We are happy to announce that Azure Security Center new alerts experience is now generally available!
We improved Azure Security Center alerts experience in the Azure portal and added bunch of new capabilities, to ease investigation and response to Azure Security Center alerts.
What is new in Azure Security Center alerts experience?
MITRE ATT&CK matrix visualization
We are now presenting the kill-chain stage of the detected suspicious activity based on MITRE ATT&CK matrix. Use this information to understand the stage of this suspicious activity in a potential wider attack on your resources.
Prevent future attacks with Azure Security center recommendations
We are now exposing the most relevant Azure Security Center recommendations on the attacked resource. After mitigating a threat, use security recommendations to increase the security posture of your resource, reduce the attack surface, and thus prevent future attacks.
Correlate to a wider attack with Azure Security Center alerts
You can now correlate the security alert with other security alerts on the same resource. Use this new capability during investigation to correlate the alert to a wider attack on the resource by finding other security alert that could be triggered by the same attack.
Investigate the suspicious activity
We added list of data that could help during investigation of a security alert, with relevant information for investigation, including: IP addresses, related processes, user accounts and more.
Understand organizational context and business impact
We are now presenting the Azure resource tags of the attacked resource in the security alert page. Azure resource tags commonly used by Azure customers to tag resources with information such as the organizational context of the resource or the sensitivity of the resource for the organization. This information could be valuable and useful during investigation of a security alert.
We would be happy to hear your feedback on the new alerts experience - by filling the feedback form.