Using Wazuh to monitor Microsoft Azure

This section provides instructions for monitoring Microsoft Azure infrastructures, such as:

  • Monitoring instances by installing the Wazuh agent on them. This will send events to the Wazuh manager for analysis in order to classify the events within a range of alerts that can be easily viewed.

  • Monitoring the Azure Portal and its services, including platform logs from Azure services, logs, performance data from virtual machines, and usage and performance data from the applications.

  • Monitoring the Microsoft Entra ID (ME-ID) activity to discover how the Microsoft Entra ID services are accessed and used.