Forum Discussion

Frank Larsen's avatar
Frank Larsen
Copper Contributor
Jun 18, 2018
Solved

How to trigger an alert / what generates an alert

I'm looking for documentation of what kind of action generates an alert.

I've been trying to generate alerts by typing wrong password, forcing the user account to be locked out, but that did not generate an alert.

 

I already have an integration which are able to read alerts from the security API, but I need to create some 'test' alerts.

  • Jason_Wescott's avatar
    Jason_Wescott
    Jun 19, 2018

    To trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.

     

    For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.

5 Replies

  • Jason_Wescott's avatar
    Jason_Wescott
    Brass Contributor
    Jun 19, 2018

    To trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.

     

    For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.

    • Frank Larsen's avatar
      Frank Larsen
      Copper Contributor
      Jun 20, 2018

      Thanks Jason,

       

      Just tried your suggestion, and I can confirm it triggers an alert - just what I needed :-)

  • Frank Larsen's avatar
    Frank Larsen
    Copper Contributor
    Jun 19, 2018
    I've found this article which explains which alerts are being triggered: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events ... but would be great if we could create alerts ourselves, so we can test our integration against the security API
    • Rishabh Srivastava's avatar
      Rishabh Srivastava
      Iron Contributor
      Jun 19, 2018

      Hello Frank,

      Is MCAS enabled for your tenant ?

      Frank Larsen wrote:
      I've found this article which explains which alerts are being triggered: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events ... but would be great if we could create alerts ourselves, so we can test our integration against the security API

       

      Regards,

      Rishabh

Resources