Jun 18 2018 12:49 PM
I'm looking for documentation of what kind of action generates an alert.
I've been trying to generate alerts by typing wrong password, forcing the user account to be locked out, but that did not generate an alert.
I already have an integration which are able to read alerts from the security API, but I need to create some 'test' alerts.
Jun 19 2018 12:16 AM
Jun 19 2018 01:56 AM
Hello Frank,
Is MCAS enabled for your tenant ?
@Frank Larsen wrote:
I've found this article which explains which alerts are being triggered: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events ... but would be great if we could create alerts ourselves, so we can test our integration against the security API
Regards,
Rishabh
Jun 19 2018 01:39 PM
No, I haven't enabled MCAS, why?
Jun 19 2018 04:46 PM
SolutionTo trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.
For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.
Jun 20 2018 01:49 AM
Thanks Jason,
Just tried your suggestion, and I can confirm it triggers an alert - just what I needed :)
Jun 19 2018 04:46 PM
SolutionTo trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.
For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.