Standardizing on modern cloud-based monitoring tools like Azure Monitor and Azure Logic Apps (and Azure Function Apps) is possible with a strategy to manage alerts and overrides at scale. The basics are there: separation of control types as well as control portability. All Azure monitoring artifacts, ‘standard’ and ‘custom’ can be exported and imported as Azure Policy (.JSON files). While Azure has no native concept of management packs, Azure Monitor and Azure Logic apps provide means of keeping these two kinds of data separate. ![]() This protocol keeps the two types of controls (standard and custom) separate by design. Overrides to standard rules and monitors are saved in unsealed management packs (.XML files) that generally apply only in their specific environments. In the Microsoft System Center model, standard settings are contained in sealed management packs (.MP files) that apply to all environments. For managed services providers, this maps to (1) cross-environment and (2) customer-specific information being segregated and portable. One challenge to consider is keeping reusable standard rulesets separate from the custom exceptions to standard rules. Once you are using Azure Monitor and Azure Sentinel rules at scale, you realize you need to implement some standards of usage and naming (think taxonomy and lexicon governance) that guide rule management. Objective: Keep standard rulesets and environment-specific exceptions separate ![]() This article details methods to use existing Azure features to achieve this operational necessity. A common and useful concept in management applications is to distinguish between (1) built-in, non-changing monitoring settings and (2) custom, dynamic exceptions to the standard settings.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |