%3CLINGO-SUB%20id%3D%22lingo-sub-1463647%22%20slang%3D%22en-US%22%3EAzure%20Security%20Center%20new%20security%20alerts%20experience%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1463647%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20happy%20to%20announce%20that%20%3CSTRONG%3EAzure%20Security%20Center%20new%20alerts%20experience%20is%20now%20generally%20available!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20improved%20Azure%20Security%20Center%20alerts%20experience%20in%20the%20Azure%20portal%20and%20added%20bunch%20of%20new%20capabilities%2C%20to%20ease%20investigation%20and%20response%20to%20Azure%20Security%20Center%20alerts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ASC%20alert%20-%20alert%20details.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F198861i70D1222311532461%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22ASC%20alert%20-%20alert%20details.png%22%20alt%3D%22ASC%20alert%20-%20alert%20details.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EWhat%20is%20new%20in%20Azure%20Security%20Center%20alerts%20experience%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EMITRE%20ATT%26amp%3BCK%20matrix%20visualization%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20now%20presenting%20the%20kill-chain%20stage%20of%20the%20detected%20suspicious%20activity%20based%20on%20MITRE%20ATT%26amp%3BCK%20matrix.%20Use%20this%20information%20to%20understand%20the%20stage%20of%20this%20suspicious%20activity%20in%20a%20potential%20wider%20attack%20on%20your%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPrevent%20future%20attacks%20with%20Azure%20Security%20center%20recommendations%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20now%20exposing%20the%20most%20relevant%20Azure%20Security%20Center%20recommendations%20on%20the%20attacked%20resource.%20After%20mitigating%20a%20threat%2C%20use%20security%20recommendations%20to%20increase%20the%20security%20posture%20of%20your%20resource%2C%20reduce%20the%20attack%20surface%2C%20and%20thus%20prevent%20future%20attacks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECorrelate%20to%20a%20wider%20attack%20with%20Azure%20Security%20Center%20alerts%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20now%20correlate%20the%20security%20alert%20with%20other%20security%20alerts%20on%20the%20same%20resource.%20Use%20this%20new%20capability%20during%20investigation%20to%20correlate%20the%20alert%20to%20a%20wider%20attack%20on%20the%20resource%20by%20finding%20other%20security%20alert%20that%20could%20be%20triggered%20by%20the%20same%20attack.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EInvestigate%20the%20suspicious%20activity%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20added%20list%20of%20data%20that%20could%20help%20during%20investigation%20of%20a%20security%20alert%2C%20with%20relevant%20information%20for%20investigation%2C%20including%3A%20IP%20addresses%2C%20related%20processes%2C%20user%20accounts%20and%20more.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUnderstand%20organizational%20context%20and%20business%20impact%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20now%20presenting%20the%20Azure%20resource%20tags%20of%20the%20attacked%20resource%20in%20the%20security%20alert%20page.%20Azure%20resource%20tags%20commonly%20used%20by%20Azure%20customers%20to%20tag%20resources%20with%20information%20such%20as%20the%20organizational%20context%20of%20the%20resource%20or%20the%20sensitivity%20of%20the%20resource%20for%20the%20organization.%20This%20information%20could%20be%20valuable%20and%20useful%20during%20investigation%20of%20a%20security%20alert.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ASC%20alert%20-%20take%20action.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F198862iE54BA3C9B1CF4B73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22ASC%20alert%20-%20take%20action.png%22%20alt%3D%22ASC%20alert%20-%20take%20action.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20would%20be%20happy%20to%20hear%20your%20feedback%20on%20the%20new%20alerts%20experience%20-%20by%20filling%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbR8fvQWkmFN9MmyEIFuuJO7FUQTBQMlhZU0k2N05NNklETFFLWDZNSUw3Ti4u%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efeedback%20form%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReferences%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alerts-overview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20alerts%20in%20Azure%20Security%20Center%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-using-recommendations%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20recommendations%20in%20Azure%20Security%20Center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETal%20Rosler%2C%3C%2FP%3E%0A%3CP%3EProduct%20Manager%2C%3C%2FP%3E%0A%3CP%3EAzure%20Security%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1477704%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Security%20Center%20new%20security%20alerts%20experience%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1477704%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20really%20a%20good%20view%20of%20the%20security%20alert%20and%20a%20lot%20much%20better%20when%20compared%20to%20the%20older%20view.%26nbsp%3B%20Intent%20and%20take%20action%20are%20really%20addon%20for%20security%20incident%20analysis.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

We are happy to announce that Azure Security Center new alerts experience is now generally available!

 

We improved Azure Security Center alerts experience in the Azure portal and added bunch of new capabilities, to ease investigation and response to Azure Security Center alerts.

 

ASC alert - alert details.png

 

 

What is new in Azure Security Center alerts experience?

 

MITRE ATT&CK matrix visualization

We are now presenting the kill-chain stage of the detected suspicious activity based on MITRE ATT&CK matrix. Use this information to understand the stage of this suspicious activity in a potential wider attack on your resources.

 

Prevent future attacks with Azure Security center recommendations

We are now exposing the most relevant Azure Security Center recommendations on the attacked resource. After mitigating a threat, use security recommendations to increase the security posture of your resource, reduce the attack surface, and thus prevent future attacks.

 

Correlate to a wider attack with Azure Security Center alerts

You can now correlate the security alert with other security alerts on the same resource. Use this new capability during investigation to correlate the alert to a wider attack on the resource by finding other security alert that could be triggered by the same attack.

 

Investigate the suspicious activity

We added list of data that could help during investigation of a security alert, with relevant information for investigation, including: IP addresses, related processes, user accounts and more.

 

Understand organizational context and business impact

We are now presenting the Azure resource tags of the attacked resource in the security alert page. Azure resource tags commonly used by Azure customers to tag resources with information such as the organizational context of the resource or the sensitivity of the resource for the organization. This information could be valuable and useful during investigation of a security alert.

 

ASC alert - take action.png

 

 

We would be happy to hear your feedback on the new alerts experience - by filling the feedback form.

 

 

References

 

 

Tal Rosler,

Product Manager,

Azure Security Center.

1 Comment
Occasional Contributor

This really a good view of the security alert and a lot much better when compared to the older view.  Intent and take action are really addon for security incident analysis.