Azure Security Center MSP

%3CLINGO-SUB%20id%3D%22lingo-sub-1414522%22%20slang%3D%22en-US%22%3EAzure%20Security%20Center%20MSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1414522%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3EI%20am%20trying%20to%20support%20one%20of%20our%20customers%20by%20monitoring%20his%20Security%20Center%20Alerts%2C%3CBR%20%2F%3EMy%20question%20is%20-%20does%20security%20center%20can%20write%20alerts%20into%20LogAnalytics%20workspace%3F%3CBR%20%2F%3EIf%20so%20is%20it%20the%20%3CSTRONG%3ESecurityAlert%20%3C%2FSTRONG%3Etable%2C%20that%20contains%20the%20alerts%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20second%20question%20is%2C%20does%20the%20security%20center%20is%20always%20based%20on%20LogAnalytics%20workspace%20as%20Azure%20Sentinel%20does%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1414614%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20MSP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1414614%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F579140%22%20target%3D%22_blank%22%3E%40DavidSho%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecurity%20Center%20alerts%20are%20not%20integrated%20to%20Azure%20Log%20Analytics%20by%20default.%20So%2C%20you%20should%20integrate%20both%20to%20analyze%20the%20security%20center%20alerts%20from%20Log%20Analytics.%3C%2FP%3E%3CP%3EFollowing%20article%20help%20you%20to%20setup%20a%20continuous%20export%20of%20security%20center%20alerts%20to%20Log%20Analytics%20and%20to%20analyze%20from%20there.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcontinuous-export%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcontinuous-export%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3EHope%2C%20both%20of%20your%20questions%20are%20answered%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EManu%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,
I am trying to support one of our customers by monitoring his Security Center Alerts,
My question is - does security center can write alerts into LogAnalytics workspace?
If so is it the SecurityAlert table, that contains the alerts?

The second question is, does the security center is always based on LogAnalytics workspace as Azure Sentinel does?

1 Reply

Hello @DavidSho 

Security Center alerts are not integrated to Azure Log Analytics by default. So, you should integrate both to analyze the security center alerts from Log Analytics.

Following article help you to setup a continuous export of security center alerts to Log Analytics and to analyze from there.

 

https://docs.microsoft.com/en-us/azure/security-center/continuous-export

Hope, both of your questions are answered

 

Thanks,

Manu