Azure Stack
Version: Azure Stack.
Azure Stack is a hybrid cloud computing software solution developed by Microsoft based on the company’s Azure cloud platform. Azure Stack is designed to help organizations deliver Azure services from their own data center.
Netsurion Open XDR integrates with Azure Stack via Syslog and provides in insight related to remote user logons, user account password reset or changed, user account creation, group changes. Netsurion provides reports and alerts for all critical events generated.
After the Azure Stack is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR , and it monitors all the Azure Stack events, some of them are given below.
- Monitoring security actions such as remote user logons, user account password reset or changed, user account creation, deletion, changed, enabled, disabled or added to a group.
- Monitoring Azure Stack audit logs cleared.
- Monitoring Azure Stack user logons.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure stack – User account unlocked | This alert will be generated when a user account is unlocked. |
| Security | Azure stack – Admin Interactive/Remote Interactive login failure | This alert will be generated when admin Interactive/Remote Interactive login failure occurs. |
| Security | Azure stack – Admin Interactive/Remote Interactive login success | This alert will be generated when admin Interactive/Remote Interactive login is successful. |
| Security | Azure stack – Administrative logon failure | This alert will be generated when an administrative logon failure occurs. |
| Security | Azure stack – Administrative logon success | This alert will be generated when administrative logon is successful. |
| Security | Azure stack – Audit event records discarded | This alert will be generated when audit event records are discarded. |
| Security | Azure stack – Audit log cleared | This alert will be generated when audit logs are cleared. |
| Security | Azure stack – Domain policy changes | This alert will be generated when domain policies are changed. |
| Security | Azure stack – Excessive access failures by a user | This alert will be generated when failure for excessive access occurs by a user. |
| Security | Azure stack – Excessive access failures in your organization | This alert will be generated when failure for excessive access occurs in your organization. |
| Security | Azure stack – Excessive access failures on a specific computer | This alert will be generated when failure for excessive access occurs on a specific computer. |
| Security | Azure stack – Excessive file deletes on a computer | This alert will be generated when excessive file is deleted on a computer. |
| Security | Azure stack – Excessive logon attempts from a IP address | This alert will be generated when excessive login attempts from a IP address. |
| Security | Azure stack – Excessive logon failures due to bad password/username | This alert will be generated when an excessive logon failure occurs due to bad password. |
| Security | Azure stack – Excessive logon failures in your enterprise | This alert will be generated when excessive logon failures occurs in your enterprise. |
| Security | Azure stack – Excessive logon failures in your enterprise due to user account locked | This alert will be generated when excessive logon failures occurs in your enterprise due to user account locked. |
| Security | Azure stack – Excessive user lockout in your enterprise | This alert will be generated when excessive user lockout occurs in your enterprise. |
| Security | Azure stack – Possible malware lateral movement | This alert will be generated when a possible malware lateral movement is suspected. |
| Security | Azure stack – Users password set to never expire | This alert will be generated when user password is set to never expire. |
| Operations | Azure stack – Group policy processing error | This alert will be generated when an error occurs while processing a group policy. |
| Operations | Azure stack – File replication service staging area full | This alert will be generated when the file replication service staging area is full. |
| Compliance | Azure stack – Active Directory Group policy changed | This alert will be generated when a group policy is changed. |
| Compliance | Azure stack – System shutdown | This alert will be generated when the system is shutdown. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure Stack – User Logon Failed | This report provides information about the logon failures by users. |
| Security | Azure Stack – User Account Locked Out | This report provides information about user account locked out. |
| Security | Azure Stack – Audit Logs Cleared | This report provides information about the audit logs cleared also provides information about the user that cleared the audit logs. |
| Operations | Azure Stack – Registry Changed | This report provides information about the registry changes done by the user. |
| Operations | Azure Stack – Administration Activities | This report provides information about the administrative activities. |
| Operations | Azure stack – User account locked out | This alert will be generated when a user account is locked out. |
| Operations | Azure stack – Users added to Domain Admin or local Admin group | This alert will be generated when user is added to domain admin or local admin group. |
| Compliance | Azure Stack – User Logon and Logoff | This report provides information about the user logon and logoff. |
| Compliance | Azure stack – Directory permission change | This alert will be generated when directory permissions are changed. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x or later, and Azure Stack.
Download Integration Guide for configuration instructions and more information.