Stream All Security Events to SIEM in Real-Time for Manufacturing & Industrial

Manufacturing & Industrial organizations face specific regulatory requirements including iso27001, nist-800-53, cis. The LOG-03 control helps address these requirements by:

• All Entra ID sign-in and audit logs stream to SIEM in real-time
• Custom detection rules alert on suspicious patterns
• Log retention is at least 2 years for compliance

Real-time log streaming enables immediate threat detection and correlation across your security stack. Level 3 organizations can detect and respond to attacks within minutes, not days.

When implementing LOG-03 in a manufacturing & industrial environment, consider:

• **Regulatory requirements**: iso27001, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Manufacturing & Industrial organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

LOG-03 requires the following configuration:

• All Entra ID sign-in and audit logs stream to SIEM in real-time
• Custom detection rules alert on suspicious patterns
• Log retention is at least 2 years for compliance

Requires Microsoft Sentinel or external SIEM integration

Follow the steps above in your Microsoft Entra admin center to enable this control.