SOLVED
Home

threat alert in azure vm using azure security center

%3CLINGO-SUB%20id%3D%22lingo-sub-326478%22%20slang%3D%22en-US%22%3Ethreat%20alert%20in%20azure%20vm%20using%20azure%20security%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326478%22%20slang%3D%22en-US%22%3E%3CP%3Ehow%20can%20i%20get%20an%20alert%20for%20threat%20detection%20on%20individual%20azure%20vm%20using%20azure%20security%20center.%20like%20if%20any%20brute%20force%20attack%20is%20detected%20by%20azure%20security%20center%2C%20it%20generates%20an%20email%20alert.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-326478%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20alert%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Security%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-328003%22%20slang%3D%22en-US%22%3ERe%3A%20threat%20alert%20in%20azure%20vm%20using%20azure%20security%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328003%22%20slang%3D%22en-US%22%3E%3CP%3EThan%20the%20above%20method%20is%20the%20correct%20method.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-328000%22%20slang%3D%22en-US%22%3ERe%3A%20threat%20alert%20in%20azure%20vm%20using%20azure%20security%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328000%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20get%20email%20alert%20for%20target%20vm%2C%20if%20any%20serious%20threat%20is%20detected%20on%20it.%20In%20security%20policy%20we%20will%20get%20notification%20for%20any%20threat%20on%20any%20vm%20in%20subscription.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-327990%22%20slang%3D%22en-US%22%3ERe%3A%20threat%20alert%20in%20azure%20vm%20using%20azure%20security%20center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-327990%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EI%20am%20not%20sure%20what%20exactly%20you%20want%20to%20do%20but%20Azure%20Security%20Center%20Alerts%20are%20also%20logged%20in%20Activity%20log.%20More%20information%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-managing-and-responding-alerts%23managing-security-alerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-managing-and-responding-alerts%23managing-security-alerts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3Ein%20note%3A%3C%2FP%3E%0A%3CP%3ESecurity%20alerts%20generated%20by%20Security%20Center%20will%20also%20appear%20under%20Azure%20Activity%20Log.%20For%20more%20information%20about%20how%20to%20access%20Azure%20Activity%20Log%2C%20read%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fazure-resource-manager%2Fresource-group-audit%22%20data-linktype%3D%22external%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EView%20activity%20logs%20to%20audit%20actions%20on%20resources%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20send%20the%20alerts%20to%20an%20e-mail%20create%20Azure%20Activity%20log%20alert%20and%20attach%20it%20to%20Action%20group%20that%20has%20the%20e-mail%20signal.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deepak_kumar
Occasional Contributor

how can i get an alert for threat detection on individual azure vm using azure security center. like if any brute force attack is detected by azure security center, it generates an email alert.

 

3 Replies
Solution

Hi,

I am not sure what exactly you want to do but Azure Security Center Alerts are also logged in Activity log. More information here:

https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alert...

in note:

Security alerts generated by Security Center will also appear under Azure Activity Log. For more information about how to access Azure Activity Log, read View activity logs to audit actions on resources.

If you want to send the alerts to an e-mail create Azure Activity log alert and attach it to Action group that has the e-mail signal.

I'm trying to get email alert for target vm, if any serious threat is detected on it. In security policy we will get notification for any threat on any vm in subscription. 

Highlighted

Than the above method is the correct method.