New Alerts in Azure Security Center
As new attacks are discovered and validated, new security alerts will be created in Azure Security Center. This is an ongoing process, which is part of the "Detection Factory", explained below:
Yesterday we updated theĀ Security alerts by type in Azure Security Center article to include the following new virtual machine behavioral analysis type of alerts:
- Local Administrators group members were enumerated
- Anomalous mix of upper and lower case characters
- Suspected Kerberos Golden Ticket attack
- Suspicious account created
- Suspicious Firewall rule created
- Suspicious combination of HTA and PowerShell
Go check it out, and stay safe!