Event logging - A.12.4.1
Introduction
anDREa is committed to protecting the security of its business information in the face of incidents and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC/27001:2013, the international standard for information security.
The purpose of this document is to provide an example of anDREa’s event logging.
This document will be updated at least annually and when significant change happens.
Examples of event logging
Also
<real but fictious made data>
{
"EventType": "WorkspaceUser:RemoveUser",
"Environment": {
"UserName": "USER1",
"MachineName": "DESKTOP-HJHPNSA",
"DomainName": "AzureAD",
"CallingMethodName": "Dre.Auditing.ServiceBusTrigger.Run()",
"AssemblyName": "Dre.Auditing, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"Culture": "en-US"
},
"Target": {
"Type": "Group",
"Old": {
"createdDateTime": "2021-06-18T13:06:11+02:00",
"displayName": "DRE_GRP_dws-184-ooo",
"groupTypes": [],
"mailEnabled": false,
"mailNickname": "DRE_GRP_dws-184-ooo",
"onPremisesProvisioningErrors": [],
"proxyAddresses": [],
"renewedDateTime": "2021-06-18T13:06:11+02:00",
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-1896122438-3463538700-1664212369-373830592",
"members": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "Testuser3",
"givenName": "Test",
"mail": "Testuser3@andreanldev.onmicrosoft.com",
"otherMails": ["Testuser3@andreanldev.onmicrosoft.com"],
"surname": "user3",
"userPrincipalName": "Testuser3@andreanldev.onmicrosoft.com",
"id": "f0ae5b9a-4e38-3c46-95e0-a06dfa5d53a0",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User2",
"givenName": "First Name",
"mail": "username2@alternate-email",
"otherMails": ["username2@alternate-email"],
"surname": "Patil",
"userPrincipalName": "username2@andreanldev.onmicrosoft.com",
"id": "b62f44bd-f5e0-4e38-3c46-075e0277d344",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"owners": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"id": "710487d1-4e38-3c46-91dd-3163c0334816",
"@odata.type": "microsoft.graph.group",
"creationOptions": [],
"isAssignableToRole": null,
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": []
},
"New": {
"createdDateTime": "2021-06-18T13:06:11+02:00",
"displayName": "DRE_GRP_dws-184-ooo",
"groupTypes": [],
"mailEnabled": false,
"mailNickname": "DRE_GRP_dws-184-ooo",
"onPremisesProvisioningErrors": [],
"proxyAddresses": [],
"renewedDateTime": "2021-06-18T13:06:11+02:00",
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-1896122438-3463538700-1664212369-373830592",
"members": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "Testuser3",
"givenName": "Test",
"mail": "Testuser3@andreanldev.onmicrosoft.com",
"otherMails": ["Testuser3@andreanldev.onmicrosoft.com"],
"surname": "user3",
"userPrincipalName": "Testuser3@andreanldev.onmicrosoft.com",
"id": "f0ae5b9a-4e38-3c46-95e0-a06dfa5d53a0",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"owners": [
{
"displayName": "USER NAME",
"givenName": "First Name",
"mail": "username1@alternate-email",
"otherMails": ["username1@alternate-email"],
"surname": "Last Name",
"userPrincipalName": "username1@andreanldev.onmicrosoft.com",
"id": "a4e083c5-4e38-4e38-3c46-c0890f970702",
"@odata.type": "#microsoft.graph.user",
},
{
"displayName": "User4",
"givenName": "First Name",
"mail": "username4@alternate-email",
"otherMails": ["username4@andreanldev.onmicrosoft.com"],
"surname": "Last Name",
"userPrincipalName": "username4@andreanldev.onmicrosoft.com",
"id": "4a474625-4e38-3c46-3c46-86906c2d7c38",
"@odata.type": "#microsoft.graph.user",
}
],
"id": "710487d1-4e38-3c46-91dd-3163c0334816",
"@odata.type": "microsoft.graph.group",
"creationOptions": [],
"isAssignableToRole": null,
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": []
}
},
"StartDate": "2021-09-01T09:13:05.9091292Z",
"EndDate": "2021-09-01T09:13:05.9091632Z",
"Duration": 0
}
Related Articles
Sign-in and Audit Logs
Introduction By default 30 day rolling sign-in and audit logs are created in order to trouble shoot, provide evidence, improve the quality of myDRE. Access to sign-in and audit logs The Access Control Policy (A.9.1.1) applies. Logs will not be shared ...20220713 Report Azure White Box Security Audit
Version: 2022-07-14 Introduction anDREa has a Pentest Program program as part of the commitment to protect the security of its business information. At least once a year we request an external party to do the pentest and a white box security audit. ...Overview of email notifications
This article outlines when email notifications are send to whom. Type Event Email send to Workspace Workspace creation Accountable User Invitation User Data ingress Upload ready (large files) Uploader Data egress Request Privileged Members (Owners) ...Security Manifesto
First version: 2021-04-15 Last updated: 2024-01-24 Last change: Replacing 'Azure DRE' with 'myDRE' ; replaced 'Owner' with 'Accountable or Privileged Member' Introduction anDREa is committed to protecting the security of its business information in ...CIA (BIV) Classification
First version: 2022-03-29 Last updated: 2023-11-06 Last change(s): Added the 'wrong Accountable' threat and mitigation under Threats and Vulnerability Analysis. Summary CIA stands for Confidentiality (Vertrouwelijkheid), Integrity of data ...