Create A Security Automation for specific Alerts
This template deploys an Azure Security Center Automation which will be triggered by Azure Security alerts which their display name contains a specific string. Automation is an Azure Resource which triggers a Logic App.
Overview and deployed resources
This is an overview of the solution
The following resources are deployed as part of the solution
Microsoft.Logic Resource provider
The Microsoft.Logic Resource provider is used to create an empty triggerable Logic App.
- Logic App: An empty triggerable Logic App.
Microsoft.Security Resource provider
The Microsoft.Security Resource provider (Azure Security Center) is where the Automation which will trigger the logic app will be created.
- Automation: The automation that triggers the empty Logic App upon receiving an Azure Security Center alert that contains a specific string. In our example the alert triggering rule is Virtual Machine and has a severity of either Medium, High, Low.
Prerequisites
Users need to be registered to both Microsoft.Logic and Microsoft.Security resource providers to run this deployment.
Deployment steps
You can select the Deploy to Azure button at the beginning of this document. To learn more about how to deploy the template, see the quickstart article.
Notes
Solution notes
Tags: Security, Security Center, LogicApps, Automations, Microsoft.Security/automations, Microsoft.Logic/workflows, request, object, string