Azure Activity Logs-c

Upwind Expands Threat Detection with Native Azure Log Analytics Integration

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Oct 09, 2025

Upwind is excited to announce a new integration that brings deeper visibility and faster threat detection to Microsoft Azure environments. With native support for Azure Log Analytics and Activity Logs, customers can now detect risks and respond to threats across Azure with greater precision, especially around administrative activity, access patterns, and configuration changes.

This release helps customers extend Upwind’s detection and response capabilities across Azure, just as they already do in AWS and Google Cloud to unify cloud security signals across all major providers, helping security teams gain real-time context, reduce noise, and take confident action.

What Are Azure Logs?

Azure Logs provide critical telemetry for understanding what’s happening inside your Azure environment. These logs are collected and stored in Azure Log Analytics, a monitoring and query engine that enables security teams to centralize and analyze operational data across Azure resources.

side-panel
The Upwind Platform detects a threat using Azure Activity Logs

Among the most valuable log categories in Azure Log Analytics are Azure Activity Logs, which offer detailed visibility into changes across your cloud environment. These logs capture cluster control-plane operations, such as resource creation, deletion, and configuration changes, providing a comprehensive audit trail of actions taken via the Azure portal, CLI, SDKs, or APIs. They are essential for identifying misconfigurations, tracking changes, and investigating potential security incidents. By integrating with Azure Log Analytics, Upwind can ingest and correlate data from Azure Activity Logs, delivering runtime-aware insights across your cloud environment.

Deeper Detection with Azure Activity Logs

Upwind ingests Azure Activity Logs through Azure Log Analytics. This powers a new class of detections including unauthorized access attempts, privilege escalation, risky configuration or policy changes, or unusual administrative behavior. By correlating this data with Upwind’s runtime insights, like process activity and network traffic, we provide a clearer picture of how identities and services interact in real-world cloud environments. This combination enables faster, more confident investigations and responses.

Detections
Upwind now Azure Activity Log detections with runtime insights for smarter security context



With support for Azure Activity Logs, users receive even deeper detections. For instance:

  • An Azure host, identified with a critical vulnerability, is actively communicating with the Instance Metadata Service and has open internet egress.
  • Public access settings for an Azure Storage Account were configured by altering its access policies.
Floating-card
The Upwind Platform leverages Azure logs for the detection of configuration violations.


Easy Setup, Immediate Value

For organizations already exporting Activity Logs to Azure Event Hub, which is a common setup for many Azure users, integration is fast and seamless. Using a simple setup flow in the Upwind Console, customers can connect their existing Log Analytics workspace and begin streaming logs for real-time analysis, without requiring any additional data collection.

Upwind’s streamlined setup unlocks powerful new detections without operational overhead.  With this release, users get:

  • New Detection Source: Azure Log Analytics is now available as a detection source across the Upwind Platform.
  • Activity Log Coverage: Our initial release focuses on Activity Logs, the most detailed source of Azure control plane activity, powering new detections for suspicious admin actions and policy violations.
  • Console Integration: Customers can now enable Azure Log Analytics directly from the Upwind Console, streamlining onboarding and log ingestion.
Azure-Log-Analytics
Integration settings for Aure Logs can be managed in the “settings” module and “integrations” subheader of the Upwind Platform

More Signal, Less Noise, Now in Azure

Security teams can now focus on the signals that matter most, thanks to Upwind’s Azure Log Analytics integration, without drowning in noise. By analyzing high-signal logs that capture the “who, what, and when” of your cloud environment, Upwind helps you detect real threats, reduce response time, and strengthen your security posture across Azure infrastructure.

Running critical workloads in Azure? Schedule a personalized demo with us to see how Upwind delivers the clarity, context, and confidence you need to secure your cloud in real time

Upwind Expands Threat Detection with Native Azure Log Analytics Integration

Further Reading

PCI DSS
Product

Upwind Modernizes PCI-DSS for Cloud-Native Security

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Oct 01, 2025

We’re introducing the Upwind Framework for PCI-DSS to help organizations meet one of the most widely adopted security standards. This release is part of Upwind’s broader mission to make compliance continuous and directly tied to runtime environments. In this blog, we will explain what PCI-DSS is and why it matters, highlight the growing challenges of […]

Configurations Dashboard
Product

Streamline Compliance & Auditing with Upwind’s Configurations Dashboard

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Sep 29, 2025

If you’re responsible for cloud security and compliance, you know the drill. Misconfigurations pile up across environments, frameworks keep updating, and leadership wants to see progress – all while your team is already stretched thin. The stakes are high. A single overlooked configuration can lead to major gaps in compliance, or worse, leave sensitive data […]

Harbor Shift Left
Product

Harbor Shift Left: Bringing Runtime Intelligence to Container Security

By Michael Eller

Sep 25, 2025

Picture this: your development team is racing to deploy a critical update, but security scanning brings everything to a halt. The scanner reports 47 vulnerabilities, but which ones actually matter? Which are exploitable in production? And most importantly, should you block the deployment or proceed? This is the daily reality for most DevOps teams. Traditional […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security