Alerts for Azure DDoS Protection

This article lists the security alerts you might get for Azure DDoS Protection from Microsoft Defender for Cloud and any Microsoft Defender plans you enabled. The alerts shown in your environment depend on the resources and services you're protecting, and your customized configuration.

Note

Some of the recently added alerts powered by Microsoft Defender Threat Intelligence and Microsoft Defender for Endpoint might be undocumented.

Learn how to respond to these alerts.

Learn how to export alerts.

Note

Alerts from different sources might take different amounts of time to appear. For example, alerts that require analysis of network traffic might take longer to appear than alerts related to suspicious processes running on virtual machines.

Azure DDoS Protection alerts

Further details and notes

DDoS Attack detected for Public IP

(NETWORK_DDOS_DETECTED)

Description: DDoS Attack detected for Public IP (IP address) and being mitigated.

MITRE tactics: Probing

Severity: High

DDoS Attack mitigated for Public IP

(NETWORK_DDOS_MITIGATED)

Description: DDoS Attack mitigated for Public IP (IP address).

MITRE tactics: Probing

Severity: Low

Note

For alerts that are in preview: The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Next steps