Curated detections in the Enterprise tier of Security Command Center help identify threats in Microsoft Azure environments using both event and context data.
These rule sets require the following data to function as designed. You must ingest Azure data from each of these data sources to have maximum rule coverage.
- Azure cloud services
- Microsoft Entra ID, previously Azure Active Directory
- Microsoft Entra ID audit logs, previously Azure AD audit logs
- Microsoft Defender for Cloud
For information about how to ingest this data, see ingest Ingest Azure and Microsoft Entra ID data.
Make sure to review information about the supported devices and required log types required by these rule sets.
For a description of the rule sets, see Curated detections for Azure data in the Google SecOps documentation.