Forum Discussion
Automation rule based on a specific Security Alert
Dear Community, is it possible to apply automation rules on particular Security Alerts? I have created an automation flow that disable a compromised User on Azure AD / onPrem AD and send a mail ...
Yes, we can apply automation rules based on specific Security Alerts in Azure Security Center (ASC).
- Create a new automation rule
- Choose the alert type (e.g. "User compromised in AiTM phishing attack")
- Select the action (e.g. disable user, send email to Helpdesk)
ASC will then automatically trigger the action when the alert occurs.
Document Reference: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/Microsoft.AzureSecurityCenter?tab=Overview