What triggers a security alert in Azure Security Center?

Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
2020-05-06T21:29:36.007+00:00

I have received several security alerts in Azure Security Center. Which activities trigger these alerts?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Security Alerts Overview

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,192 questions
0 comments
Accepted answer
  1. Saurabh Sharma 23,671 Reputation points Microsoft Employee
    2020-05-06T21:45:46.853+00:00

    Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions like antimalware and firewalls. When threats are detected, a security alert is created. Examples include detection of:
    • Compromised virtual machines communicating with known malicious IP addresses
    • Advanced malware detected using Windows error reporting
    • Brute force attacks against virtual machines
    • Security alerts from integrated partner security solutions such as Anti-Malware or Web Application Firewalls

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ken Golitin 21 Reputation points
    2020-07-09T08:20:52.167+00:00

    Hi,

    Azure Security Center is based on 'Security Policies" Security Policies are the ones who create raise the alerts in Security Center.

    The alert depend of the subject of the policy.

    To know more about Azure Security Policies, check out: https://learn.microsoft.com/en-us/azure/security-center/tutorial-security-policy

    1 person found this answer helpful.
    0 comments