Azure AD and events - automated insight with AIMS

June 4, 2020

AIMS can now get login- and audit-data from Azure AD, and pair this information with administrative- and security-events that occurs on your Azure subscription.

AIMS will also use its machine-learning to create baselines for the 4 different event-types, meaning that if there is a sudden change of activity on either event-type, AIMS will be able to detect this and correlate the information to any impacts detected. For instance, an admin event to reduce the size of a VM could impact the performance of an application hosted on that VM. An increase in security events combined with failed logins can indicate hacking attempts. 

By combining this event agent with the Azure monitor agent, you will have a very powerful tool that can

  • Detect bottlenecks, and see if it is related to available resources, config change, security issue or new deployment
  • If an admin event correlates with the performance issue, you can see when and who did the change
  • Control cost by having control over all deployments and config changes in Azure
  • Get early warnings about potential security issues, and correlate with Azure usage, performance and logins.
  • Get information about security and user settings on Azure resources, and see if any of these correlates to security events, increased traffic or performance issues.

The bullets above only list a few of the interesting capabilities available by applying machine learning to these data. Also, each event coming from Azure is logged as an event in AIMS, so you will have all the details on the event like eventtype, resource affected, user, IP, location action and more.

The agent is written in Javascript, so it can be hosted pretty much anywhere. It will consume events from a dedicated Event Hub that the user sets up. The user needs to enable diagnostics for Azure AD and Azure Monitor, and pipe the events to the selected Event Hub.

For information on how to install the Azure Event Hub agent, please see the following support page.

Topics from this blog: Technical



BizTalk: Undiscovered secret of DTA purge and Archive stored procedure

DTA Database is one of the most important databases in the BizTalk DB component. The issue in this database can cause a lot of performance issues in BizTalk. To keep the DB healthy, Microsoft...

Recovery of Master Secret Server

As a part of the recovery process during DR (Disaster Recovery) or any other unforeseen scenarios, one might have to restore the master secret to re-use the existing setup and data. This article will...

AIMS teams up with the Norwegian Computing Center to make predictions to alert of a possible problem even before the problem itself arises

At AIMS, we strive to alert as early as possible that some problem is arising for a business-critical system. We want to arrive as far as to make predictions to alert of a possible problem even...