BIO 12.04.01 ISO A.12.4.1

Azure Monitoren Design (Observability & Alerting)

πŸ“… 2025-10-30
β€’
⏱️ 15 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

Azure monitoren architecture centraliseert metrics, logt en traces van Azure resources, applications en infrastructure voor observability, alerting, diagnostics en security monitoring via loggen Analytics workspaces en Application Insights.

Aanbeveling
IMPLEMENTEER AZURE MONITOR
Risico zonder
High
Risk Score
8/10
Implementatie
40u (tech: 24u)
Van toepassing op:
βœ“ Azure

Zonder monitoring: blind to performance issues, beveiligingsincidenten undetected, no troubleshooting data, compliance hiaten (logging requirements). Azure monitoren provides: Centralized logging (all Azure resources), Metrics collection (performance, health), Alerting (proactive issue detectie), Workbooks (visualization), Integration (Sentinel SIEM, automation).

Implementatie

Azure monitoren architecture: (1) loggen Analytics Workspaces: Central loggen repository, KQL queries, retentiebeleid (30-730 days), Multiple workspaces (per environment/region); (2) Diagnostic Settings: Resource logt β†’ workspace, Activity logt β†’ workspace, Metrics β†’ workspace; (3) Alerts: Metric alerts (CPU >80%), loggen query alerts (error patterns), Activity loggen alerts (resource deletions); (4) Action Groups: Email, SMS, webhook, Logic App triggers; (5) Application Insights: APM (Application Performance monitoring), Distributed tracing, Dependency mapping; (6) Workbooks: aangepaste dashboards, Compliance views, beveiligingspositie.

Vereisten

  1. Azure subscription
  2. Log Analytics workspace strategy (how many? where?)
  3. Retention requirements (compliance-driven)
  4. Alert recipients defined
  5. Budget (data ingestion costs €2-5/GB)
  6. Query expertise (KQL)

Implementatie

Maak aan loggen Analytics workspace(s), Schakel in diagnostic settings op alle resources, Configureer alerts (critical: VM down, opslag capacity, security gebeurtenissen), Maak aan action groups, implementeren workbooks.

Compliance en Auditing

Azure monitoren voldoet aan: BIO 12.04.01 (Logging en monitoring mandatory), ISO 27001 A.12.4.1 (Gebeurtenissen logging en audittrails), NIS2 Artikel 21 (Security monitoring capabilities).

Monitoring

Gebruik PowerShell-script azure-monitor.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script azure-monitor.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS Azure Monitor Design .DESCRIPTION Implementation for Azure Monitor Design .NOTES Filename: azure-monitor.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Related JSON: content/design/platform/azure-monitor.json #> #Requires -Version 5.1 #Requires -Modules Microsoft.Graph [CmdletBinding()] param( [Parameter()][switch]$WhatIf, [Parameter()][switch]$Monitoring, [Parameter()][switch]$Remediation, [Parameter()][switch]$Revert ) $ErrorActionPreference = 'Stop' $VerbosePreference = 'Continue' $PolicyName = "Azure Monitor Design" $BIOControl = "16.01" function Connect-RequiredServices { # Connection logic based on API } function Test-Compliance { Write-Verbose "Testing compliance for: $PolicyName..." $result = [PSCustomObject]@{ ScriptName = "azure-monitor" PolicyName = $PolicyName IsCompliant = $false TotalResources = 0 CompliantCount = 0 NonCompliantCount = 0 Details = @() Recommendations = @() } # Compliance check implementation # Based on: Design Document $result.Details += "Compliance check - implementation required based on control" $result.NonCompliantCount = 1 return $result } function Invoke-Remediation { Write-Host "`nApplying remediation for: $PolicyName..." -ForegroundColor Cyan # Remediation implementation Write-Host " Configuration applied" -ForegroundColor Green Write-Host "`n[OK] Remediation completed" -ForegroundColor Green } function Invoke-Monitoring { $result = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Total: $($result.TotalResources)" -ForegroundColor White Write-Host "Compliant: $($result.CompliantCount)" -ForegroundColor Green $color = if ($result.NonCompliantCount -gt 0) { "Red" } else { "Green" } Write-Host "Non-compliant: $($result.NonCompliantCount)" -ForegroundColor $color return $result } function Invoke-Revert { Write-Host "Revert: Configuration revert not yet implemented" -ForegroundColor Yellow } try { Connect-RequiredServices if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { if ($WhatIf) { Write-Host "WhatIf: Would apply remediation" -ForegroundColor Yellow } else { Invoke-Remediation } } elseif ($Revert) { Invoke-Revert } else { $result = Test-Compliance if ($result.IsCompliant) { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red } } } catch { Write-Error $_ }

Risico zonder implementatie

Risico zonder implementatie
High: Zonder monitoring = blind to security incidents, performance issues undetected, compliance violations (BIO/ISO mandatory logging), no forensics capability. Prerequisite Sentinel SIEM. Het risico is HOOG - observability foundation.

Management Samenvatting

Azure Monitor Architecture: Log Analytics Workspace (central log repository - 365-730 dagen retention), Diagnostic settings ALL resources (Activity + Resource logs), Alert rules (security + operational events), Action Groups (notification routing), Workbooks (dashboards), Application Insights (APM). Prerequisite Microsoft Sentinel. Kosten: €2-5/GB ingestion (€500-2000/maand typical). Activatie: Deploy LAW β†’ Enable diagnostic settings β†’ Configure alerts. Verplicht BIO 12.04, ISO 27001 A.12.4. Implementatie: 24-40 uur. FOUNDATION observability + security - prerequisite Sentinel SIEM.