Alerts for Azure DDoS Protection
This article lists the security alerts you might get for Azure DDoS Protection from Microsoft Defender for Cloud and any Microsoft Defender plans you enabled. The alerts shown in your environment depend on the resources and services you're protecting, and your customized configuration.
Note
Some of the recently added alerts powered by Microsoft Defender Threat Intelligence and Microsoft Defender for Endpoint might be undocumented.
Learn how to respond to these alerts.
Note
Alerts from different sources might take different amounts of time to appear. For example, alerts that require analysis of network traffic might take longer to appear than alerts related to suspicious processes running on virtual machines.
Azure DDoS Protection alerts
DDoS Attack detected for Public IP
(NETWORK_DDOS_DETECTED)
Description: DDoS Attack detected for Public IP (IP address) and being mitigated.
MITRE tactics: Probing
Severity: High
DDoS Attack mitigated for Public IP
(NETWORK_DDOS_MITIGATED)
Description: DDoS Attack mitigated for Public IP (IP address).
MITRE tactics: Probing
Severity: Low
Note
For alerts that are in preview: The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.