Create and customize alerts
- Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions
- It can detect events such as:
- Compromised VMs communicating with known malicious IP addresses
- Advanced malware detected by Windows error reporting
- Brute-force attacks against VMs
- Security alerts from integrated partner security solutions, such as antimalware or web application firewalls
- When Security Center detects a threat, it creates a security alert
- Security Center logs individual security alerts and combines individual alerts into incidents
- An incident is a collection of related individual alerts
Manage security alerts
- In the Azure portal, the Overview page for Security Center displays an at-a-glance view of your environment
- The Detection area of the Overview page displays a graph of your current alerts, colored according to severity level (high, medium, or low)
- The bottom part of the blade displays details for each alert
Configure a playbook for a security event by using Azure Security Center
- A security playbook can help automate and orchestrate your response to a specific security alert that Security Center detects
- Security playbooks in Security Center are based on Azure Logic Apps
- The Security Center team has set up a GitHub repository with instructions on how to create a security playbook
- In Security Center, you can add actions or conditions to an existing playbook
Top comments (0)