Defender for Cloud Security alerts.

Vitalii Liashuk 150 Reputation points


Can I manage(change) security alerts in DfC? For example, I have security alert "Login from an unusual location" with medium severity. Can I change the severity to low for the future alerts?

Also I received following alert - "Possible incoming SMTP brute force attempts detected". I see only main entities on the alert page but I want see more information. For example raw logs in Log Analytics. Is it possible?

Thank you!

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
984 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,256 Reputation points Microsoft Employee

    Agreed. You cannot change future incidents (easily) within MDFC. The same can be said for other solutions like MDE and MDI. If you forward these alerts to Sentinel, you can use an Automation Rules or Playbooks to revise an incident. You could also use a workflow automation (logic app) inside of MDFC to change incident severity levels.

    If you want to enrich the incident with more information, then you really need to do that in Sentinel. Enriching incidents using automation to add comments is a common automated response in Sentinel.