Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Azure Security Center new security alerts experience

tal_rosler's avatar
tal_rosler
Icon for Microsoft rankMicrosoft
Jun 15, 2020

We are happy to announce that Azure Security Center new alerts experience is now generally available!

 

We improved Azure Security Center alerts experience in the Azure portal and added bunch of new capabilities, to ease investigation and response to Azure Security Center alerts.

 

 

 

What is new in Azure Security Center alerts experience?

 

MITRE ATT&CK matrix visualization

We are now presenting the kill-chain stage of the detected suspicious activity based on MITRE ATT&CK matrix. Use this information to understand the stage of this suspicious activity in a potential wider attack on your resources.

 

Prevent future attacks with Azure Security center recommendations

We are now exposing the most relevant Azure Security Center recommendations on the attacked resource. After mitigating a threat, use security recommendations to increase the security posture of your resource, reduce the attack surface, and thus prevent future attacks.

 

Correlate to a wider attack with Azure Security Center alerts

You can now correlate the security alert with other security alerts on the same resource. Use this new capability during investigation to correlate the alert to a wider attack on the resource by finding other security alert that could be triggered by the same attack.

 

Investigate the suspicious activity

We added list of data that could help during investigation of a security alert, with relevant information for investigation, including: IP addresses, related processes, user accounts and more.

 

Understand organizational context and business impact

We are now presenting the Azure resource tags of the attacked resource in the security alert page. Azure resource tags commonly used by Azure customers to tag resources with information such as the organizational context of the resource or the sensitivity of the resource for the organization. This information could be valuable and useful during investigation of a security alert.

 

 

 

We would be happy to hear your feedback on the new alerts experience - by filling the feedback form.

 

 

References

 

 

Tal Rosler,

Product Manager,

Azure Security Center.

Updated Jun 15, 2020
Version 1.0
tal_rosler's avatar
Icon for Microsoft rankMicrosoft
Joined August 05, 2019
View Profile
Microsoft Defender for Cloud Blog
Microsoft Defender for Cloud is a cloud-native application platform (CNAPP) that offers security and compliance from code to runtime, enhanced by AI, for hybrid and multicloud environments.

2 Comments

  • HumayunKhan's avatar
    HumayunKhan
    Copper Contributor
    Oct 21, 2021

    How do you enable it. I cannot see the MITRE version of it by default?

  • Pavan_Gelli1910's avatar
    Pavan_Gelli1910
    Brass Contributor
    Jun 19, 2020

    This really a good view of the security alert and a lot much better when compared to the older view.  Intent and take action are really addon for security incident analysis.