ASC Alert Connector

%3CLINGO-SUB%20id%3D%22lingo-sub-1409358%22%20slang%3D%22en-US%22%3EASC%20Alert%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1409358%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20the%20Azure%20Security%20Center%20connector%20enabled%20to%20receive%20the%20alerts%20and%20it%20shows%20that%20the%20connector%20is%20enabled.%20However%2C%20the%20datatype%20SecurityAlert%20(ASC)%20is%20showing%20as%20disconnected%20and%20we%20have%20not%20received%20any%20logs.%20The%20Analytic%20rule%20for%20ASC%20is%20also%20created%20and%20enabled.%20There%20is%20a%20security%20alert%2C%20so%20it%20should%20appear%20in%20the%20SecurityAlert%20schema%20but%20there's%20nothing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20we%20missing%20a%20step%20here%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1455702%22%20slang%3D%22en-US%22%3ERe%3A%20ASC%20Alert%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1455702%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F418279%22%20target%3D%22_blank%22%3E%40leoszalkowski%3C%2FA%3E%26nbsp%3B%3A%20I%20was%20not%20able%20to%20identify%20a%20missing%20step%20from%20your%20description.%20I%20think%20the%20best%20route%20is%20a%20support%20ticket.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

We have the Azure Security Center connector enabled to receive the alerts and it shows that the connector is enabled. However, the datatype SecurityAlert (ASC) is showing as disconnected and we have not received any logs. The Analytic rule for ASC is also created and enabled. There is a security alert, so it should appear in the SecurityAlert schema but there's nothing.

 

Are we missing a step here?

1 Reply
Highlighted

@leoszalkowski : I was not able to identify a missing step from your description. I think the best route is a support ticket.