Requesting enhancement to allow for cloud shell visibility into user interaction and activity derived from Azure CloudShell.
Problem: There is alot of capability that users can leverage using Azure Cloud shell (SDK and/or web shell), we requesting visibility in terms of logging capabilities to centralize into the azure platform. Would like visibility to see when users do: file upload/downloading, cmd line executions, IDE/editor actions.
Use Case: Would like to see detailed activity that occurs within microsoft azure cloud shell (web or sdk). For instance if a user uploads/downloads a file from their cloud shell into storage, using the editor to develop,execute,modify files, or specific actions ran from this shell, we would like visibility in terms of logs to identify these actions. This would help detection and response capabilities better identify usage and activity surrounding threats.
Rational: User activity tracking. If an incident/compromise were to occur and the user leveraged cloud shell, analysts have very limited visibility into what originated if a cloud shell is involved.
Requesting enhancement to allow for cloud shell visibility into user interaction and activity derived from Azure CloudShell.
Problem: There is alot of capability that users can leverage using Azure Cloud shell (SDK and/or web shell), we requesting visibility in terms of logging capabilities to centralize into the azure platform. Would like visibility to see when users do: file upload/downloading, cmd line executions, IDE/editor actions.
Use Case: Would like to see detailed activity that occurs within microsoft azure cloud shell (web or sdk). For instance if a user uploads/downloads a file from their cloud shell into storage, using the editor to develop,execute,modify files, or specific actions ran from this shell, we would like visibility in terms of logs to identify these actions. This would help detection and response capabilities better identify usage and activity surrounding threats.
Rational: User activity tracking. If an incident/compromise were to occur and the user leveraged cloud shell, analysts have very limited visibility into what originated if a cloud shell is involved.