cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to trigger an alert / what generates an alert

Frank Larsen
Copper Contributor

‎Jun 18 2018 12:49 PM

‎Jun 18 2018 12:49 PM

How to trigger an alert / what generates an alert

I'm looking for documentation of what kind of action generates an alert.

I've been trying to generate alerts by typing wrong password, forcing the user account to be locked out, but that did not generate an alert.

 

I already have an integration which are able to read alerts from the security API, but I need to create some 'test' alerts.

3,162 Views
0 Likes
5 Replies
Reply
5 Replies
Frank Larsen

‎Jun 19 2018 12:16 AM

‎Jun 19 2018 12:16 AM

RE: How to trigger an alert / what generates an alert

I've found this article which explains which alerts are being triggered: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events ... but would be great if we could create alerts ourselves, so we can test our integration against the security API
0 Likes
Reply
Rishabh Srivastava

‎Jun 19 2018 01:56 AM

‎Jun 19 2018 01:56 AM

Re: RE: How to trigger an alert / what generates an alert

Hello Frank,

Is MCAS enabled for your tenant ?

@Frank Larsen wrote:
I've found this article which explains which alerts are being triggered: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events ... but would be great if we could create alerts ourselves, so we can test our integration against the security API

 

Regards,

Rishabh

0 Likes
Reply
Frank Larsen

‎Jun 19 2018 01:39 PM

‎Jun 19 2018 01:39 PM

Re: RE: How to trigger an alert / what generates an alert

No, I haven't enabled MCAS, why?

0 Likes
Reply
best response confirmed by Deleted
Jason Wescott

‎Jun 19 2018 04:46 PM

‎Jun 19 2018 04:46 PM

Solution

Re: How to trigger an alert / what generates an alert

To trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.

 

For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.

0 Likes
Reply
Frank Larsen

‎Jun 20 2018 01:49 AM

‎Jun 20 2018 01:49 AM

Re: How to trigger an alert / what generates an alert

Thanks Jason,

 

Just tried your suggestion, and I can confirm it triggers an alert - just what I needed :)

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Deleted
Jason Wescott

‎Jun 19 2018 04:46 PM

‎Jun 19 2018 04:46 PM

Solution

Re: How to trigger an alert / what generates an alert

To trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe.

 

For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address.

View solution in original post

0 Likes
Reply