Forum Discussion
Azure Security Center and MCAS
We would like to underrated if alerts in Azure Security Center and MCAS are related. For example MCAS alert: Impossible travel activity and Azure Unfamiliar sign-in properties or Atypical travel. The issue for us is to monitor both environments for these same activities. There is more examples I can add but first, we need to understand if we can concentrate on MCAS only and do not lose any visibility.
3 Replies
- It depends on the alerts, MCAS integrates with AAD Identity Protection to provide a consistent monitoring of impossible travel, see https://docs.microsoft.com/en-us/cloud-app-security/aadip-integration and with Azure ATP to monitor unexpected user behavior on your networks, see https://docs.microsoft.com/en-us/cloud-app-security/aatp-integration
. ASC monitors a lot of events from your azure subscriptions that are not shown in MCAS, . You can use Azure Sentinel to monitor MCAS and ASC in one place. see https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel to get started or get my colleagues book https://www.amazon.com/dp/B0859C7L1G/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1 GaryBusheyDean_GrossThanks but this is not the answer I'm looking for.
milchl sorry about that, not sure what answer you are looking for, but this may be helpful https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents/
