Event logging - A.12.4.1
Introduction
anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the international standard for information security.
The purpose of this document is to provide an example of anDREa’s event logging.
This document will be updated at least annually and when significant change happens.
Examples of event logging
Also
<real but fictious made data>
{
"EventType": "WorkspaceUser:RemoveUser",
"Environment": {
"UserName": "USER1",
"MachineName": "DESKTOP-HJHPNSA",
"DomainName": "AzureAD",
"CallingMethodName": "Dre.Auditing.ServiceBusTrigger.Run()",
"AssemblyName": "Dre.Auditing, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"Culture": "en-US"
},
"Target": {
"Type": "Group",
"Old": {
"createdDateTime": "2021-06-18T13:06:11+02:00",
"displayName": "DRE_GRP_dws-184-ooo",
"groupTypes": [],
"mailEnabled": false,
"mailNickname": "DRE_GRP_dws-184-ooo",
"onPremisesProvisioningErrors": [],
"proxyAddresses": [],
"renewedDateTime": "2021-06-18T13:06:11+02:00",
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-1896122438-3463538700-1664212369-373830592",
"members": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "Testuser3",
"givenName": "Test",
"mail": "Testuser3@andreanldev.onmicrosoft.com",
"otherMails": ["Testuser3@andreanldev.onmicrosoft.com"],
"surname": "user3",
"userPrincipalName": "Testuser3@andreanldev.onmicrosoft.com",
"id": "f0ae5b9a-4e38-3c46-95e0-a06dfa5d53a0",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User2",
"givenName": "First Name",
"mail": "username2@alternate-email",
"otherMails": ["username2@alternate-email"],
"surname": "Patil",
"userPrincipalName": "username2@andreanldev.onmicrosoft.com",
"id": "b62f44bd-f5e0-4e38-3c46-075e0277d344",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"owners": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"id": "710487d1-4e38-3c46-91dd-3163c0334816",
"@odata.type": "microsoft.graph.group",
"creationOptions": [],
"isAssignableToRole": null,
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": []
},
"New": {
"createdDateTime": "2021-06-18T13:06:11+02:00",
"displayName": "DRE_GRP_dws-184-ooo",
"groupTypes": [],
"mailEnabled": false,
"mailNickname": "DRE_GRP_dws-184-ooo",
"onPremisesProvisioningErrors": [],
"proxyAddresses": [],
"renewedDateTime": "2021-06-18T13:06:11+02:00",
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-1896122438-3463538700-1664212369-373830592",
"members": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "Testuser3",
"givenName": "Test",
"mail": "Testuser3@andreanldev.onmicrosoft.com",
"otherMails": ["Testuser3@andreanldev.onmicrosoft.com"],
"surname": "user3",
"userPrincipalName": "Testuser3@andreanldev.onmicrosoft.com",
"id": "f0ae5b9a-4e38-3c46-95e0-a06dfa5d53a0",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"owners": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"id": "710487d1-4e38-3c46-91dd-3163c0334816",
"@odata.type": "microsoft.graph.group",
"creationOptions": [],
"isAssignableToRole": null,
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": []
}
},
"StartDate": "2021-09-01T09:13:05.9091292Z",
"EndDate": "2021-09-01T09:13:05.9091632Z",
"Duration": 0
}
Related Articles
Sign-in and Audit Logs
Introduction By default 30 day rolling sign-in and audit logs are created in order to trouble shoot, provide evidence, improve the quality of myDRE. Access to sign-in and audit logs The Access Control Policy (A.9.1.1) applies. Logs will not be shared ...A.14.2.5 Secure system engineering principles
Version: 3.0 Valid until: 2025-04-10 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Sarang Kulkarni Initiation document 2022-07-07 1.1 Edward Robinson Additions/changes as part of ...A.12 Operations security
Version: 3.0 Valid until: 2025-04-10 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Sarang Kulkarni Johanna Hakonen Initiation document 2022-07-07 1.1 Edward Robinson ...20220713 Report Azure White Box Security Audit
Version: 2022-07-14 Introduction anDREa has a Pentest Program program as part of the commitment to protect the security of its business information. At least once a year we request an external party to do the pentest and a white box security audit. ...Overview of email notifications
This article outlines when email notifications are send to whom. Type Event Email send to Workspace Workspace creation Accountable User Invitation User Data ingress Upload ready (large files) Uploader Data egress Request Privileged Members (Owners) ...