Azure Stack

Version: Azure Stack.

Azure Stack is a hybrid cloud computing software solution developed by Microsoft based on the company’s Azure cloud platform. Azure Stack is designed to help organizations deliver Azure services from their own data center.

Netsurion Open XDR integrates with Azure Stack via Syslog and provides in insight related to remote user logons, user account password reset or changed, user account creation, group changes. Netsurion provides reports and alerts for all critical events generated.

After the Azure Stack is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR , and it monitors all the Azure Stack events, some of them are given below.

  • Monitoring security actions such as remote user logons, user account password reset or changed, user account creation, deletion, changed, enabled, disabled or added to a group.
  • Monitoring Azure Stack audit logs cleared.
  • Monitoring Azure Stack user logons.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Azure stack – User account unlocked This alert will be generated when a user account is unlocked.
Security Azure stack – Admin Interactive/Remote Interactive login failure This alert will be generated when admin Interactive/Remote Interactive login failure occurs.
Security Azure stack – Admin Interactive/Remote Interactive login success This alert will be generated when admin Interactive/Remote Interactive login is successful.
Security Azure stack – Administrative logon failure This alert will be generated when an administrative logon failure occurs.
Security Azure stack – Administrative logon success This alert will be generated when administrative logon is successful.
Security Azure stack – Audit event records discarded This alert will be generated when audit event records are discarded.
Security Azure stack – Audit log cleared This alert will be generated when audit logs are cleared.
Security Azure stack – Domain policy changes This alert will be generated when domain policies are changed.
Security Azure stack – Excessive access failures by a user This alert will be generated when failure for excessive access occurs by a user.
Security Azure stack – Excessive access failures in your organization This alert will be generated when failure for excessive access occurs in your organization.
Security Azure stack – Excessive access failures on a specific computer This alert will be generated when failure for excessive access occurs on a specific computer.
Security Azure stack – Excessive file deletes on a computer This alert will be generated when excessive file is deleted on a computer.
Security Azure stack – Excessive logon attempts from a IP address This alert will be generated when excessive login attempts from a IP address.
Security Azure stack – Excessive logon failures due to bad password/username This alert will be generated when an excessive logon failure occurs due to bad password.
Security Azure stack – Excessive logon failures in your enterprise This alert will be generated when excessive logon failures occurs in your enterprise.
Security Azure stack – Excessive logon failures in your enterprise due to user account locked This alert will be generated when excessive logon failures occurs in your enterprise due to user account locked.
Security Azure stack – Excessive user lockout in your enterprise This alert will be generated when excessive user lockout occurs in your enterprise.
Security Azure stack – Possible malware lateral movement This alert will be generated when a possible malware lateral movement is suspected.
Security Azure stack – Users password set to never expire This alert will be generated when user password is set to never expire.
Operations Azure stack – Group policy processing error This alert will be generated when an error occurs while processing a group policy.
Operations Azure stack – File replication service staging area full This alert will be generated when the file replication service staging area is full.
Compliance Azure stack – Active Directory Group policy changed This alert will be generated when a group policy is changed.
Compliance Azure stack – System shutdown This alert will be generated when the system is shutdown.

Reports

Type Name Description
Security Azure Stack – User Logon Failed This report provides information about the logon failures by users.
Security Azure Stack – User Account Locked Out This report provides information about user account locked out.
Security Azure Stack – Audit Logs Cleared This report provides information about the audit logs cleared also provides information about the user that cleared the audit logs.
Operations Azure Stack – Registry Changed This report provides information about the registry changes done by the user.
Operations Azure Stack – Administration Activities This report provides information about the administrative activities.
Operations Azure stack – User account locked out This alert will be generated when a user account is locked out.
Operations Azure stack – Users added to Domain Admin or local Admin group This alert will be generated when user is added to domain admin or local admin group.
Compliance Azure Stack – User Logon and Logoff This report provides information about the user logon and logoff.
Compliance Azure stack – Directory permission change This alert will be generated when directory permissions are changed.

Documentation

The configuration details are consistent with Netsurion Open XDR 8.x or later, and Azure Stack.

Download Integration Guide for configuration instructions and more information.