Logging and monitoring

Missing Alert for Security Solution creation/updating

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.
  • Recommended Mitigation

    Under Monitor -> Alerts, create An Alert for 'Microsoft.Security/securitySolutions/write'