More Info:

Monitoring for ‘Create’ or ‘Update Security Solution’ events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, SOC2, ISO27001, HIPAA

Triage and Remediation

Remediation

To remediate the misconfiguration “Ensure Activity Log Alert exists for Create or Update Security Solution” in AZURE using the AZURE console, follow the below steps:

  1. Login to the AZURE console with your credentials.
  2. Navigate to the Security Center from the left-hand menu.
  3. Click on the “Policies” option under the Security Center.
  4. In the Policies page, click on the “Security policy” option.
  5. In the Security policy page, select the policy you want to remediate, in this case, “Ensure Activity Log Alert exists for Create or Update Security Solution”.
  6. Click on the “Remediate” button at the top of the page.
  7. In the Remediate dialog box, select the subscription(s) and resource group(s) you want to remediate and click on the “Remediate” button.
  8. The remediation process will start and you can monitor the progress from the “Activity log” option under the Security Center.

Once the remediation process is completed, the misconfiguration “Ensure Activity Log Alert exists for Create or Update Security Solution” will be remediated.

Additional Reading: