Some of the alerts coming from Azure Security Center could use additional information

Gary Bushey · ‎Oct 18 2019

At my client's site I am getting alerts from ASC (as well as MCAS, AD Identity Protection, and Azure ATP) and noticed that two of them, "Logon by an unfamiliar principal" and "Logon from an unusual location" don't list the user ID even though if I go into ASC I can see the user ID there. It would make the alerts so much more useful if the user ID was passed along. The IP Addresses are being sent so hopefully it would not be too hard to pass along the user ID.

Note sure if it is possible but it would also be great to have a link back to the original alert. Maybe as a comment?

Gary Bushey · ‎Oct 18 2019

I have spoken with someone from the product team and they will be looking into this :)

Gary Bushey · ‎Oct 31 2019

Looks like it is happening already :) Noticed some MCAS alerts showing user information in the description

Some of the alerts coming from Azure Security Center could use additional information

Some of the alerts coming from Azure Security Center could use additional information

RE: Some of the alerts coming from Azure Security Center could use additional information

RE: Some of the alerts coming from Azure Security Center could use additional information

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Some of the alerts coming from Azure Security Center could use additional information