Security logs SHALL be sent to the agency's security operations center for monitoring.

Why This Matters

Security logs are a primary source of threat detection and incident response. Without forwarding these logs to a centralized security operations center, your organization risks missing critical security events, delaying response times, and failing to meet compliance requirements. Administrators should prioritize this control to maintain visibility into Azure AD activity and protect against undetected attacks.

What Aether365 Checks

This check verifies that your Azure AD diagnostic settings are configured to stream security logs to a Log Analytics workspace or SIEM in your security operations center. It appears in the Aether365 dashboard under the entra-id section as part of the CISA framework.