question

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT asked EdnaSandoval-8248 commented

What triggers a security alert in Azure Security Center?

I have received several security alerts in Azure Security Center. Which activities trigger these alerts?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Security Alerts Overview


azure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaurabhSharma-msft avatar image
1 Vote"
SaurabhSharma-msft answered

Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions like antimalware and firewalls. When threats are detected, a security alert is created. Examples include detection of:
• Compromised virtual machines communicating with known malicious IP addresses
• Advanced malware detected using Windows error reporting
• Brute force attacks against virtual machines
• Security alerts from integrated partner security solutions such as Anti-Malware or Web Application Firewalls

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Kenufeelit-0627 avatar image
1 Vote"
Kenufeelit-0627 answered

Hi,

Azure Security Center is based on 'Security Policies" Security Policies are the ones who create raise the alerts in Security Center.

The alert depend of the subject of the policy.

To know more about Azure Security Policies, check out: https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.