Security Center collects data from your Azure virtual machines (VMs) and non-Azure computers to monitor for security vulnerabilities and threats. Data is collected using the Microsoft Monitoring Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis.
Automatic provisioning is off by default. You can disable automatic provisioning from resources at any time by turning off this setting in the security policy. Automatic provisioning is highly recommended in order to get security alerts and recommendations about system updates, OS vulnerabilities and endpoint protection.
To disable data collection, Sign in to the Azure portal, select Browse, select Security Center, and select Select policy. Select the subscription that you wish to disable automatic provisioning. When you select a subscription Security policy - Data collection opens. Under Auto provisioning, select Off.
You can enable data collection for your Azure subscription in the Security policy. To enable data collection. Sign in to the Azure portal, select Browse, select Security Center, and select Security policy. Select the subscription that you wish to enable automatic provisioning. When you select a subscription Security policy - Data collection opens. Under Auto provisioning, select On.
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created. Automatic provisioning is strongly recommended but manual agent installation is also available. Learn how to install the Microsoft Monitoring Agent extension.
The agent enables the process creation event 4688 and the CommandLine field inside event 4688. New processes created on the VM are recorded by EventLog and monitored by Security Center’s detection services. For information on the details recorded for each new process see description fields in 4688. The agent also collects the 4688 events created on the VM and stores them in search.
When Security Center detects suspicious activity on the VM, the customer is notified by email if security contact information has been provided. An alert is also visible in Security Center’s security alerts dashboard.
The agent consumes a nominal amount of system resources and should have little impact on the performance. For more information on performance impact and the agent and extension, see the planning and operations guide.
Data collected from this agent is stored in either an existing Log Analytics workspace associated with your subscription or a new workspace. For more information, see Data Security.
Zendesk Theme Designed by Diziana
Copyright © Diziana. All Rights Reserved