Practitioner Level

Monitor Storage for Security Events with Azure Monitor

Pricing
30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

The Azure Monitor Logs feature of Azure Monitor collects, stores, and organizes log and performance data from monitored resources. In this lab, you will enable diagnostic settings on a storage account to send Blob storage logs to a Log Analytics workspace. You will also use Azure Monitor Logs to query for anonymous access to blobs and create an Azure Monitor alert to notify you when anonymous access to a storage account is logged.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure Diagnostic Settings

Configure diagnostic settings on the storage account to send Blob service logs to the Log Analytics workspace.

Perform Anonymous Access

IMPORTANT: Do not upload a file that contains confidential or private information.

Upload a test file to the data container and access the file anonymously.

Use Azure Monitor Logs to Query Logs

Write a query using Azure Monitor Log Analytics to determine if anonymous access has been recorded against the storage account:

StorageBlobLogs | where AuthenticationType == 'Anonymous'
Create an Azure Monitor Alert

Use Azure Monitor alerts to create an alert for anonymous access.

View Azure Monitor Alerts
  1. Access the test file anonymously again.
  2. View the alert in Azure Monitor.
Contact SalesSee Pricing

Additional Resources

Scenario

To help you walk through the lab, consider the following scenario:

You work as a cybersecurity analyst and have been assigned to a customer to assist with remediation activities for a cybersecurity incident in which a potential data breach has occurred.

Using an existing resource group and the deployed resources, you will complete the following using the Azure portal:

  • Configure diagnostic settings on the storage account to send Blob service logs to a Log Analytics workspace.
  • Write a query in Azure Monitor Logs to determine if anonymous access has been recorded against the storage account.
  • Use Azure Monitor alerts to create an alert whenever the query returns results.
  • Test the alert by performing anonymous access.

Lab Setup

Log in to the Azure portal by right-clicking Open Azure Portal and selecting the option to open it in a new private browser window (This option will read differently depending on your browser — for example, in Chrome, it reads Open Link in Incognito Window.). Then, sign in using the credentials provided on the lab page.

The objectives for this hands-on lab can be completed using the Azure portal.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization