Microsoft: Investigating Suspicious Activity in a Hybrid Cloud with OMS Security
Monitoring devices in a hybrid environment is imperative to your secure posture. The intent of having a tight secure posture is to close the gap between discovering a threat and take an action to proper add countermeasures in place. Monitoring will play a big role in the detection phase of your secure posture as shown in the following diagram:
In a hybrid environment you can leverage OMS Security & Audit Solution detection capabilities to identify threats and use some of the guidelines provided by OMS to help you to proper respond to that threat. While there are some scenarios that the threat itself will be easily detected by OMS, in some others scenarios you may just receive an alert that a suspicious activity took place in a particular system. The intent of this post is to show you how to leverage some of the OMS Security & Audit capabilities to help you during this investigation.
Note: It is important to emphasize that you should always leverage your organization’s incident response process to proper handle case by case.
Read the entire article here, Investigating Suspicious Activity in a Hybrid Cloud with OMS Security – Microsoft Azure Security and Compliance
via the fine folks at Microsoft