One of the latest Azure Operational Insights (AOI) Intelligence Packs (IP) is the Security and Audit IP. This IP is updated by Microsoft on a periodically basis in order to provide you with the latest security intelligence.
And:
This IP is a special one since it works best when you’ve got a proper Audit Policy in place. But because of that same Audit Policy, it can create a large volume of security event data uploaded to AOI, potentially causing to reach the daily data transfer.
So use this IP wisely and test it thoroughly in order to see whether it delivers good information which can be used by the security auditors. And when it does, write a business case for this IP, allowing for a move from the Free Tier to the Standard or even Premium one.
No comments:
Post a Comment