Curated detections in the Enterprise tier of Security Command Center help identify threats in Microsoft Azure environments using both event and context data.
These rule sets require the following data to function as designed. You must ingest Azure data from each of these data sources to have maximum rule coverage.
- Azure cloud services
- Microsoft Entra ID, previously Azure Active Directory
- Microsoft Entra ID audit logs, previously Azure AD audit logs
- Microsoft Defender for Cloud
- Microsoft Graph API Activity
For more information, see the following in the Google SecOps documentation:
See supported devices and required log types for Azure: information about the data required by each rule set.
Ingest Azure and Microsoft Entra ID data: steps to collect Azure and Microsoft Entra ID log data.
Curated detections for Azure data: summary of the Azure rule sets in the Cloud Threats Category curated detections.
Use curated detections to identify threats: how to use curated detections in Google SecOps.
For information about the type of log data that customers with Security Command Center Enterprise can ingest directly to the Google SecOps tenant, see Google SecOps log data collection.