Security event logs should be collected
Security audits should be collected by Advisor. Proper intellignece should be added to query for specific info contained in properties. Some sort of normalization (like ACS does) is welcome / needed.
Proper reporting is needed as well.
The ‘Security and Audit’ intelligence pack can now be added from the IP Gallery, but the team continues iterating on it.
Mathieu Isabel commented
I know Microsoft doesn't like specific data commitments but can you give us a ballpark as to when this would be available? We're looking into a SIEM solution and are wondering if that would do the job for us. If you have an private beta for this IP, we would be willing to look at it as well. We'll gladly provide feedback.