Security information and event management (SIEM)
Sitefinity Cloud includes a security information and event management (SIEM) solution out of the box. The Sitefinity Cloud SIEM solution is based on Microsoft Azure Sentinel and offers real-time monitoring and analysis of events as well as tracking and logging of security data for compliance or auditing purposes.
Use SIEM out of the box
Every Sitefinity Cloud subscription is equipped with Azure Sentinel solution instance that inspects the log analytics workspace used to gather the logs from various infrastructure components. SIEM improves security by proactively inspecting large volumes of raw logs that are otherwise difficult to go through and extract the valuable security information.
Analytics rules are enabled for Sitefinity web applications and for the relevant Sitefinity Cloud infrastructure to help raise alerts and create incidents in real time for the Sitefinity Cloud Engineering Team to address. Each alert type is classified by severity with potential high severity threats triggering a call to the Sitefinity Cloud On-Duty Team for immediate investigation.
High severity alerts are treated like incidents and are handled via the incident handling process. For more information about this process, see Sitefinity Cloud Support Workflow.
Use Advanced Security add-on
The Sitefinity Cloud Advanced Security add-on includes all the Sitefinity Cloud SIEM out-of-the-box features plus:
- Daily security triage and proactive threat hunting for Low and Medium severity alerts
- Support process for handling Low and Medium severity alerts
- Detailed logging of HTTP requests and additional SIEM rules for inspecting them
The following diagram illustrates how the SIEM alert incident handling works provided that the Sitefinity Cloud Advanced Security add-on is purchased: