Logging and monitoring

Missing alert for Security Solution creation/updating

Description

Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.
  • Recommended Mitigation

    Under Monitor -> Alerts, create an alert for 'Microsoft.Security/securitySolutions/write'.