SOLVED

Cloud Smart Alert Correlation Engine

%3CLINGO-SUB%20id%3D%22lingo-sub-1130815%22%20slang%3D%22en-US%22%3ECloud%20Smart%20Alert%20Correlation%20Engine%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1130815%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20it%20be%20possible%20to%20have%20more%20information%20about%20this%20feature%3F%3CBR%20%2F%3EI%20see%20that%20there%20is%20a%20page%20on%20the%20documentation%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alerts-cloud-smart%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alerts-cloud-smart%3C%2FA%3E%26nbsp%3Bbut%20I%20would%20like%20further%20information.%3C%2FP%3E%3CUL%3E%3CLI%3EAre%20those%20incidents%20automatically%20sent%20towards%20the%20mail%20specified%20within%20the%20Azure%20Security%20Center%20settings%3F%3C%2FLI%3E%3CLI%3EAre%20those%20incidents%20logs%20within%20a%20specific%20table%20in%20a%20Log%20Analytics%20workspace%20table%3F%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThe%20main%20%22Why%20%3F%22%20I'm%20asking%20those%20questions%20is%20that%20we%20would%20be%20sure%2C%20within%20our%20customers%2C%20that%20they%20correctly%20receive%20via%20mail%2C%20log%20analytics%20alerts%2C%20...%2C%20without%20to%20having%20a%20look%20at%20the%20dashboard%20of%20Azure%20Security%20Center.%3CBR%20%2F%3E%3CBR%20%2F%3EKind%20Regards%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1142862%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20Smart%20Alert%20Correlation%20Engine%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1142862%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308071%22%20target%3D%22_blank%22%3E%40thomasdefise%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3E1)%20Incidents%20with%20high%20severity%20are%20automatically%20sent%26nbsp%3B%20to%20the%20security%20contacts%20specified%20in%20ASC%20settings%20(the%20same%20as%20alerts).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2)%20Incidents%20logs%20to%20the%20same%20table%20as%20the%20alerts%20in%20log%20analytics.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3ETal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1143031%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20Smart%20Alert%20Correlation%20Engine%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1143031%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387263%22%20target%3D%22_blank%22%3E%40tal_rosler%3C%2FA%3E%3CBR%20%2F%3EThanks%20for%20the%20information%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

Would it be possible to have more information about this feature?
I see that there is a page on the documentation https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-cloud-smart but I would like further information.

  • Are those incidents automatically sent towards the mail specified within the Azure Security Center settings?
  • Are those incidents logs within a specific table in a Log Analytics workspace table?

The main "Why ?" I'm asking those questions is that we would be sure, within our customers, that they correctly receive via mail, log analytics alerts, ..., without to having a look at the dashboard of Azure Security Center.

Kind Regards,

Thomas

2 Replies
Highlighted
Solution

@thomasdefise 

Hi,

1) Incidents with high severity are automatically sent  to the security contacts specified in ASC settings (the same as alerts).

 

2) Incidents logs to the same table as the alerts in log analytics.

 

Thanks,

Tal.

Highlighted
@tal_rosler
Thanks for the information