Defender for Cloud Security alerts.

Vitalii Liashuk 160 Reputation points
2023-08-31T14:20:41.27+00:00

Hi,

Can I manage(change) security alerts in DfC? For example, I have security alert "Login from an unusual location" with medium severity. Can I change the severity to low for the future alerts?

Also I received following alert - "Possible incoming SMTP brute force attempts detected". I see only main entities on the alert page but I want see more information. For example raw logs in Log Analytics. Is it possible?

Thank you!

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,411 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,861 Reputation points Microsoft Employee
    2023-09-01T12:12:55.79+00:00

    Agreed. You cannot change future incidents (easily) within MDFC. The same can be said for other solutions like MDE and MDI. If you forward these alerts to Sentinel, you can use an Automation Rules or Playbooks to revise an incident. You could also use a workflow automation (logic app) inside of MDFC to change incident severity levels.

    If you want to enrich the incident with more information, then you really need to do that in Sentinel. Enriching incidents using automation to add comments is a common automated response in Sentinel.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.