Dell APEX Cloud Platform for Microsoft Azure Security Configuration Guide

Event monitoring, auditing, and logging

The Dell APEX Cloud Platform for Microsoft Azure records important events in the system and audit logs to aid troubleshooting and forensic investigations.

The APEX Cloud Platform Manager code runs on a the utilizes the embedded Linux licensed to Dell. APEX Cloud Platform Manager inherits the default logging capabilities of the embedded Linux distribution. Direct access to log files is restricted to the mystic service user. Administrators may view application events using APEX Cloud Platform Manager.

The audit framework auditd ships with the embedded Linux distribution, which you can leverage to provide a CAPP-compliant (Controlled Access Protection Profiles) auditing system. While not configured by default, you can configure auditd to collect information about security-relevant events at a guest operating system level.

The APEX Cloud Platform Manager application records events that are triggered by operations such as Public API usage and LCM upgrades. These events are recorded to logs in the APEX Cloud Platform Manager in addition to events natively recorded by Active Directory Domain Server and Windows Hyper-V.

Configuring auditd rules enables extensive logging of binary executable use, file or folder attributes, and property modifications. See the Standard security events and Expanded monitoring with auditd sections for more details.