Disabling or deleting Diagnostic logging for an Azure resource or subscription.
Possible Root Causes
Malicious Activity: An attacker has deleted Diagnostic logging to hide their tracks.
Administrative Change: An administrator has disabled Diagnostic logging as part of normal environmental changes.
Business Impact
Inability to detect future attacks, investigate past security incidents, or audit activity within the environment.
Increased risk of undetected malicious activity that may negatively impact business operations.
Steps to Verify
Analyze Subsequent Actions: Review the actions taken by the user after disabling or deleting Diagnostic logging to assess potential risks.
Check Logging Policies: Review security policies to determine if the removal of Diagnostic logging is permitted within the environment.
Validate Legitimacy: Discuss with the user to confirm whether the activity was intentional and authorized.
Respond to High-Risk Activity: If the review determines a high risk to data or the environment, disable the associated credentials and conduct a comprehensive investigation.
Azure Diagnostic Logging Disabled
Possible root causes
Malicious Detection
Benign Detection
Azure Diagnostic Logging Disabled
Example scenarios
Azure Diagnostic Logging Disabled
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.