DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Manage security alerts

Create and customize alerts

  • Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions
  • It can detect events such as:
    • Compromised VMs communicating with known malicious IP addresses
    • Advanced malware detected by Windows error reporting
    • Brute-force attacks against VMs
    • Security alerts from integrated partner security solutions, such as antimalware or web application firewalls
  • When Security Center detects a threat, it creates a security alert
  • Security Center logs individual security alerts and combines individual alerts into incidents
  • An incident is a collection of related individual alerts

Manage security alerts

  • In the Azure portal, the Overview page for Security Center displays an at-a-glance view of your environment 
  • The Detection area of the Overview page displays a graph of your current alerts, colored according to severity level (high, medium, or low)
  • The bottom part of the blade displays details for each alert Alt text of image Alt text of image

Configure a playbook for a security event by using Azure Security Center

  • A security playbook can help automate and orchestrate your response to a specific security alert that Security Center detects
  • Security playbooks in Security Center are based on Azure Logic Apps
  • The Security Center team has set up a GitHub repository with instructions on how to create a security playbook 
  • In Security Center, you can add actions or conditions to an existing playbook

Top comments (0)