Ensure that an Azure activity log alert is fired whenever "Update Key Vault" events are triggered within your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs. For this conformity rule, the matched condition is "Whenever the Activity Log has an event with Category='Administrative', Signal name='Update Key Vault (vaults)'".
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Monitoring your Microsoft Azure account for "Update Key Vault" events will give you insights into the configuration changes made at the Azure Key Vault level and help you reduce the time it takes to detect any unauthorized activity performed on the resource and mitigate all unwanted behavior.
Audit
To determine if there is an activity log alert created for "Update Key Vault" events in your Microsoft Azure cloud account, perform the following actions:
Remediation / Resolution
To create a Microsoft Azure activity log alert for "Update Key Vault (Microsoft.KeyVault/vaults)" events, perform the following actions:
References
- Azure Official Documentation
- Create, view, and manage activity log alerts by using Azure Monitor
- Create, view, and manage log alerts using Azure Monitor
- Action rules (preview)
- Azure Command Line Interface (CLI) Documentation
- az monitor activity-log alert list
- az monitor activity-log alert show
- az monitor activity-log alert create