Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts.
What should you create first?
Click on the arrows to vote for the correct answer
A. B. C. D.B
To create security alerts in Azure Monitor, you need to prepare your Azure subscription first. One of the key requirements is to have an Azure Log Analytics workspace, which is used to collect, analyze, and act on telemetry data from various sources, including security-related logs.
Therefore, the correct answer is B. an Azure Log Analytics workspace.
Here's why:
Azure Monitor is a platform service that provides monitoring and alerting capabilities across Azure resources. It can monitor activity logs, metrics, and diagnostic logs, and generate alerts based on specified conditions or events.
To use Azure Monitor for security-related alerts, you need to collect and analyze security-related logs from your Azure resources. These logs can include activity logs, which record all operations that were performed on a resource, and diagnostic logs, which provide detailed information about the resource's health and performance.
To collect and analyze these logs, you need to have an Azure Log Analytics workspace, which is a central repository for all your logs. The workspace is used to collect data from various sources, such as Azure resources, Windows and Linux servers, and other sources that support the Common Event Format (CEF) or Syslog.
Once you have created an Azure Log Analytics workspace, you can configure it to collect and analyze security-related logs from your Azure resources. You can then create queries and alerts in the workspace to monitor specific events or conditions and trigger actions when those events or conditions occur.
Therefore, the correct first step in preparing your Azure subscription for security alerts in Azure Monitor is to create an Azure Log Analytics workspace.
Option A (an Azure Storage account) is incorrect because while Azure Storage can be used to store logs, it does not provide the analytics capabilities required for creating security alerts.
Option C (an Azure event hub) is incorrect because while it can be used to collect and stream data from various sources, including logs, it does not provide the analytics capabilities required for creating security alerts.
Option D (an Azure Automation account) is incorrect because while it can be used to automate tasks and workflows, it does not provide the analytics capabilities required for creating security alerts.