What triggers a security alert in Azure Security Center?

Marilee Turscak-MSFT 24,396 Reputation points Microsoft Employee

I have received several security alerts in Azure Security Center. Which activities trigger these alerts?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Security Alerts Overview

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
825 questions
0 comments No comments
{count} votes

Accepted answer
  1. Saurabh Sharma 17,366 Reputation points Microsoft Employee

    Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions like antimalware and firewalls. When threats are detected, a security alert is created. Examples include detection of:
    • Compromised virtual machines communicating with known malicious IP addresses
    • Advanced malware detected using Windows error reporting
    • Brute force attacks against virtual machines
    • Security alerts from integrated partner security solutions such as Anti-Malware or Web Application Firewalls

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Kenu feelit 16 Reputation points


    Azure Security Center is based on 'Security Policies" Security Policies are the ones who create raise the alerts in Security Center.

    The alert depend of the subject of the policy.

    To know more about Azure Security Policies, check out: https://learn.microsoft.com/en-us/azure/security-center/tutorial-security-policy

    1 person found this answer helpful.
    0 comments No comments