to configure comprehensive alerting
EchelonGraph monitors for missing Activity Log alerts
🔗 Cross-Framework References
Automate CIS Azure 5.1 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →